[ https://issues.apache.org/jira/browse/DIRSTUDIO-1287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17492553#comment-17492553 ]
Rodrigo Messias Barros edited comment on DIRSTUDIO-1287 at 2/15/22, 11:38 AM: ------------------------------------------------------------------------------ I make a comment in this [issue|https://issues.apache.org/jira/browse/DIRSTUDIO-1289?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&focusedCommentId=17413125#comment-17413125]. I think posting here is more appropriate. We are experiencing the same issue when trying to login with Apache Studio Version: 2.0.0.v20210717-M17 and JDK 11 in our central LDAP configured to use TLSv1.3. If we decrease to TLSv1.2 the connection is performed normally. The error under M7/JDK11/TLSv1.3 is as follows: {code:java} Error while opening connection - ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found. org.apache.directory.studio.connection.core.io.StudioLdapException: ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found. at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.toStudioLdapException(DirectoryApiConnectionWrapper.java:1350) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$2(DirectoryApiConnectionWrapper.java:1342) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:483) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1261) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:488) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:323) at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) Caused by: org.apache.directory.api.ldap.model.exception.LdapException: ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found. at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1578) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bindSimple(DirectoryApiConnectionWrapper.java:339) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$5(DirectoryApiConnectionWrapper.java:333) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:395) ... 6 more Caused by: org.apache.directory.api.ldap.model.exception.LdapException: ERR_04170_TIMEOUT_OCCURED TimeOut occurred at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1549) ... 9 more ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found. {code} In previous versions of Apache Studio that required JDK 8, this did not happen, even when enabling the TLSv1.3 protocol. was (Author: JIRAUSER285241): I make a comment in this issue. I think posting here is more appropriate. We are experiencing the same issue when trying to login with Apache Studio Version: 2.0.0.v20210717-M17 and JDK 11 in our central LDAP configured to use TLSv1.3. If we decrease to TLSv1.2 the connection is performed normally. The error under M7/JDK11/TLSv1.3 is as follows: {code:java} Error while opening connection - ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found. org.apache.directory.studio.connection.core.io.StudioLdapException: ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found. at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.toStudioLdapException(DirectoryApiConnectionWrapper.java:1350) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$2(DirectoryApiConnectionWrapper.java:1342) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:483) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1261) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:488) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:323) at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) Caused by: org.apache.directory.api.ldap.model.exception.LdapException: ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found. at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1578) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bindSimple(DirectoryApiConnectionWrapper.java:339) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$5(DirectoryApiConnectionWrapper.java:333) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:395) ... 6 more Caused by: org.apache.directory.api.ldap.model.exception.LdapException: ERR_04170_TIMEOUT_OCCURED TimeOut occurred at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1549) ... 9 more ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found. {code} In previous versions of Apache Studio that required JDK 8, this did not happen, even when enabling the TLSv1.3 protocol. > Error connecting to LDAPS server > -------------------------------- > > Key: DIRSTUDIO-1287 > URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1287 > Project: Directory Studio > Issue Type: Bug > Affects Versions: 2.0.0-M17 > Reporter: Robin > Priority: Major > > In trying to connect to an LDAP server via TLS I have run into what I believe > to be a bug. > The LDAP server is the built-in one on a Synology NAS with a valid > certificate installed. > I am able to successfully bind to it using LDAPS on port 636 using > javax.naming: > {code:java} > Hashtable<String, String> env = new Hashtable<String, String>(); > env.put(Context.INITIAL_CONTEXT_FACTORY, > "com.sun.jndi.ldap.LdapCtxFactory"); > env.put(Context.PROVIDER_URL, ldapUrl); > env.put(Context.SECURITY_AUTHENTICATION, authentication); > env.put(Context.SECURITY_PRINCIPAL, bindDN); > env.put(Context.SECURITY_CREDENTIALS, password); > return new InitialLdapContext (env, null); > {code} > However, when trying to connect using Apache Directory Studio I keep getting > an error: > The authentication failed ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue > has been emptied, no response was found. > I started Directory Studio with -Djavax.net.debug=all to see what happens and > this is what I found: > * There's a bunch of logging which eventually ends with this line: > {code:java} > javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:20.548 > BST|SSLSessionImpl.java:242|Session initialized: > Session(1629363140485|TLS_AES_128_GCM_SHA256){code} > * It then idles for a while after which this happens: > {code:java} > javax.net.ssl|ALL|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 > BST|SSLEngineImpl.java:752|Closing outbound of SSLEngine > javax.net.ssl|WARNING|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 > BST|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound > application data > javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 > BST|SSLEngineOutputRecord.java:505|WRITE: TLS13 alert, length = 2 > javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 > BST|SSLCipher.java:2036|Plaintext before ENCRYPTION ( > 0000: 01 00 15 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 0010: 00 00 00 ... > ) > javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 > BST|SSLEngineOutputRecord.java:523|Raw write ( > 0000: 17 03 03 00 23 00 65 A2 9A C7 DD 2C 23 8D 18 75 ....#.e....,#..u > 0010: 98 7F 17 DD 3B 01 61 36 C8 83 9A E1 0D 41 B0 00 ....;.a6.....A.. > 0020: 07 8D 20 48 EB 1E 31 7B .. H..1. > ) > javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.513 > BST|SSLEngineImpl.java:724|Closing inbound of SSLEngine > javax.net.ssl|ERROR|34|NioProcessor-5|2021-08-19 09:52:50.514 > BST|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before > receiving peer's close_notify ( > "throwable" : { > javax.net.ssl.SSLException: closing inbound before receiving peer's > close_notify > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:283) > at > java.base/sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:733) > at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:209) > at > org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:485) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:49) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:1092) > at > org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:98) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:599) > at > org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:251) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeNow(AbstractPollingIoProcessor.java:1142) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeSessions(AbstractPollingIoProcessor.java:864) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:694) > at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > at > java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) > at > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > at java.base/java.lang.Thread.run(Thread.java:834)} > ) > javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 > BST|SSLSessionImpl.java:784|Invalidated session: > Session(1629363140485|TLS_AES_128_GCM_SHA256) > javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 > BST|SSLSessionImpl.java:784|Invalidated session: > Session(1629363140485|TLS_AES_128_GCM_SHA256) > javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 > BST|SSLSessionImpl.java:784|Invalidated session: > Session(1629363140485|TLS_AES_128_GCM_SHA256) > {code} > * I am then shown the QUEUE_EMPTIED error > Things I've tried: > # Connecting to port 389 without TLS - this works > # Upgrading to OpenJDK 16.0.2 - no difference > # Restarting the client & server - no difference > I am running Apache Directory Studio Version: 2.0.0.v20210717-M17 on MacOS > 11.5 and have also tried on Fedora 33 with Java 11 with the exact same result -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org