[jira] [Commented] (DIRMINA-1144) Deadlock with SSL + Proxy

Mon, 22 Nov 2021 16:26:22 -0800 


    [ 
https://issues.apache.org/jira/browse/DIRMINA-1144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17447708#comment-17447708
 ] 

Jonathan Valliere commented on DIRMINA-1144:
--------------------------------------------

{quote}In 
[https://github.com/quickfix-j/quickfixj/blob/8bee941f9d6b8b01e5231572dad3a9be4e7ea748/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java#L512]
 we now get an SSLPeerUnverifiedException which wasn't thrown before.
{quote}
I think you're trying to use a self-signed cert without overriding the 
{{{}TrustManager{}}}.  An SSL implementation should NEVER trust self-signed 
certs by default.  If you are running a server try setting {{NeedClientAuth}} 
and {{WantClientAuth}} to {{{}false{}}}.
{quote}In other tests we are expecting an Exception but there is none thrown 
anymore. E.g 
[https://github.com/quickfix-j/quickfixj/blob/8bee941f9d6b8b01e5231572dad3a9be4e7ea748/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java#L365]
We are trying to get the Exception via a filter as can be seen here: 
[https://github.com/quickfix-j/quickfixj/blob/8bee941f9d6b8b01e5231572dad3a9be4e7ea748/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java#L456]
This does not seem to be triggered anymore. I've noticed that the old SslFilter 
has an exceptionCaught method: 
[https://github.com/apache/mina/blob/ff39f496b746b780e4637d8e940cbfae2cdd3809/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L577]
 but even if the new filter had no such method it shouldn't prevent exceptions 
from being propagated, right?
{quote}
SSLFilter extends IoFIlterAdapter which includes the standard exception handler 
and calls nextFilter.exceptionCaught.  I don't know why this isn't working for 
you.

Email me directly and we can schedule a time to debug on Skype.

> Deadlock with SSL + Proxy
> -------------------------
>
>                 Key: DIRMINA-1144
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-1144
>             Project: MINA
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 2.1.3, 2.1.4
>            Reporter: Giuseppe Persico
>            Assignee: Jonathan Valliere
>            Priority: Critical
>             Fix For: 2.2.0
>
>         Attachments: thread-dump-clean.txt
>
>
> You will find the thread dump attached. This seems to be a problem that 
> occurs using SSL in combination with proxy. I found the problem in the 2.1.4 
> and 2.1.3 versions. The 2.0.20, instead, seems to work,



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to