Hi, again, Paul.
Given the port involved, it doesn't seem that this is related to admin security which is what I'm familiar with.
I'm forwarding this to the Grizzly folks in case they have any insight.
- Tim
On Jan 3, 2013, at 3:08 PM, paul.hendley_at_oracle.com wrote:
> Hi Tim,
> thanks for the quick reply.
>
> The cts client is trying to establish and https connection to a servlet using a secure web service port of 1044
> (The url looks like: https://localhost:1044/clientcert_web/ServletSecTest )
> This secure web service port would correspond to the "network-listener" with protocol="http-listener-2" in domain.xml
>
> The (cts) Client test code resembles:
>
> URL newURL = new URL(url);
> //open HttpsURLConnection using TSHttpsURLConnection
> TSHttpsURLConnection httpsURLConn = getHttpsURLConnection(newURL);
> --> InputStream content = (InputStream)httpsURLConn.getInputStream(); // CHOKES HERE
> BufferedReader in = new BufferedReader (new InputStreamReader (content));
>
>
> This is trying to read the content from the servlet.
>
> thanks,
> paul
>
>
> On 1/3/13 3:56 PM, Tim Quinn wrote:
>>
>> Hi, Paul.
>>
>> Is the test trying to send an admin message to GlassFish (e.g., to port 4848) or an application message (e.g., to port 8080)?
>>
>> There was a Grizzly integration of 2.3-rc1 on Dec. 29 (build 69 is from the 27th).
>>
>>
>> - Tim
>>
>> On Jan 3, 2013, at 2:41 PM, paul.hendley_at_oracle.com wrote:
>>
>>> Hi All.
>>>
>>> I am seeing a CTS test failure that is related to a socket connection reset. (See stack trace of my test run at end of this email)
>>> It seems that SSL is the underlying piece that may be causeing the socket connection reset.
>>>
>>> This error did not appear in promoted build glassfish-4.0-b69 but I did notice it in the nighly that I used yesterday. So it appears that something occurred between GF build 69 and the nighly I from yesterday. (After looking at it some more today, I confirmed that it happens in last nights build too.)
>>>
>>> I checked the server.log and did not see anything useful in there. I turned on the (GF) logging.properties to FINEST for the two security loggers (one included ssl) but still didn't notice anything useful.
>>>
>>> I am using Java 1.7.0_09 for both my CTS test client and my GF appserver (on mac w/ mountain lion).
>>>
>>> Also, If I switch back to the promoted GF b69, the test passes but when I switch to the more recently nightlies, and execute the same CTS test code it fails again.
>>>
>>> (fwiw - a quick check online indicated a possible solution might be to increase thread-pools but that didn't seem to help.)
>>>
>>> Does anyone know of any recent work that might have affected SSL connections? Or better yet, how to get around it?
>>>
>>> Lastly, I'm attaching a more detailed log that contains the SSL debugging info (set using jvm arg of "-Djavax.net.debug=all") This doesn't make a whole lot of sense to me but I did see that line 7148 of the attached file seems to be stating:
>>> "[javatest.batch] main, SEND TLSv1 ALERT: fatal, description = unexpected_message
>>> [javatest.batch] Padded plaintext before ENCRYPTION: len = 32"
>>>
>>> Does this mean anything to anyone?
>>>
>>> thanks,
>>> paul
>>>
>>>
>>> [javatest.batch] 01-03-2013 13:58:56: ERROR: Test case throws exception: clientCertTest: FAILED
>>> [javatest.batch] 01-03-2013 13:58:56: ERROR: Exception at:
>>> [javatest.batch] 01-03-2013 13:58:56: ERROR: java.net.SocketException: Connection reset
>>> [javatest.batch] at java.net.SocketInputStream.read(SocketInputStream.java:189)
>>> [javatest.batch] at java.net.SocketInputStream.read(SocketInputStream.java:121)
>>> [javatest.batch] at sun.security.ssl.InputRecord.readFully(InputRecord.java:312)
>>> [javatest.batch] at sun.security.ssl.InputRecord.read(InputRecord.java:350)
>>> [javatest.batch] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
>>> [javatest.batch] at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1723)
>>> [javatest.batch] at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:122)
>>> [javatest.batch] at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:941)
>>> [javatest.batch] at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1084)
>>> [javatest.batch] at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1003)
>>> [javatest.batch] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:282)
>>> [javatest.batch] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>>> [javatest.batch] at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>>> [javatest.batch] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
>>> [javatest.batch] at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884)
>>> [javatest.batch] at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
>>> [javatest.batch] at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
>>> [javatest.batch] at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
>>> [javatest.batch] at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
>>> [javatest.batch] at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:633)
>>> [javatest.batch] at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:579)
>>> [javatest.batch] at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:604)
>>> [javatest.batch] at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1322)
>>> [javatest.batch] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
>>> [javatest.batch] at com.sun.ts.lib.implementation.sun.javaee.SunRIHttpsURLConnection.getInputStream(SunRIHttpsURLConnection.java:137)
>>> [javatest.batch] at com.sun.ts.lib.porting.TSHttpsURLConnection.getInputStream(TSHttpsURLConnection.java:154)
>>> [javatest.batch] at com.sun.ts.tests.servlet.spec.security.clientcert.Client.clientCertTest(Client.java:123)
>>> [javatest.batch] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> [javatest.batch] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> [javatest.batch] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> [javatest.batch] at java.lang.reflect.Method.invoke(Method.java:601)
>>> [javatest.batch] at com.sun.ts.lib.harness.EETest.run(EETest.java:550)
>>> [javatest.batch] at com.sun.ts.lib.harness.EETest.getPropsReady(EETest.java:446)
>>> [javatest.batch] at com.sun.ts.lib.harness.EETest.run(EETest.java:305)
>>> [javatest.batch] at com.sun.ts.lib.harness.EETest.run(EETest.java:257)
>>> [javatest.batch] at com.sun.ts.tests.servlet.spec.security.clientcert.Client.main(Client.java:57)
>>>
>>> <foo_nightly.txt>
>>
>