Yep. I've just checked in the fix. Wanted to fix it before you run the test, but I was too busy. :(
HTH, Trustin PS: Please reply to [email protected], not directly to me. On 7/30/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Trustin, > > That fix didn't work. I believe the issue is that within > SSLHandler.handshake(NextFilter) it checks for the initialHandshakeComplete > attribute to be false to do anything, where initialHandshakeComplete will be > true for a re-negotiation. Below is the debug from the logs after running > the test: > > 20070729 225017 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Unwrap res:Status = OK HandshakeStatus = NEED_TASK > bytesConsumed = 0 bytesProduced = 0 > 20070729 225017 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Renegotiating... > 20070729 225017 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] doHandshake() > 20070729 225017 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Data Read: [EMAIL PROTECTED] (HeapBuffer[pos=0 > lim=148 cap=1024: 67 28 DC 02 B1 5A FC 31 1C 72 B8 BA 7B FD C9 97 66 FB 71 E5 > C0 10 B0 CA 28 4C 75 F0 38 6B 71 24 8F B7 CC 9C 27 06 C6 63 AF F1 10 B3 7E 44 > 30 82 C4 34 1C 6D 5C 26 31 7B 90 AB 5A 92 46 26 19 D8 2C C0 3E 3C DB 99 A5 31 > 57 3F 86 7F 18 C4 9B E6 21 8D 8E 7D A3 5A 8C ED F2 82 40 DC 19 52 EB B4 81 04 > 09 D3 B4 26 FC C1 E4 D1 69 43 A0 FE D1 4B F3 43 B4 E0 B6 D9 B2 B3 44 B1 C7 C3 > B5 CB 7B 41 25 F4 BB 87 26 7E CB 71 16 5A 7F 63 32 A3 6D 85 23 9A 16 DE]) > 20070729 225017 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] unwrap() > 20070729 225017 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] inNetBuffer: java.nio.DirectByteBuffer[pos=0 > lim=916 cap=16665] > 20070729 225017 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] appBuffer: java.nio.DirectByteBuffer[pos=0 > lim=33330 cap=33330] > 20070729 225017 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Unwrap res:Status = OK HandshakeStatus = NEED_TASK > bytesConsumed = 0 bytesProduced = 0 > 20070729 225017 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Renegotiating... > 20070729 225017 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] doHandshake() > 20070729 225107 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Data Read: [EMAIL PROTECTED] (HeapBuffer[pos=0 > lim=284 cap=512: 17 03 01 01 17 8F 86 6F CF BA C2 44 57 AD FA 00 25 F1 A0 4D > 57 B7 EB E0 B9 38 7E C5 0E 98 6C 1D 99 14 2F 3D BA D3 C3 CB 74 C4 22 B0 2C 62 > 2F B0 13 DB 42 1B 48 C5 E3 63 40 44 A0 FB 98 A1 AB 0C 8A 89 3B 60 03 2D 04 A3 > 8E 4A A3 6E 92 70 60 7C FA 09 2C F7 82 AF EF BC 17 D4 FC 14 FB 44 F7 89 20 F4 > 32 6C 0A 2F 40 85 B5 0C 46 F3 0B 24 25 1A 63 2D 27 C0 AF E0 37 84 93 E3 F5 BE > 3E AE 03 F3 7E 52 C2 4C 82 FC 22 F2 E1 91 04 55 F6 A3 FB ED 06 74 89 1A 5B 52 > D1 B0 38 10 92 B4 A0 CA D0 F7 69 EF 4F B0 CD D0 87 B8 37 1E 92 3F 28 B3 6C A5 > 3D 63 6B 22 43 F3 7B 4D 30 03 E8 DC B2 40 19 D5 D6 43 0E AD D5 1C B1 4A 4F 0D > DC F2 A1 0D 0A E8 62 57 38 B4 9B CA 4D 14 87 DB A7 83 8D 07 D8 D8 08 B5 05 18 > 4B A9 13 5D 62 8A E6 7E A8 4F AC 01 A5 F9 0B 93 EB 89 7A 81 E2 71 AC 5B 6C 92 > 83 03 BB B5 08 9A 0F C1 57 85 9A 9B 29 54 B7 66 E8 60 8A 14 09 82 E0 D2 66 F7 > A7 E0 DF 22]) > 20070729 225107 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] unwrap() > 20070729 225107 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] inNetBuffer: java.nio.DirectByteBuffer[pos=0 > lim=1200 cap=16665] > 20070729 225107 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] appBuffer: java.nio.DirectByteBuffer[pos=0 > lim=33330 cap=33330] > 20070729 225107 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Unwrap res:Status = OK HandshakeStatus = NEED_TASK > bytesConsumed = 0 bytesProduced = 0 > 20070729 225107 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Renegotiating... > 20070729 225107 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] doHandshake() > 20070729 225157 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Data Read: [EMAIL PROTECTED] (HeapBuffer[pos=0 lim=23 > cap=512: 15 03 01 00 12 6E AA 7C E6 8C 14 0D 7E F2 04 4D DB FD 99 86 BB 9D > AA]) > 20070729 225157 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] unwrap() > 20070729 225157 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] inNetBuffer: java.nio.DirectByteBuffer[pos=0 > lim=1223 cap=16665] > 20070729 225157 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] appBuffer: java.nio.DirectByteBuffer[pos=0 > lim=33330 cap=33330] > 20070729 225157 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Unwrap res:Status = OK HandshakeStatus = NEED_TASK > bytesConsumed = 0 bytesProduced = 0 > 20070729 225157 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Renegotiating... > 20070729 225157 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] doHandshake() > 20070729 225157 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Closed: [EMAIL PROTECTED] > 20070729 225157 dev-core1 -1 > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > [/10.169.65.194:54064] Unexpected exception from SSLEngine.closeInbound(). > javax.net.ssl.SSLException: Inbound closed before receiving peer's > close_notify: possible truncation attack? > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1360) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1328) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1267) > at > org.apache.mina.filter.support.SSLHandler.destroy(SSLHandler.java:164) > at org.apache.mina.filter.SSLFilter.sessionClosed(SSLFilter.java:367) > at > org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:269) > at > org.apache.mina.common.support.AbstractIoFilterChain.access$800(AbstractIoFilterChain.java:53) > at > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.sessionClosed(AbstractIoFilterChain.java:632) > at > org.apache.mina.common.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:65) > at > org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:269) > at > org.apache.mina.common.support.AbstractIoFilterChain.access$800(AbstractIoFilterChain.java:53) > at > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.sessionClosed(AbstractIoFilterChain.java:632) > at > org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.sessionClosed(AbstractIoFilterChain.java:483) > at > org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:269) > at > org.apache.mina.common.support.AbstractIoFilterChain.fireSessionClosed(AbstractIoFilterChain.java:264) > at > org.apache.mina.common.support.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:208) > at > org.apache.mina.transport.socket.nio.SocketIoProcessor.doRemove(SocketIoProcessor.java:170) > at > org.apache.mina.transport.socket.nio.SocketIoProcessor.access$700(SocketIoProcessor.java:44) > at > org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:432) > at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:39) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) > at java.lang.Thread.run(Thread.java:619) > > > > Trustin Lee wrote: > > > > I've just checked in the fix for the infinite loop bug you found. > > > > I didn't deploy the snapshot JAR yet, so you will have to build MINA > > by yourself. Please refer to our developer guide on how to build the > > latest source code: > > > > http://mina.apache.org/developer-guide.html > > > > Please let me know if it fixes the problem. If it doesn't, please > > provide DEBUG log. > > > > Thanks, > > Trustin > > > > On 7/30/07, Trustin Lee <[EMAIL PROTECTED]> wrote: > >> Hi James, > >> > >> On 7/30/07, James Gould <[EMAIL PROTECTED]> wrote: > >> > > >> > The following is the code snippet within SSLHandler.unwrap() to ensure > >> that > >> > handshake tasks are taken care of instead of causing an infinite loop. > >> Any > >> > thoughts or comments? > >> > >> The handshake status during unwrap() must be NOT_HANDSHAKING. > >> Otherwise, it means the connection entered renegotiation. Did you > >> change cipher set or something else after handshake is finished? > >> > >> Anyway, unwrap doesn't properly handle renegotiation. Thanks for > >> reporting a critical bug! Let me try to fix the buf and reply to this > >> thread again. > >> > >> Thanks, > >> Trustin > >> -- > >> what we call human nature is actually human habit > >> -- > >> http://gleamynode.net/ > >> -- > >> PGP Key ID: 0x0255ECA6 > >> > > > > > > -- > > what we call human nature is actually human habit > > -- > > http://gleamynode.net/ > > -- > > PGP Key ID: 0x0255ECA6 > > > > > Quoted from: > http://www.nabble.com/Endless-Loop-in-SSLHandler.unwrap-causing-Mina-Gateway-to-Hang-tf4166136s16868.html#a11856715 > > -- what we call human nature is actually human habit -- http://gleamynode.net/ -- PGP Key ID: 0x0255ECA6
