[jira] [Commented] (DIRSTUDIO-1287) Error connecting to LDAPS server

[Jira]

    [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18046355#comment-18046355
 ] 

Emmanuel Lécharny commented on DIRSTUDIO-1287:
----------------------------------------------

As you may have checked, the fix in MINA was applied a few weeks ago. The next 
step is to cut an LDAP API release, something I'm working on (it's a bit heavy 
as I'm currently removing all the antlr grammars in it so that we can build teh 
LDAP API with a recent version of Java. There arz 6 antlr grammars, 4 have 
already been removed, the fifth one is almost done, and the sixth one is the 
more complex).
Then when done, we have to cut a release of the Apache Directory Server (which 
depends on the LDAP API and MINA).

Just because Studio depends on both the serve rand the api.

Only then will we be able to cut the long expected Studio release.

In the mean time, I suggest you use Studio M16 which works well (but wit TLS 
1.2).

> Error connecting to LDAPS server
> --------------------------------
>
>                 Key: DIRSTUDIO-1287
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1287
>             Project: Directory Studio
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M17
>            Reporter: Robin
>            Priority: Major
>             Fix For: 2.0.0-M18
>
>
> In trying to connect to an LDAP server via TLS I have run into what I believe 
> to be a bug.
> The LDAP server is the built-in one on a Synology NAS with a valid 
> certificate installed.
>  I am able to successfully bind to it using LDAPS on port 636 using 
> javax.naming:
> {code:java}
> Hashtable<String, String> env = new Hashtable<String, String>();
>               env.put(Context.INITIAL_CONTEXT_FACTORY, 
> "com.sun.jndi.ldap.LdapCtxFactory");
>               env.put(Context.PROVIDER_URL, ldapUrl);
>               env.put(Context.SECURITY_AUTHENTICATION, authentication);
>               env.put(Context.SECURITY_PRINCIPAL, bindDN);
>               env.put(Context.SECURITY_CREDENTIALS, password);
>               return new InitialLdapContext (env, null);
> {code}
> However, when trying to connect using Apache Directory Studio I keep getting 
> an error:
> The authentication failed ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue 
> has been emptied, no response was found.
> I started Directory Studio with -Djavax.net.debug=all to see what happens and 
> this is what I found:
>  * There's a bunch of logging which eventually ends with this line:
> {code:java}
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:20.548 
> BST|SSLSessionImpl.java:242|Session initialized:  
> Session(1629363140485|TLS_AES_128_GCM_SHA256){code}
>  * It then idles for a while after which this happens:
> {code:java}
> javax.net.ssl|ALL|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 
> BST|SSLEngineImpl.java:752|Closing outbound of SSLEngine
> javax.net.ssl|WARNING|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 
> BST|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound 
> application data
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 
> BST|SSLEngineOutputRecord.java:505|WRITE: TLS13 alert, length = 2
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 
> BST|SSLCipher.java:2036|Plaintext before ENCRYPTION (
>   0000: 01 00 15 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
>   0010: 00 00 00                                           ...
> )
> javax.net.ssl|DEBUG|32|Worker-4: Open Connection|2021-08-19 09:52:50.512 
> BST|SSLEngineOutputRecord.java:523|Raw write (
>   0000: 17 03 03 00 23 00 65 A2   9A C7 DD 2C 23 8D 18 75  ....#.e....,#..u
>   0010: 98 7F 17 DD 3B 01 61 36   C8 83 9A E1 0D 41 B0 00  ....;.a6.....A..
>   0020: 07 8D 20 48 EB 1E 31 7B                            .. H..1.
> )
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.513 
> BST|SSLEngineImpl.java:724|Closing inbound of SSLEngine
> javax.net.ssl|ERROR|34|NioProcessor-5|2021-08-19 09:52:50.514 
> BST|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before 
> receiving peer's close_notify (
> "throwable" : {
>   javax.net.ssl.SSLException: closing inbound before receiving peer's 
> close_notify
>       at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
>       at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
>       at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
>       at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
>       at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:283)
>       at 
> java.base/sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:733)
>       at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:209)
>       at 
> org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:485)
>       at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
>       at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:49)
>       at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:1092)
>       at 
> org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:98)
>       at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
>       at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:599)
>       at 
> org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:251)
>       at 
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeNow(AbstractPollingIoProcessor.java:1142)
>       at 
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeSessions(AbstractPollingIoProcessor.java:864)
>       at 
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:694)
>       at 
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
>       at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>       at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>       at java.base/java.lang.Thread.run(Thread.java:834)}
> )
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 
> BST|SSLSessionImpl.java:784|Invalidated session:  
> Session(1629363140485|TLS_AES_128_GCM_SHA256)
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 
> BST|SSLSessionImpl.java:784|Invalidated session:  
> Session(1629363140485|TLS_AES_128_GCM_SHA256)
> javax.net.ssl|ALL|34|NioProcessor-5|2021-08-19 09:52:50.514 
> BST|SSLSessionImpl.java:784|Invalidated session:  
> Session(1629363140485|TLS_AES_128_GCM_SHA256)
> {code}
>  * I am then shown the QUEUE_EMPTIED error
> Things I've tried:
>  # Connecting to port 389 without TLS - this works
>  # Upgrading to OpenJDK 16.0.2 - no difference
>  # Restarting the client & server - no difference
> I am running Apache Directory Studio Version: 2.0.0.v20210717-M17 on MacOS 
> 11.5 and have also tried on Fedora 33 with Java 11 with the exact same result



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org