I have tested that the exception gets propagated before launching the vote to be clear :-)

On 05/07/2022 18:17, Christoph John wrote:
Sorry, no. The last message regarding this was:


----------snip---------


11.04.2022 09:37:30 Emmanuel Lécharny <elecha...@gmail.com>:

Hi Christophe,

sorry, my late mail was off base.

The pb here is that the SSLEngine excpeiton is not propagated to the handler, 
when it should.

My guess is that we have some missing call somewhere in the stack. I'm going to 
check that out.

On 11/04/2022 00:15, Christoph John wrote:
Hi,
thanks Jonathan and Emmanuel for working on this!
I tried to integrate this into QuickFIX/J and it compiles successfully. However 
there are some tests failing that expect an Exception. For example we have
https://github.com/quickfix-j/quickfixj/blob/b6a822a46a5278dcd0985a5a77299ed03168ab03/quickfixj-core/src/test/java/quickfix/mina/ssl/SecureSocketTest.java#L54
Up to now it was tried to get the Exception via a filter in the chain. This no 
longer seems to work but I think I can see the error getting thrown in the log:
SEVERE: SSLHandlerG0@590ec99c[mode=server, connected=false] task() - storing 
error {}
javax.net.ssl.SSLHandshakeException: No available authentication scheme
     at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
     at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
     at 
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358)
     at 
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
     at 
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:305)
     at 
java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972)
     at 
java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961)
     at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)
     at 
java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1246)
     at 
java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1182)
     at 
java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840)
     at 
java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801)
     at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
     at 
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
     at 
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
     at 
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
     at 
java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
     at 
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
     at 
org.apache.mina.filter.ssl.SSLHandlerG0.execute_task(SSLHandlerG0.java:743)
     at 
org.apache.mina.filter.ssl.SSLHandlerG0.receive_loop(SSLHandlerG0.java:255)
     at org.apache.mina.filter.ssl.SSLHandlerG0.receive(SSLHandlerG0.java:162)
     at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:342)
     at 
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
     at 
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
     at 
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
     at 
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122)
     at 
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
     at 
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643)
     at 
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539)
     at 
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68)
     at 
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224)
     at 
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213)
     at 
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683)
     at 
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
     at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
     at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
     at java.base/java.lang.Thread.run(Thread.java:833)
What is the new way to get this Exception?
NB: I recall discussing this with Jonathan some months ago but seem to have 
lost track of the mail thread.
Thanks in advance,
Chris.
On 09.04.22 00:26, Emmanuel Lécharny wrote:
Hi !

I will start to cut a first milestone for the MINA 2.2.X branch. It has been 
tested on Apache Ftpserver, Ldap API and Directory Server with success.

There will probably be more milestone, but that would be a first step.

The main changes are:
- a complete redesign of the TLS handling
- the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which is 
either replaced by a dedicated filter, or the encapsulation of the message in a 
DisableEncryptWriteRequest interface


I'll do that this week-end.

Thanks !



--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to