[
https://issues.apache.org/jira/browse/PROTON-2643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Clifford Jansen resolved PROTON-2643.
-------------------------------------
Fix Version/s: proton-c-0.39.0
Assignee: Clifford Jansen
Resolution: Fixed
> SSL connection hanging
> ----------------------
>
> Key: PROTON-2643
> URL: https://issues.apache.org/jira/browse/PROTON-2643
> Project: Qpid Proton
> Issue Type: Bug
> Affects Versions: proton-c-0.37.0
> Environment: Qpid-proton 0.37 with epoll proactor and openssl 1.0.2k
> running on centos7
> Reporter: Fredrik Hallenberg
> Assignee: Clifford Jansen
> Priority: Major
> Fix For: proton-c-0.39.0
>
> Attachments: ssl-issue-3.zip
>
>
> With a CA bundle of a certain size the SSL/TLS connection process hangs. This
> is 100% repeatable. The process stops before reaching verification callback,
> it seems there is an issue with reading from the BIO sockets. I can only
> repeat it with certain CA bundles, it seems they have to contain >100
> certificates but I have not found an obvious pattern. It does happen with my
> current system bundle (/etc/ssl/certs/ca-bundle.crt).
> I enclose an example with appropriate keys and bundles, the code is based on
> the cpp ssl example in the proton release. See the readme file on how to run
> it. Basically it will build a proton server from the example code and connect
> to it using openssl s_client. There is a good and a bad bundle included. The
> good one has a few less certificates than the big one but is otherwise the
> same. If using the bad bundle the connection process will stop after a few
> ssl read/writes. With the good bundle it proceeds as expected.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
