Joakim, thank you so much for the pointer. This was in fact because of #3787. Upgrading to the latest release fixt the problem.
Regards, Benedikt Am Fr., 29. Nov. 2019 um 16:15 Uhr schrieb Joakim Erdfelt < [email protected]>: > Sounds a lot like https://github.com/eclipse/jetty.project/issues/3787 > > Which was fixed for Jetty 9.4.22.v20191022 > > Joakim Erdfelt / [email protected] > > > On Fri, Nov 29, 2019 at 8:46 AM Benedikt Ritter <[email protected]> > wrote: > >> Hello, >> >> I'm working on an client/server application using Jetty client and server >> 9.4.20.v20190813. The client application provides a configuration flag to >> allow connecting to a server with an untrusted certificate. The code we use >> to configure the client looks like this: >> >> // WebSocketClientFactory.java >> private static void configureTrust(WebSocketClient client, boolean >> allowUntrusted) { >> if (allowUntrusted) { >> client.getSslContextFactory().setHostnameVerifier((hostname, >> session) -> true); >> client.getSslContextFactory().setTrustAll(true); >> } >> } >> >> For testing this feature we use a stub implementation of the real server >> that just records all websocket messages in a list to assert on that list >> in our tests. I added some code to configure the stub to use a self signed >> certificate (the certificate and SslContextBuilder bits are from netty): >> >> // MessageRecordingServerStub.groovy >> if (selfSignedHttps) { >> def cert = new SelfSignedCertificate('localhost') >> JdkSslContext sslContext = SslContextBuilder >> .forServer(cert.certificate(), cert.privateKey()) >> .sslProvider(SslProvider.JDK) >> .build() as JdkSslContext >> >> def sslContextFactory = new SslContextFactory.Server() >> sslContextFactory.sslContext = sslContext.context() >> >> ServerConnector con = new ServerConnector(this, sslContextFactory) >> con.setPort(port) >> connectors = [con] >> } >> >> Connecting to the stub server with allowUntrusted = true works as >> expected. However when I set allowUntrusted to false I only sometimes get >> the exception that I would expect: >> >> javax.net.ssl.SSLHandshakeException: General SSLEngine problem >> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521) >> at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528) >> at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197) >> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165) >> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:509) >> at >> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.flush(SslConnection.java:891) >> at >> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:530) >> at >> org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:128) >> at >> org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) >> at >> org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) >> at >> org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:154) >> at >> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) >> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) >> at >> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint$IncompleteWriteCallback.succeeded(SslConnection.java:1310) >> at org.eclipse.jetty.io.WriteFlusher.write(WriteFlusher.java:293) >> at org.eclipse.jetty.io.AbstractEndPoint.write(AbstractEndPoint.java:381) >> at >> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.needsFillInterest(SslConnection.java:746) >> at >> org.eclipse.jetty.io.AbstractEndPoint$1.needsFillInterest(AbstractEndPoint.java:45) >> at org.eclipse.jetty.io.FillInterest.tryRegister(FillInterest.java:83) >> at org.eclipse.jetty.io.FillInterest.register(FillInterest.java:55) >> at >> org.eclipse.jetty.io.AbstractEndPoint.fillInterested(AbstractEndPoint.java:362) >> at >> org.eclipse.jetty.io.AbstractConnection.fillInterested(AbstractConnection.java:134) >> at >> org.eclipse.jetty.client.http.HttpReceiverOverHTTP.fillInterested(HttpReceiverOverHTTP.java:193) >> at >> org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:141) >> at >> org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) >> at >> org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) >> at >> org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:154) >> at >> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) >> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) >> at >> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426) >> at >> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320) >> at >> org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158) >> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) >> at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) >> at java.lang.Thread.run(Thread.java:748) >> >> But most of the time a get: >> >> java.io.EOFException: HttpConnectionOverHTTP@2d5f697f >> ::DecryptedEndPoint@7050f4d9{localhost/127.0.0.1:51214<->/127.0.0.1:51215 >> ,CLOSED,fill=-,flush=F,to=1/0} >> at >> org.eclipse.jetty.client.http.HttpReceiverOverHTTP.earlyEOF(HttpReceiverOverHTTP.java:335) >> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1526) >> at >> org.eclipse.jetty.client.http.HttpReceiverOverHTTP.shutdown(HttpReceiverOverHTTP.java:209) >> at >> org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:147) >> at >> org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) >> at >> org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) >> at >> org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:154) >> at >> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) >> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) >> at >> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint$IncompleteWriteCallback.succeeded(SslConnection.java:1310) >> at org.eclipse.jetty.io.WriteFlusher.write(WriteFlusher.java:293) >> at org.eclipse.jetty.io.AbstractEndPoint.write(AbstractEndPoint.java:381) >> at >> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onIncompleteFlush(SslConnection.java:1069) >> at >> org.eclipse.jetty.io.AbstractEndPoint$2.onIncompleteFlush(AbstractEndPoint.java:54) >> at org.eclipse.jetty.io.WriteFlusher.completeWrite(WriteFlusher.java:387) >> at >> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.lambda$fill$1(SslConnection.java:669) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) >> at java.lang.Thread.run(Thread.java:748) >> >> So it looks like the server closed the connection early. This is not >> related to timeouts since I did not change the default idle timeout of 30 >> seconds on the server. >> >> Any idea what might be causing this? I would like to stabilize the test >> in a why that I always get the SSLHandshakeException. >> >> Thanks in advance! >> Benedikt >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://www.eclipse.org/mailman/listinfo/jetty-users > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
