Re: MINA 2.2.0-M1
Works like a charm, thank you. Cheers, Chris. On 11.04.22 13:48, Jonathan Valliere wrote: Its now exposed through this Attribute https://github.com/apache/mina/blob/9c237cabb4ecc5ef8c379cc2d7a75c9d09c164cb/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L57 This change ensures that the developer can only access that object after the handshake is complete. CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. On Apr 11, 2022 at 7:07:42 AM, Christoph John wrote: Hi Emmanuel, another short question that came up when checking my unit tests. Formerly there was a method SslFilter.getSslSession: https://github.com/apache/mina/blob/35aafff17ee3fc655844058b28489c4c14af65fa/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L199 What is the replacement for that? I want to check the peer certificates of the SSLSession. Thanks in advance and best regards, Christoph. On 11.04.22 10:53, Emmanuel Lécharny wrote: Hi! I've made a slight mistake yesterday evening (or should I say this early this morning): I name the release 2.2.0. I haven't yet launch the vote, so I may revert and delete the release to name it 2.2.0-M1, and also check the pb Cristoph is mentionning (the non propagation of an exception to the IoAdapter when the SSLEngine throw it). I'll keep you inform... -- Christoph John Software Engineering T +49 241 557080-28 christoph.j...@macd.com MACD GmbH Oppenhoffallee 103 52066 Aachen, Germany www.macd.com Amtsgericht Aachen: HRB 8151 Ust.-Id: DE 813021663 Geschäftsführer: George Macdonald
Re: MINA 2.2.0-M1
Its now exposed through this Attribute https://github.com/apache/mina/blob/9c237cabb4ecc5ef8c379cc2d7a75c9d09c164cb/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L57 This change ensures that the developer can only access that object after the handshake is complete. CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. On Apr 11, 2022 at 7:07:42 AM, Christoph John wrote: > Hi Emmanuel, > > another short question that came up when checking my unit tests. Formerly > there was a method > SslFilter.getSslSession: > > https://github.com/apache/mina/blob/35aafff17ee3fc655844058b28489c4c14af65fa/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L199 > > What is the replacement for that? I want to check the peer certificates of > the SSLSession. > > Thanks in advance and best regards, > Christoph. > > > On 11.04.22 10:53, Emmanuel Lécharny wrote: > > Hi! > > > I've made a slight mistake yesterday evening (or should I say this early > this morning): I name the > > release 2.2.0. > > > I haven't yet launch the vote, so I may revert and delete the release to > name it 2.2.0-M1, and > > also check the pb Cristoph is mentionning (the non propagation of an > exception to the IoAdapter > > when the SSLEngine throw it). > > > I'll keep you inform... > > > > On 09/04/2022 00:26, Emmanuel Lécharny wrote: > > > Hi ! > > > > > > I will start to cut a first milestone for the MINA 2.2.X branch. It has > been tested on Apache > > > Ftpserver, Ldap API and Directory Server with success. > > > > > > There will probably be more milestone, but that would be a first step. > > > > > > The main changes are: > > > - a complete redesign of the TLS handling > > > - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which > is either replaced by a > > > dedicated filter, or the encapsulation of the message in a > DisableEncryptWriteRequest interface > > > > > > > > > I'll do that this week-end. > > > > > > Thanks ! > > > > -- > Christoph John > Software Engineering > T +49 241 557080-28 > christoph.j...@macd.com > > MACD GmbH > Oppenhoffallee 103 > 52066 Aachen, Germany > www.macd.com > > Amtsgericht Aachen: HRB 8151 > Ust.-Id: DE 813021663 > Geschäftsführer: George Macdonald >
Re: MINA 2.2.0-M1
Hi Emmanuel, another short question that came up when checking my unit tests. Formerly there was a method SslFilter.getSslSession: https://github.com/apache/mina/blob/35aafff17ee3fc655844058b28489c4c14af65fa/mina-core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java#L199 What is the replacement for that? I want to check the peer certificates of the SSLSession. Thanks in advance and best regards, Christoph. On 11.04.22 10:53, Emmanuel Lécharny wrote: Hi! I've made a slight mistake yesterday evening (or should I say this early this morning): I name the release 2.2.0. I haven't yet launch the vote, so I may revert and delete the release to name it 2.2.0-M1, and also check the pb Cristoph is mentionning (the non propagation of an exception to the IoAdapter when the SSLEngine throw it). I'll keep you inform... On 09/04/2022 00:26, Emmanuel Lécharny wrote: Hi ! I will start to cut a first milestone for the MINA 2.2.X branch. It has been tested on Apache Ftpserver, Ldap API and Directory Server with success. There will probably be more milestone, but that would be a first step. The main changes are: - a complete redesign of the TLS handling - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which is either replaced by a dedicated filter, or the encapsulation of the message in a DisableEncryptWriteRequest interface I'll do that this week-end. Thanks ! -- Christoph John Software Engineering T +49 241 557080-28 christoph.j...@macd.com MACD GmbH Oppenhoffallee 103 52066 Aachen, Germany www.macd.com Amtsgericht Aachen: HRB 8151 Ust.-Id: DE 813021663 Geschäftsführer: George Macdonald
Re: MINA 2.2.0-M1
Hi! I've made a slight mistake yesterday evening (or should I say this early this morning): I name the release 2.2.0. I haven't yet launch the vote, so I may revert and delete the release to name it 2.2.0-M1, and also check the pb Cristoph is mentionning (the non propagation of an exception to the IoAdapter when the SSLEngine throw it). I'll keep you inform... On 09/04/2022 00:26, Emmanuel Lécharny wrote: Hi ! I will start to cut a first milestone for the MINA 2.2.X branch. It has been tested on Apache Ftpserver, Ldap API and Directory Server with success. There will probably be more milestone, but that would be a first step. The main changes are: - a complete redesign of the TLS handling - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which is either replaced by a dedicated filter, or the encapsulation of the message in a DisableEncryptWriteRequest interface I'll do that this week-end. Thanks ! -- *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE T. +33 (0)4 89 97 36 50 P. +33 (0)6 08 33 32 61 emmanuel.lecha...@busit.com https://www.busit.com/ - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: MINA 2.2.0-M1
Hi Christophe, sorry, my late mail was off base. The pb here is that the SSLEngine excpeiton is not propagated to the handler, when it should. My guess is that we have some missing call somewhere in the stack. I'm going to check that out. On 11/04/2022 00:15, Christoph John wrote: Hi, thanks Jonathan and Emmanuel for working on this! I tried to integrate this into QuickFIX/J and it compiles successfully. However there are some tests failing that expect an Exception. For example we have https://github.com/quickfix-j/quickfixj/blob/b6a822a46a5278dcd0985a5a77299ed03168ab03/quickfixj-core/src/test/java/quickfix/mina/ssl/SecureSocketTest.java#L54 Up to now it was tried to get the Exception via a filter in the chain. This no longer seems to work but I think I can see the error getting thrown in the log: SEVERE: SSLHandlerG0@590ec99c[mode=server, connected=false] task() - storing error {} javax.net.ssl.SSLHandshakeException: No available authentication scheme at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:305) at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972) at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961) at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1246) at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1182) at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840) at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) at org.apache.mina.filter.ssl.SSLHandlerG0.execute_task(SSLHandlerG0.java:743) at org.apache.mina.filter.ssl.SSLHandlerG0.receive_loop(SSLHandlerG0.java:255) at org.apache.mina.filter.ssl.SSLHandlerG0.receive(SSLHandlerG0.java:162) at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:342) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833) What is the new way to get this Exception? NB: I recall discussing this with Jonathan some months ago but seem to have lost track of the mail thread. Thanks in advance, Chris. On 09.04.22 00:26, Emmanuel Lécharny wrote: Hi ! I will start to cut a first milestone for the MINA 2.2.X branch. It has
Re: MINA 2.2.0-M1
Hi Christoph, I faced the issue too. The way it now works is that MINA will send a TLS Alert message which should contain the root cause. It's a little bit late here for me to dig in the Apache FTPServer code where we were facing the issue, I'll do that tomorrow. On 11/04/2022 00:15, Christoph John wrote: Hi, thanks Jonathan and Emmanuel for working on this! I tried to integrate this into QuickFIX/J and it compiles successfully. However there are some tests failing that expect an Exception. For example we have https://github.com/quickfix-j/quickfixj/blob/b6a822a46a5278dcd0985a5a77299ed03168ab03/quickfixj-core/src/test/java/quickfix/mina/ssl/SecureSocketTest.java#L54 Up to now it was tried to get the Exception via a filter in the chain. This no longer seems to work but I think I can see the error getting thrown in the log: SEVERE: SSLHandlerG0@590ec99c[mode=server, connected=false] task() - storing error {} javax.net.ssl.SSLHandshakeException: No available authentication scheme at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:305) at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972) at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961) at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1246) at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1182) at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840) at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) at org.apache.mina.filter.ssl.SSLHandlerG0.execute_task(SSLHandlerG0.java:743) at org.apache.mina.filter.ssl.SSLHandlerG0.receive_loop(SSLHandlerG0.java:255) at org.apache.mina.filter.ssl.SSLHandlerG0.receive(SSLHandlerG0.java:162) at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:342) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833) What is the new way to get this Exception? NB: I recall discussing this with Jonathan some months ago but seem to have lost track of the mail thread. Thanks in advance, Chris. On 09.04.22 00:26, Emmanuel Lécharny wrote: Hi ! I will start to cut a first milestone for the MIN
Re: MINA 2.2.0-M1
Hi, thanks Jonathan and Emmanuel for working on this! I tried to integrate this into QuickFIX/J and it compiles successfully. However there are some tests failing that expect an Exception. For example we have https://github.com/quickfix-j/quickfixj/blob/b6a822a46a5278dcd0985a5a77299ed03168ab03/quickfixj-core/src/test/java/quickfix/mina/ssl/SecureSocketTest.java#L54 Up to now it was tried to get the Exception via a filter in the chain. This no longer seems to work but I think I can see the error getting thrown in the log: SEVERE: SSLHandlerG0@590ec99c[mode=server, connected=false] task() - storing error {} javax.net.ssl.SSLHandshakeException: No available authentication scheme at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:305) at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972) at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961) at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1246) at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1182) at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840) at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) at org.apache.mina.filter.ssl.SSLHandlerG0.execute_task(SSLHandlerG0.java:743) at org.apache.mina.filter.ssl.SSLHandlerG0.receive_loop(SSLHandlerG0.java:255) at org.apache.mina.filter.ssl.SSLHandlerG0.receive(SSLHandlerG0.java:162) at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:342) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833) What is the new way to get this Exception? NB: I recall discussing this with Jonathan some months ago but seem to have lost track of the mail thread. Thanks in advance, Chris. On 09.04.22 00:26, Emmanuel Lécharny wrote: Hi ! I will start to cut a first milestone for the MINA 2.2.X branch. It has been tested on Apache Ftpserver, Ldap API and Directory Server with success. There will probably be more milestone, but that would be a first step. The main changes are: - a complete redesign of the TLS handling - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which is either replaced by a dedicated filter, or the encapsulation of the message in a DisableEncryptWri
MINA 2.2.0-M1
Hi ! I will start to cut a first milestone for the MINA 2.2.X branch. It has been tested on Apache Ftpserver, Ldap API and Directory Server with success. There will probably be more milestone, but that would be a first step. The main changes are: - a complete redesign of the TLS handling - the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute, which is either replaced by a dedicated filter, or the encapsulation of the message in a DisableEncryptWriteRequest interface I'll do that this week-end. Thanks ! -- *Emmanuel Lécharny* - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org