users@grizzly.java.net

Grizzly 2.0 M3: java.lang.StackOverflowError in SSL handshake, when using expired client certificate

From: JopieC <jopie.cruijff_at_gmail.com>
Date: Mon, 8 Jun 2009 06:02:47 -0700 (PDT)

In the Server I used:

...
        boolean clientMode = false;
        boolean needClientAuth = true;
        boolean wantClientAuth = true;

        c = new SSLEngineConfigurator(sslContext, clientMode,
needClientAuth, wantClientAuth);
...

Then I ordered the client to use an expired certificate:

found key for : ...
chain [0] = [
[
  Version: V3
  Subject: CN=..., OU=..., O=... L=..., ST=..., C=...
  Signature Algorithm: MD5withRSA, OID = ...

  Key: Sun RSA public key, 1024 bits
  modulus: ...
  public exponent: 65537
  Validity: [From: Wed Jun 16 12:13:13 MEST 2004,
               To: Sun Jun 26 13:30:00 MEST 2005]

Then in the server a java.lang.StackOverflowError occurs:

java.security.cert.CertificateExpiredException: NotAfter: Sun Jun 26
13:30:00 MEST 2005
WTP(0), SEND SSLv3 ALERT: fatal, description = certificate_unknown
WTP(0), WRITE: SSLv3 Alert, length = 2
WTP(0), fatal: engine already closed. Rethrowing
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
[Raw write]: length = 7
0000: 15 03 00 00 02 02 2E .......
Jun 8, 2009 2:26:45 PM tst.grizzly.ProcessorRunnable logException
WARNING: Processor execution exception. Processor:
tst.grizzly.filterchain.DefaultFilterChain_at_7b4703 Context:
FilterChainContext
[connection=tst.grizzly.nio.transport.TCPNIOConnection_at_5c3987[localaddress=/192.168.201.9:10078,
peeraddress=/192.168.201.12:24624], message=null, address=null,
executedFilters=tst.grizzly.utils.LightArrayList_at_1e184ea]
java.lang.StackOverflowError
    at
tst.grizzly.attributes.IndexedAttributeHolder$IndexedAttributeAccessorImpl.getAttribute(IndexedAttributeHolder.java:161)
    at tst.grizzly.attributes.Attribute.weakGet(Attribute.java:264)
    at tst.grizzly.attributes.Attribute.get(Attribute.java:100)
    at tst.grizzly.attributes.Attribute.get(Attribute.java:126)
    at
tst.grizzly.ssl.SSLResourcesAccessor.getSSLEngine(SSLResourcesAccessor.java:98)
    at
tst.grizzly.ssl.SSLStreamReader.getSSLEngine(SSLStreamReader.java:134)
    at
tst.grizzly.ssl.SSLStreamReader.checkBuffers(SSLStreamReader.java:181)
    at tst.grizzly.ssl.SSLStreamReader.appendBuffer(SSLStreamReader.java:92)
    at
tst.grizzly.streams.StreamReaderDecorator$FeederCompletionHandler.completed(StreamReaderDecorator.java:176)
    at
tst.grizzly.nio.transport.TCPNIOStreamReader.notifyCondition(TCPNIOStreamReader.java:90)
    at
tst.grizzly.streams.AbstractStreamReader.notifyAvailable(AbstractStreamReader.java:580)
    at
tst.grizzly.streams.StreamReaderDecorator$FeederCompletionHandler.completed(StreamReaderDecorator.java:176)
    at
tst.grizzly.nio.transport.TCPNIOStreamReader.notifyCondition(TCPNIOStreamReader.java:90)
    at
tst.grizzly.streams.AbstractStreamReader.notifyAvailable(AbstractStreamReader.java:580)
    at
tst.grizzly.streams.StreamReaderDecorator$FeederCompletionHandler.completed(StreamReaderDecorator.java:176)
    at
tst.grizzly.nio.transport.TCPNIOStreamReader.notifyCondition(TCPNIOStreamReader.java:90)
    at
tst.grizzly.streams.AbstractStreamReader.notifyAvailable(AbstractStreamReader.java:580)
...
    at
tst.grizzly.streams.StreamReaderDecorator$FeederCompletionHandler.completed(StreamReaderDecorator.java:181)
    at
tst.grizzly.nio.transport.TCPNIOStreamReader.notifyCondition(TCPNIOStreamReader.java:90)

In the client log I see this:

[7][08-06-2009 14:43:25:583][main] [Logger::log] Exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert:
certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1542)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)

Now I know that I shouldn't use an expired certificate, but a StackOverflow
should not occur. 
-- 
View this message in context: http://www.nabble.com/Grizzly-2.0-M3%3A-java.lang.StackOverflowError-in-SSL-handshake%2C-when-using-expired-client-certificate-tp23923626p23923626.html
Sent from the Grizzly - Users mailing list archive at Nabble.com.
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.