[
https://issues.apache.org/jira/browse/DIRSTUDIO-1287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17492553#comment-17492553
]
Rodrigo Messias Barros edited comment on DIRSTUDIO-1287 at 2/15/22, 11:38 AM:
------------------------------------------------------------------------------
I make a comment in this
[issue|https://issues.apache.org/jira/browse/DIRSTUDIO-1289?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&focusedCommentId=17413125#comment-17413125].
I think posting here is more appropriate.
We are experiencing the same issue when trying to login with Apache Studio
Version: 2.0.0.v20210717-M17 and JDK 11 in our central LDAP configured to use
TLSv1.3. If we decrease to TLSv1.2 the connection is performed normally. The
error under M7/JDK11/TLSv1.3 is as follows:
{code:java}
Error while opening connection
- ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no
response was found.
org.apache.directory.studio.connection.core.io.StudioLdapException:
ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no
response was found.
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.toStudioLdapException(DirectoryApiConnectionWrapper.java:1350)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$2(DirectoryApiConnectionWrapper.java:1342)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:483)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1261)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:488)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:323)
at
org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
at
org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: org.apache.directory.api.ldap.model.exception.LdapException:
ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no
response was found.
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1578)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bindSimple(DirectoryApiConnectionWrapper.java:339)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$5(DirectoryApiConnectionWrapper.java:333)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:395)
... 6 more
Caused by: org.apache.directory.api.ldap.model.exception.LdapException:
ERR_04170_TIMEOUT_OCCURED TimeOut occurred
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1549)
... 9 more
ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no
response was found.
{code}
In previous versions of Apache Studio that required JDK 8, this did not happen,
even when enabling the TLSv1.3 protocol.
was (Author: JIRAUSER285241):
I make a comment in this issue.
I think posting here is more appropriate.
We are experiencing the same issue when trying to login with Apache Studio
Version: 2.0.0.v20210717-M17 and JDK 11 in our central LDAP configured to use
TLSv1.3. If we decrease to TLSv1.2 the connection is performed normally. The
error under M7/JDK11/TLSv1.3 is as follows:
{code:java}
Error while opening connection
- ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no
response was found.
org.apache.directory.studio.connection.core.io.StudioLdapException:
ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no
response was found.
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.toStudioLdapException(DirectoryApiConnectionWrapper.java:1350)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$2(DirectoryApiConnectionWrapper.java:1342)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:483)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1261)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:488)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:323)
at
org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
at
org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: org.apache.directory.api.ldap.model.exception.LdapException:
ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no
response was found.
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1578)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bindSimple(DirectoryApiConnectionWrapper.java:339)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$5(DirectoryApiConnectionWrapper.java:333)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:395)
... 6 more
Caused by: org.apache.directory.api.ldap.model.exception.LdapException:
ERR_04170_TIMEOUT_OCCURED TimeOut occurred
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1549)
... 9 more
ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no
response was found.
{code}
In previous versions of Apache Studio that required JDK 8, this did not happen,
even when enabling the TLSv1.3 protocol.
> Error connecting to LDAPS server
> --------------------------------
>
> Key: DIRSTUDIO-1287
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1287
> Project: Directory Studio
> Issue Type: Bug
> Affects Versions: 2.0.0-M17
> Reporter: Robin
> Priority: Major
>
> In trying to connect to an LDAP server via TLS I have run into what I believe
> to be a bug.
> The LDAP server is the built-in one on a Synology NAS with a valid
> certificate installed.
> I am able to successfully bind to it using LDAPS on port 636 using
> javax.naming:
> {code:java}
> Hashtable<String, String> env = new Hashtable<String, String>();
> env.put(Context.INITIAL_CONTEXT_FACTORY,
> "com.sun.jndi.ldap.LdapCtxFactory");
> env.put(Context.PROVIDER_URL, ldapUrl);
> env.put(Context.SECURITY_AUTHENTICATION, authentication);
> env.put(Context.SECURITY_PRINCIPAL, bindDN);
> env.put(Context.SECURITY_CREDENTIALS, password);
> return new InitialLdapContext (env, null);
> {code}
> However, when trying to connect using Apache Directory Studio I keep getting
> an error:
> The authentication failed ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue
> has been emptied, no response was found.
> I started Directory Studio with -Djavax.net.debug=all to see what happens and
> this is what I found:
> * There's a bunch of logging which eventually ends with this line:
> {code:java}
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:20.548
> BST|SSLSessionImpl.java:242|Session initialized:
> Session(1629363140485|TLS_AES_128_GCM_SHA256){code}
> * It then idles for a while after which this happens:
> {code:java}
> javax.net.ssl|ALL|32|Worker-4: Open Connection|2021-08-19 09:52:50.512
> BST|SSLEngineImpl.java:752|Closing outbound of SSLEngine
> javax.net.ssl|WARNING|32|Worker-4: Open Connection|2021-08-19 09:52:50.512
> BST|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound
> application data
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512
> BST|SSLEngineOutputRecord.java:505|WRITE: TLS13 alert, length = 2
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512
> BST|SSLCipher.java:2036|Plaintext before ENCRYPTION (
> 0000: 01 00 15 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 0010: 00 00 00 ...
> )
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512
> BST|SSLEngineOutputRecord.java:523|Raw write (
> 0000: 17 03 03 00 23 00 65 A2 9A C7 DD 2C 23 8D 18 75 ....#.e....,#..u
> 0010: 98 7F 17 DD 3B 01 61 36 C8 83 9A E1 0D 41 B0 00 ....;.a6.....A..
> 0020: 07 8D 20 48 EB 1E 31 7B .. H..1.
> )
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.513
> BST|SSLEngineImpl.java:724|Closing inbound of SSLEngine
> javax.net.ssl|ERROR|34|NioProcessor-5|2021-08-19 09:52:50.514
> BST|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before
> receiving peer's close_notify (
> "throwable" : {
> javax.net.ssl.SSLException: closing inbound before receiving peer's
> close_notify
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:283)
> at
> java.base/sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:733)
> at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:209)
> at
> org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:485)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:49)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:1092)
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:98)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:599)
> at
> org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:251)
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeNow(AbstractPollingIoProcessor.java:1142)
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeSessions(AbstractPollingIoProcessor.java:864)
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:694)
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:834)}
> )
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514
> BST|SSLSessionImpl.java:784|Invalidated session:
> Session(1629363140485|TLS_AES_128_GCM_SHA256)
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514
> BST|SSLSessionImpl.java:784|Invalidated session:
> Session(1629363140485|TLS_AES_128_GCM_SHA256)
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514
> BST|SSLSessionImpl.java:784|Invalidated session:
> Session(1629363140485|TLS_AES_128_GCM_SHA256)
> {code}
> * I am then shown the QUEUE_EMPTIED error
> Things I've tried:
> # Connecting to port 389 without TLS - this works
> # Upgrading to OpenJDK 16.0.2 - no difference
> # Restarting the client & server - no difference
> I am running Apache Directory Studio Version: 2.0.0.v20210717-M17 on MacOS
> 11.5 and have also tried on Fedora 33 with Java 11 with the exact same result
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
