Does SSL works at all in classpath version 0.98 ???
i am not able to run my web application on HTTPS port (secure port through
SSL) although it run fine on normal HTTP port.
Environment used to run web application is as-
GNU Classpath ver 0.98
JamVm ver 1.53
Jetty 1.6.8
Linux Debian based
IE and mozilla browser
keystore- type GKR
Crypto and SSL implementation- in GNU Classpath ver 0.98
Basically i got multiple issues while trying to run application on HTTPS
ports, some of them i was able to resolve after debugging GNU classpath
source code. Problems faced by me are described below-
Problem # 1
--
-Server socket listening on HTTPS port (8443 in our case) not responding to
requests coming from browser.
After analysis, i have found that SSL server socket has been listening on
HTTPS port 8443 and accepting initial request coming from browser for
connection and creating SSL client socket in response. but after this there
is no response from SSL client socket created earlier. It seem that no input
stream is open to the client socket to read data coming from browser.
I think above issue is coming due to some bug in the SSLSocketImpl class
under gnu.javax.net.ssl.provider package. In constructor of this class,a new
Socket is created (i do not know why??) which is stored in underlyingSocket
variable of SSLSocketImpl class. All requests of read and write is then
delegated to member variable underlyingSocket. I think after copying new
socket reference to underlyingSocket variable, this socket(underlyingSocket)
is not connected to same native socket which is created in response of
initial request from browser therefore SSL client socket is not responding
to the browser request.
I have fixed this issue by not setting underlyingSocket variable to new
Socket and adding check for null at all places where underlyingSocket is
refereed. I have diverted all calls on underlyingSocket to super class of
SSLSocketImpl.
Please confirm whether is this a bug in the SSLSocketImpl class or have i
done something wrong?
Problem # 2
---
SSL handshake starts working but IllegalArgumentException exception is
coming from setLength API in Record class under gnu.javax.net.ssl.provider
package.
i think length check (between 0 and 16384 (2^14)) on SSL record is not
correct. As per SSL RFC, length of final SSL record after encryption and
compression may exceed by 2048 bytes.
I have fixed this issue by changing maximum length to 17408.
Please confirm is this the bug in the Record class?
Problem # 3
In decrypt API of InputSecurityParameters class under
gnu.javax.net.ssl.provider package, sometimes length calculated for padding
in case of block cipher is more then size of SSL record/fragment resulting
in IllegalArgumentException.
I have seen this issue only with Internet explorer browser. At line # 173 in
this class, IllegalArgumentException comes on calling positing API of
ByteBuffer due to passing negative index.
else if
(record.version().compareTo(ProtocolVersion.TLS_1) >= 0)
{
// In TLSv1 and later,
the padding must be `padlen' copies of the
// value `padlen'.
byte[] pad = new
byte[padlen];
//IllegalArgumentException comes at below line
((ByteBuffer)
fragment.duplicate().position(record.length() - padlen
- 1)).get(pad);
for (int i = 0; i <
pad.length; i++)
if ((pad[i] & 0xFF)
!= padlen)
badPadding =
true;
if (Debug.DEBUG)
logger.logv(Component.SSL_RECORD_LAYER, "TLSv1.x padding\n{0}",
new ByteArray(pad));
}
To resolve this issue, time being i have put safe check of positive index
before the line where exception is coming.
Now even after resolving all above mentioned issues, sometimes bad
certificate or not valid signature error is coming on browser on opening
pages using HTTPS.
I have to provide HTTPS support and now i am really stuck. please guide me
in resolving SSL related issues.
--
View this message in con
Re: JAM VM hangs after running for ~2 hours.
Hi, Today also the jam vm hanged; we have taken the thread dump for the same. These exceptions are attached with. http://www.nabble.com/file/p24516937/exception_traces_when_jamvm_was_hanged.txt exception_traces_when_jamvm_was_hanged.txt Here, the CPU utilization is also very high ~99%. From this it seems that the jetty is stuck in loop. Also after restarting the jetty (which was running using jamvm), the jetty was working fine but it reported many exceptions. These exceptions are also attached with. http://www.nabble.com/file/p24516937/exception_traces_just_after_restarting_jamvm.txt exception_traces_just_after_restarting_jamvm.txt Please tell, whether any other information is needed for analyzing this issue? Thanks & regards, -Rajesh ragoel wrote: > > Hi Rob, > > Right now, we are trying all the options suggested by you, thanks a ton > for the same :) > > As you might have come to know, that we have little knowledge of the JAM > VM; we are JAVA experts and we are using the JAM VM as a jre only, so we > have little knowledge of its insides. > > Basically, What we need to know is that, when our JAMVM hangs, then what > can we provide in this forum (or file as bug), which can help the jamvm > experts to diagnose the problem and come to the solution? > > Should we provide the Thread State by running the kill -3 command > or Is there is any thing else, which can help you to diagnose the problem > better? > > Please guide us further, > > Thanks & Regards, > - Rajesh > > > Robert Lougher wrote: >> >> P.S. JamVM has several tracing options, most of which need to be >> enabled at configuration time. Do ./configure --help to find out >> which ones are available. Then enable using --enable-traceX, e.g: >> >> ./configure --enable-tracethread --enable-tracealloc >> >> Rob. >> >> 2009/7/15 Robert Lougher : >>> Hi, >>> >>> Quick reply: >>> >>> 1) You can get a dump of all the threads and their stack traces by >>> sending SIGQUIT to the jamvm process (find the process ID via ps or >>> top), e.g. >>> >>> kill -3 >>> >>> JamVM will dump the thread state and continue. >>> >>> If you launched JamVM from a terminal you can also do Ctrl-\ in the >>> terminal, which will send SIGQUIT. >>> >>> 2) Attach gdb to jamvm and inspect the threads, e.g.: >>> >>> gdb jamvm >>> >>> list all threads with: >>> >>> info threads >>> >>> then, for each interesting thread: >>> >>> thread >>> bt >>> >>> 3) Run JamVM with strace >>> >>> This will dump information about every system call being executed. >>> However, if it takes two hours to hang this will probably be far too >>> much information. >>> >>> Rob. >>> >>> 2009/7/15 ragoel : Problem: JAM VM hangs after running for ~2 hours. There is no response from jetty (running on jamvm) at this time. The environment is: - the jam vm version is JamVM 1.5.3 - GNU Classpath version is 0.98 - the GNU Classpath is build by disabling the following things as they are not required by us: . /configure --disable-gtk-peer --disable-plugin --disable-gconf-peer --enable-tools - we are running jetty 6.1.8 using the jam vm. - we are connecting to the jetty (which is running on jamvm), through the browser (IE7) on port 8080, but there is no response from the server. - Our code runs fine when it is running jetty on sun jre 1.5. So it is certain that the problem is with the jamvm - the linux platform is: debian - After some analysis, it seems that there is some bug in the socket library of GNU Classpath due to which it stops responding after running for sometime. Queries: Basically we are not able to do anything when the JAMVM hangs, so could someone please tell me about how to debug the jamvm when it hangs i.e. - Is there any hook so that we can attach something to it, - Can we debug it remotely, - How to enable logging in it? - Any tool which can aid us in analyzing this problem further? We are stuck on this; please provide your valuable suggestions/resolutions for the same? -- View this message in context: http://www.nabble.com/JAM-VM-hangs-after-running-for-%7E2-hours.-tp24494239p24494239.html Sent from the Gnu - Classpath - General mailing list archive at Nabble.com. >>> >> >> >> > > -- View this message in context: http://www.nabble.com/JAM-VM-hangs-after-running-for-%7E2-hours.-tp24494239p24516937.html Sent from the Gnu - Classpath - General mailing list archive at Nabble.com.
Re: Does SSL works at all in classpath version 0.98 ???
alk.shr wrote: > i am not able to run my web application on HTTPS port (secure port through > SSL) although it run fine on normal HTTP port. This is a bug that must be verified. I add this to Bugzilla. See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=40774 now. You can also register and then be notified about changes in the bug. Thanks for so comprehensive report. Audrius
Re: Does SSL works at all in classpath version 0.98 ???
For the record, I've also tried SSL with Classpath 0.98 + JamVM 1.5.2 + ARM cpu. The observed behavior was that HTTPS connections caused the VM to allocate much more memory than with HTTP, until the VM failed with a memory allocation error. Sorry that this is very vague, however, I don't have any more specific info. But perhaps if we start pooling anecdotes we can get started debugging it. FWIW Robert Dodier
Re: Does SSL works at all in classpath version 0.98 ???
2009/7/16 Audrius Meskauskas : > alk.shr wrote: >> i am not able to run my web application on HTTPS port (secure port through >> SSL) although it run fine on normal HTTP port. > This is a bug that must be verified. I add this to Bugzilla. > > See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=40774 now. You can also > register and then be notified about changes in the bug. > > Thanks for so comprehensive report. > > Audrius > > > > Test cases for this issues would also help. I don't see how these failures can be replicated from the information given. -- Andrew :-) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Support Free Java! Contribute to GNU Classpath and the OpenJDK http://www.gnu.org/software/classpath http://openjdk.java.net PGP Key: 94EFD9D8 (http://subkeys.pgp.net) Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
Re: Fwd: [gnu.org #463369] Reg: Query on GNU class path Libraries
Deepak Sriramdas wrote: >> We are working on an Embeeded Systems Project. In this process >> we want to run our java jdk 1.5 compiled code on TS-Linux ARM >> boards.But these boards seems support only Jam VM java run >> time enviornment,which uses GNU class path libraries.Now >> should i modify my existing jdk 1.5 code using GNU class Path >> Libraries or should i compile code using the GNU compiler. >> >> Please can you specify me how should i use this GNU clapath libraries. I guess I don't even understand the question. You run code on Jam VM with Classpath just like you would do on any Java VM. Andrew.
