Uploaded image for project: 'HttpComponents HttpCore'
  1. HttpComponents HttpCore
  2. HTTPCORE-319

SSLIOSession goes into a loop if the server rejects an invalid certificate

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 4.2.2
    • 4.2.4, 4.3-beta1
    • HttpCore NIO
    • None

    Description

      To reproduce:

      • Set up an SSL server that requests certificates from the client.
      • Set up a client with an expired SSL certificate.
      • Establish a connection from the client to the server using BaseNIOReactor and SSLIOSession.

      The server will proceed through the handshake until the client supplies its certificate in response to the CertificateRequest message. At this point, the server's certificate verification will fail and it will close the connection.

      The client socket will become readable due to the EOF and the SSLIOSession.isAppInputReady() method is called to handle the EOF. The bytesRead gets set to -1, which sets this.endOfStream = true. Nothing ever sets the session into the CLOSING or CLOSED state, so it keeps looping on the readable EOF event.

      I'm not sure what the best approach to fixing this should be. It appears that if I close the session manually with the debugger from inside isAppInputReady, the system proceeds normally from that point, however I don't know what the implications of doing that might be.

      Attachments

        1. log
          6 kB
          Scott Stanton
        2. bug.log
          7 kB
          Scott Stanton

        Issue Links

          Activity

            People

              olegk Oleg Kalnichevski
              stanton Scott Stanton
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: