Hi,
did anybody encounter the problem described below using SSL?
Cheers,
András
Kerekes András wrote:
Hi,
I found an interesting issue when using SSL communication in Mina
1.1.5 (and 1.1.3) . I use a custom protocol with custom message
classes, one of them is LogoutMessage. When this is sent, it signals
the server that the client is finishing the communication. After
sending the LogoutMessage and receiving the corresponding response the
client closes the session with: ioSession.close().join()
And this throws an exception:
Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.closeInbound(Unknown
Source)
at
org.apache.mina.filter.support.SSLHandler.destroy(SSLHandler.java:167)
at org.apache.mina.filter.SSLFilter.sessionClosed(SSLFilter.java:367)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:269)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$800(AbstractIoFilterChain.java:53)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.sessionClosed(AbstractIoFilterChain.java:633)
at
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:230)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.lang.Thread.run(Unknown Source)
The server closes the connection normally. We made extensive debugging
and it seems the when the client closes the session and the SSLFilter
calls the initiateClosure method it sends the close_notification to
the server but does not receive the confirmation from the server side.
The same happens when the server initiates the closing of the session
after sending the LogoutResponse, but this time the exception is
thrown at the server side.
The reason for this behavior seems to be that the IoSession is removed
in the SocketIoProcessor's worker thread at the doRemove() call, and
the execution hits the 'break;' line so the infinite loop terminates
and by the time the response (confirming the close notification) from
the other end of the communication arrives there is no IoProcessor to
process the message and let the SSLFilter close the SSL session properly.
I've attached a small example which produces this issue.
Is it a bug or am I doing something wrong?
Thanks for the help!
Andras
