[jira] [Commented] (PROTON-2643) SSL connection hanging

Thu, 24 Nov 2022 10:33:14 -0800 


    [ 
https://issues.apache.org/jira/browse/PROTON-2643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17638387#comment-17638387
 ] 

ASF subversion and git services commented on PROTON-2643:
---------------------------------------------------------

Commit c9d8caa07a229f3d255159316fa55441ff638752 in qpid-proton's branch 
refs/heads/main from Clifford Jansen
[ https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=c9d8caa07 ]

PROTON-2643: C ssl driver - avoid hang in handshake in older versions of OpenSSL


> SSL connection hanging
> ----------------------
>
>                 Key: PROTON-2643
>                 URL: https://issues.apache.org/jira/browse/PROTON-2643
>             Project: Qpid Proton
>          Issue Type: Bug
>    Affects Versions: proton-c-0.37.0
>         Environment: Qpid-proton 0.37 with epoll proactor and openssl 1.0.2k 
> running on centos7
>            Reporter: Fredrik Hallenberg
>            Priority: Major
>         Attachments: ssl-issue-3.zip
>
>
> With a CA bundle of a certain size the SSL/TLS connection process hangs. This 
> is 100% repeatable. The process stops before reaching verification callback, 
> it seems there is an issue with reading from the BIO sockets. I can only 
> repeat it with certain CA bundles, it seems they have to contain >100 
> certificates but I have not found an obvious pattern. It does happen with my 
> current system bundle (/etc/ssl/certs/ca-bundle.crt). 
> I enclose an example with appropriate keys and bundles, the code is based on 
> the cpp ssl example in the proton release. See the readme file on how to run 
> it. Basically it will build a proton server from the example code and connect 
> to it using openssl s_client. There is a good and a bad bundle included. The 
> good one has a few less certificates than the big one but is otherwise the 
> same. If using the bad bundle the connection process will stop after a few 
> ssl read/writes. With the good bundle it proceeds as expected.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to