|
| Re: [CDO] SSL connection failing with Mars release [message #1714061 is a reply to message #1714058] |
Mon, 09 November 2015 16:19   |
|
Hi Laurent,
I'm afraid that the SSL code was contributed by someone who's no longer on the team. It would take me a long time to
familiarize myself with all that code and it's unlikely I would find time before December.
If you plan to find the root cause I could probably answer questions regarding concrete changes in Mars:
Mars.0: http://download.eclipse.org/modeling/emf/cdo/drops/R20150610-1526/relnotes.html
Mars.1: http://download.eclipse.org/modeling/emf/cdo/drops/R20150916-0434/relnotes.html
This bug is the only one that seems potentially related (but haven't looked at all): https://bugs.eclipse.org/477256
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Am 09.11.2015 um 17:00 schrieb Laurent Le Moux:
> Hi,
>
> I used to connect to my CDO server with a SSL connection in Luna release.
> Since I migrated to Mars, connection fails with a 'java.util.concurrent.TimeoutException' on the client side whereas I
> get the following 'BufferUnderflowException' error on the server side :
>
>
> [INFO] CDO server starting
> osgi> [INFO] Net4j extension starting
> [INFO] Net4j acceptor starting: ssl://localhost:2036
> [INFO] Net4j extension started
> [INFO] Security extension starting
> [INFO] Security realm loaded from /security
> [INFO] Security realm handled by AnnotationHandler
> [INFO] Security realm handled by HomeFolderHandler2[/home]
> [INFO] Security extension started
> [INFO] CDO server started
> [ERROR] BufferUnderflowException
> java.nio.BufferUnderflowException
> at java.nio.Buffer.nextGetIndex(Unknown Source)
> at java.nio.DirectByteBuffer.getShort(Unknown Source)
> at org.eclipse.net4j.internal.tcp.ssl.SSLBuffer.startGetting(SSLBuffer.java:84)
> at org.eclipse.net4j.internal.tcp.TCPConnector.handleRead(TCPConnector.java:215)
> at org.eclipse.net4j.internal.tcp.ssl.SSLConnector.handleRead(SSLConnector.java:70)
> at org.eclipse.net4j.internal.tcp.TCPSelector.handleSelection(TCPSelector.java:254)
> at org.eclipse.net4j.internal.tcp.TCPSelector.run(TCPSelector.java:179)
> at java.lang.Thread.run(Unknown Source)
>
>
> Is there a configuration change in the last release ?
>
> Regards,
>
> Laurent
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
|
| Re: [CDO] SSL connection failing with Mars release [message #1714918 is a reply to message #1714915] |
Tue, 17 November 2015 16:38 |
|
Am 17.11.2015 um 17:32 schrieb Laurent Le Moux:
> Hi Eike,
>
> Sorry for my late answer. I try to find some time to look at this problem but I am unfortunately not an SSL expert.
>
> Bug 477256 is apparently not the cause. The slight changes made in Signal.java seems to be involved at server startup
> but not anymore when the explorer tries to establish an SSL connection.
>
> SSLBuffer.startGetting relies on an SSLEngineManager to read and unwrap encrypted data from the socket channel.
>
> The first read returns 16 bytes of unwrapped data.
> But a second read occurs and returns only 1 byte.
> And SSLBuffer.startGetting is not expecting so little data.
> The BufferUnderflowException occurs later on when trying to set a channel ID (2 bytes).
>
> I put some traces in SSLEngineManager.read and, while the encrypted data seems to be normally read from the socket,
> unwrap returns surprisingly small data buffers...
>
> encrypted data size : 53
> unwrap result size : 16
> SSL engine result : OK
> Handshake status : NOT_HANDSHAKING
>
> encrypted data size : 122
> unwrap result size : 1
> SSL engine result : OK
> Handshake status : NOT_HANDSHAKING
>
> BufferUnderflowException...
>
> I migrated from Eclipse Luna + JVM 1.6 to Eclipse Mars + JVM 1.7.
> And my certificates are still valid until 2020 according to keytool.
>
> To dig further, I see no other solution than run my former platform again and compare...
> Any idea or suggestion ?
Unfortunately not out of my head. I hope that next month I have more spare time available and then I could try to help
more proactively. Until then let me know if I can help with expertise outside of the SSL area, e.g., the lower Net4j
layers...
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.03781 seconds
] 
Search
Help
Register
Login
Home
