[jira] [Commented] (DIRMINA-1157) Sporadic error when establishing a StartTLS or SSL connection
[ https://issues.apache.org/jira/browse/DIRMINA-1157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17480343#comment-17480343 ] Emmanuel Lécharny commented on DIRMINA-1157: [~johnnyv] I have difficulties merging... I have renamed the SSLxxx classes to Sslxxx, because it was problematic with some Spring tests on case sensitive file systems like mine (Mac OSX or linux). Also could you configure your IDE to replace tabs with spaces ? All the MINA code base is using spaces, and having files with tabs in it make it quite hard when pulling and diffing the code. Thanks ! > Sporadic error when establishing a StartTLS or SSL connection > - > > Key: DIRMINA-1157 > URL: https://issues.apache.org/jira/browse/DIRMINA-1157 > Project: MINA > Issue Type: Bug > Components: Core, SSL >Affects Versions: 2.1.5 >Reporter: Steffen Liersch >Priority: Blocker > Labels: security > Attachments: SslHandler-compare.png, SslHandler-mod.java, > SslHandler.java > > Original Estimate: 1h > Remaining Estimate: 1h > > With the Mina components, a connection error occasionally occurs when > establishing a StartTLS or TLS connection. The cause is that payload data was > received immediately on the acknowledgement and is already in the receive > buffer. > My colleagues have changed the checkStatus function of the SslHandler class > from apache-mina-2.1.5-src.zip so that the sporadic error demonstrably no > longer occurs. Please review the changes and include them in the codebase for > the next release. > I have attached the original version of SslHandler.java, as well as the > modified version. Thank you for your support! -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1237) SftpClient logs warnings on keepalive messages
[ https://issues.apache.org/jira/browse/SSHD-1237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17480269#comment-17480269 ] Thomas Wolf commented on SSHD-1237: --- Looks like an OpenSSH server sends its keep-alive messages as channel requests or as global requests, and expects a non-success reply at least for channel requests. Simply logging only at debug level when the request name starts with "keepalive@" or "keep-alive@" and log.isDebugEnabled() might be good enough. Do you want to provide a PR on [Github|https://github.com/apache/mina-sshd]? > SftpClient logs warnings on keepalive messages > -- > > Key: SSHD-1237 > URL: https://issues.apache.org/jira/browse/SSHD-1237 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.8.0 >Reporter: Jens Grassel >Priority: Minor > > Hi, > we just noticed that using the default SshClient we get lots of warning > messages in our logs about keep alive requests like this: > {noformat} > 08:55:32.122 [sshd-SshClient[40b05dd]-nio2-thread-2] WARN > o.a.s.s.c.i.DefaultSftpClient$SftpChannelSubsystem - > handleUnknownChannelRequest(SftpChannelSubsystem[id=0, > recipient=0]-ClientSessionImpl[XXX@XXX/XXX:22][sftp]) Unknown channel > request: keepal...@openssh.com[want-reply=true] > {noformat} > We're using the {{SshClient.setUpDefaultClient()}} function then create our > session and finally use the {{createSftpClient(session)}} function on a > SftpClientFactory. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: MINA 2.1 vs MINA 2.2 API differences
On 21/01/2022 13:23, Jonathan Valliere wrote: You can also use the DisableEncryptionWriteRequesf to wrap your WriteRequest you want to bypass the SSL filter. Yes, but all in all, I think this WriteRequest class should go. The original Attribute was specifically created to bypass the SslFilter for the StartTLS operation, and in retrospect, thatw as a mistake. I like the Filter idea. -- *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE T. +33 (0)4 89 97 36 50 P. +33 (0)6 08 33 32 61 emmanuel.lecha...@busit.com https://www.busit.com/ - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (DIRMINA-1157) Sporadic error when establishing a StartTLS or SSL connection
[ https://issues.apache.org/jira/browse/DIRMINA-1157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17480116#comment-17480116 ] Emmanuel Lécharny commented on DIRMINA-1157: [~johnnyv]I'll do that tonite. > Sporadic error when establishing a StartTLS or SSL connection > - > > Key: DIRMINA-1157 > URL: https://issues.apache.org/jira/browse/DIRMINA-1157 > Project: MINA > Issue Type: Bug > Components: Core, SSL >Affects Versions: 2.1.5 >Reporter: Steffen Liersch >Priority: Blocker > Labels: security > Attachments: SslHandler-compare.png, SslHandler-mod.java, > SslHandler.java > > Original Estimate: 1h > Remaining Estimate: 1h > > With the Mina components, a connection error occasionally occurs when > establishing a StartTLS or TLS connection. The cause is that payload data was > received immediately on the acknowledgement and is already in the receive > buffer. > My colleagues have changed the checkStatus function of the SslHandler class > from apache-mina-2.1.5-src.zip so that the sporadic error demonstrably no > longer occurs. Please review the changes and include them in the codebase for > the next release. > I have attached the original version of SslHandler.java, as well as the > modified version. Thank you for your support! -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (DIRMINA-1157) Sporadic error when establishing a StartTLS or SSL connection
[ https://issues.apache.org/jira/browse/DIRMINA-1157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17480113#comment-17480113 ] Jonathan Valliere commented on DIRMINA-1157: Most, if not all SSL issues are resolved in the 2.2.X version of MINA. It's been in pre-release for a year because we can't get enough eyes on it. Emmanuel, can you update the SNAPSHOT? > Sporadic error when establishing a StartTLS or SSL connection > - > > Key: DIRMINA-1157 > URL: https://issues.apache.org/jira/browse/DIRMINA-1157 > Project: MINA > Issue Type: Bug > Components: Core, SSL >Affects Versions: 2.1.5 >Reporter: Steffen Liersch >Priority: Blocker > Labels: security > Attachments: SslHandler-compare.png, SslHandler-mod.java, > SslHandler.java > > Original Estimate: 1h > Remaining Estimate: 1h > > With the Mina components, a connection error occasionally occurs when > establishing a StartTLS or TLS connection. The cause is that payload data was > received immediately on the acknowledgement and is already in the receive > buffer. > My colleagues have changed the checkStatus function of the SslHandler class > from apache-mina-2.1.5-src.zip so that the sporadic error demonstrably no > longer occurs. Please review the changes and include them in the codebase for > the next release. > I have attached the original version of SslHandler.java, as well as the > modified version. Thank you for your support! -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (DIRMINA-1157) Sporadic error when establishing a StartTLS or SSL connection
[ https://issues.apache.org/jira/browse/DIRMINA-1157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steffen Liersch updated DIRMINA-1157: - Priority: Blocker (was: Major) > Sporadic error when establishing a StartTLS or SSL connection > - > > Key: DIRMINA-1157 > URL: https://issues.apache.org/jira/browse/DIRMINA-1157 > Project: MINA > Issue Type: Bug > Components: Core, SSL >Affects Versions: 2.1.5 >Reporter: Steffen Liersch >Priority: Blocker > Labels: security > Attachments: SslHandler-compare.png, SslHandler-mod.java, > SslHandler.java > > Original Estimate: 1h > Remaining Estimate: 1h > > With the Mina components, a connection error occasionally occurs when > establishing a StartTLS or TLS connection. The cause is that payload data was > received immediately on the acknowledgement and is already in the receive > buffer. > My colleagues have changed the checkStatus function of the SslHandler class > from apache-mina-2.1.5-src.zip so that the sporadic error demonstrably no > longer occurs. Please review the changes and include them in the codebase for > the next release. > I have attached the original version of SslHandler.java, as well as the > modified version. Thank you for your support! -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Created] (DIRMINA-1157) Sporadic error when establishing a StartTLS or SSL connection
Steffen Liersch created DIRMINA-1157: Summary: Sporadic error when establishing a StartTLS or SSL connection Key: DIRMINA-1157 URL: https://issues.apache.org/jira/browse/DIRMINA-1157 Project: MINA Issue Type: Bug Components: Core, SSL Affects Versions: 2.1.5 Reporter: Steffen Liersch Attachments: SslHandler-compare.png, SslHandler-mod.java, SslHandler.java With the Mina components, a connection error occasionally occurs when establishing a StartTLS or TLS connection. The cause is that payload data was received immediately on the acknowledgement and is already in the receive buffer. My colleagues have changed the checkStatus function of the SslHandler class from apache-mina-2.1.5-src.zip so that the sporadic error demonstrably no longer occurs. Please review the changes and include them in the codebase for the next release. I have attached the original version of SslHandler.java, as well as the modified version. Thank you for your support! -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: MINA 2.1 vs MINA 2.2 API differences
You can also use the DisableEncryptionWriteRequesf to wrap your WriteRequest you want to bypass the SSL filter. On Fri, Jan 21, 2022 at 3:58 AM Emmanuel Lécharny wrote: > I have it working. The filter approach is actually the silmpler way to > deal with the requirement, I don't even have to leverage the crypt > bypass flag. I just check if the message to be written is the > StartTlsResponse one, and if so, I 'jump' over the SslFilter: > > public void filterWrite(NextFilter nextFilter, IoSession session, > WriteRequest writeRequest) throws Exception { > if ( writeRequest.getOriginalMessage() instanceof > StartTlsResponse ) > { > // We need to bypass the SslFilter > IoFilterChain chain = session.getFilterChain(); > > for ( IoFilterChain.Entry entry : chain.getAll() ) > { > IoFilter filter = entry.getFilter(); > > if ( filter instanceof SslFilter ) > { > entry.getNextFilter().filterWrite( session, > writeRequest ); > } > } > } > else > { > nextFilter.filterWrite(session, writeRequest); > } > } > > Note: I set up the SslFilter first in the chain, immediately followed by > the StartTLS filter: > > chain.addFirst( "startTls", startTlsFilter ); > chain.addFirst( "sslFilter", sslFilter ); > > Simple, easy. > > > Thanks Jonathan ! > > On 20/01/2022 18:22, Emmanuel Lécharny wrote: > > > > > > On 20/01/2022 13:25, Jonathan Valliere wrote: > >> The old method was unsafe from a concurrency standpoint. This > >> switching logic should be in a filter. > > > > Agreed. StartTLS is by itself very intrusive and I think it deserves to > > be made a MINA filter, instead of expecting MINA to be twisted in a way > > that is not natural. > > > > Actually, with such a filter, we wouldn't even require the flag you have > > added as a substitute for the session attribute. > > > > Thanks Jonathan ! > > > > -- > *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE > T. +33 (0)4 89 97 36 50 > P. +33 (0)6 08 33 32 61 > emmanuel.lecha...@busit.com https://www.busit.com/ >
Re: MINA 2.1 vs MINA 2.2 API differences
I have it working. The filter approach is actually the silmpler way to deal with the requirement, I don't even have to leverage the crypt bypass flag. I just check if the message to be written is the StartTlsResponse one, and if so, I 'jump' over the SslFilter: public void filterWrite(NextFilter nextFilter, IoSession session, WriteRequest writeRequest) throws Exception { if ( writeRequest.getOriginalMessage() instanceof StartTlsResponse ) { // We need to bypass the SslFilter IoFilterChain chain = session.getFilterChain(); for ( IoFilterChain.Entry entry : chain.getAll() ) { IoFilter filter = entry.getFilter(); if ( filter instanceof SslFilter ) { entry.getNextFilter().filterWrite( session, writeRequest ); } } } else { nextFilter.filterWrite(session, writeRequest); } } Note: I set up the SslFilter first in the chain, immediately followed by the StartTLS filter: chain.addFirst( "startTls", startTlsFilter ); chain.addFirst( "sslFilter", sslFilter ); Simple, easy. Thanks Jonathan ! On 20/01/2022 18:22, Emmanuel Lécharny wrote: On 20/01/2022 13:25, Jonathan Valliere wrote: The old method was unsafe from a concurrency standpoint. This switching logic should be in a filter. Agreed. StartTLS is by itself very intrusive and I think it deserves to be made a MINA filter, instead of expecting MINA to be twisted in a way that is not natural. Actually, with such a filter, we wouldn't even require the flag you have added as a substitute for the session attribute. Thanks Jonathan ! -- *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE T. +33 (0)4 89 97 36 50 P. +33 (0)6 08 33 32 61 emmanuel.lecha...@busit.com https://www.busit.com/ - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org