[ https://issues.apache.org/jira/browse/PROTON-2643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Clifford Jansen resolved PROTON-2643. ------------------------------------- Fix Version/s: proton-c-0.39.0 Assignee: Clifford Jansen Resolution: Fixed > SSL connection hanging > ---------------------- > > Key: PROTON-2643 > URL: https://issues.apache.org/jira/browse/PROTON-2643 > Project: Qpid Proton > Issue Type: Bug > Affects Versions: proton-c-0.37.0 > Environment: Qpid-proton 0.37 with epoll proactor and openssl 1.0.2k > running on centos7 > Reporter: Fredrik Hallenberg > Assignee: Clifford Jansen > Priority: Major > Fix For: proton-c-0.39.0 > > Attachments: ssl-issue-3.zip > > > With a CA bundle of a certain size the SSL/TLS connection process hangs. This > is 100% repeatable. The process stops before reaching verification callback, > it seems there is an issue with reading from the BIO sockets. I can only > repeat it with certain CA bundles, it seems they have to contain >100 > certificates but I have not found an obvious pattern. It does happen with my > current system bundle (/etc/ssl/certs/ca-bundle.crt). > I enclose an example with appropriate keys and bundles, the code is based on > the cpp ssl example in the proton release. See the readme file on how to run > it. Basically it will build a proton server from the example code and connect > to it using openssl s_client. There is a good and a bad bundle included. The > good one has a few less certificates than the big one but is otherwise the > same. If using the bad bundle the connection process will stop after a few > ssl read/writes. With the good bundle it proceeds as expected. > -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org