Salut,
JopieC wrote:
> In the Server I used:
>
> ...
> boolean clientMode = false;
> boolean needClientAuth = true;
> boolean wantClientAuth = true;
>
> c = new SSLEngineConfigurator(sslContext, clientMode,
> needClientAuth, wantClientAuth);
> ...
>
> Then I ordered the client to use an expired certificate:
>
> found key for : ...
> chain [0] = [
> [
> Version: V3
> Subject: CN=..., OU=..., O=... L=..., ST=..., C=...
> Signature Algorithm: MD5withRSA, OID = ...
>
> Key: Sun RSA public key, 1024 bits
> modulus: ...
> public exponent: 65537
> Validity: [From: Wed Jun 16 12:13:13 MEST 2004,
> To: Sun Jun 26 13:30:00 MEST 2005]
>
> Then in the server a java.lang.StackOverflowError occurs:
>
> java.security.cert.CertificateExpiredException: NotAfter: Sun Jun 26
> 13:30:00 MEST 2005
> WTP(0), SEND SSLv3 ALERT: fatal, description = certificate_unknown
> WTP(0), WRITE: SSLv3 Alert, length = 2
> WTP(0), fatal: engine already closed. Rethrowing
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> [Raw write]: length = 7
> 0000: 15 03 00 00 02 02 2E .......
> Jun 8, 2009 2:26:45 PM tst.grizzly.ProcessorRunnable logException
> WARNING: Processor execution exception. Processor:
> tst.grizzly.filterchain.DefaultFilterChain_at_7b4703 Context:
> FilterChainContext
> [connection=tst.grizzly.nio.transport.TCPNIOConnection_at_5c3987[localaddress=/192.168.201.9:10078,
> peeraddress=/192.168.201.12:24624], message=null, address=null,
> executedFilters=tst.grizzly.utils.LightArrayList_at_1e184ea]
> java.lang.StackOverflowError
> at
> tst.grizzly.attributes.IndexedAttributeHolder$IndexedAttributeAccessorImpl.getAttribute(IndexedAttributeHolder.java:161)
> at tst.grizzly.attributes.Attribute.weakGet(Attribute.java:264)
> at tst.grizzly.attributes.Attribute.get(Attribute.java:100)
> at tst.grizzly.attributes.Attribute.get(Attribute.java:126)
> at
> tst.grizzly.ssl.SSLResourcesAccessor.getSSLEngine(SSLResourcesAccessor.java:98)
> at
> tst.grizzly.ssl.SSLStreamReader.getSSLEngine(SSLStreamReader.java:134)
> at
> tst.grizzly.ssl.SSLStreamReader.checkBuffers(SSLStreamReader.java:181)
> at tst.grizzly.ssl.SSLStreamReader.appendBuffer(SSLStreamReader.java:92)
> at
> tst.grizzly.streams.StreamReaderDecorator$FeederCompletionHandler.completed(StreamReaderDecorator.java:176)
> at
> tst.grizzly.nio.transport.TCPNIOStreamReader.notifyCondition(TCPNIOStreamReader.java:90)
> at
> tst.grizzly.streams.AbstractStreamReader.notifyAvailable(AbstractStreamReader.java:580)
> at
> tst.grizzly.streams.StreamReaderDecorator$FeederCompletionHandler.completed(StreamReaderDecorator.java:176)
> at
> tst.grizzly.nio.transport.TCPNIOStreamReader.notifyCondition(TCPNIOStreamReader.java:90)
> at
> tst.grizzly.streams.AbstractStreamReader.notifyAvailable(AbstractStreamReader.java:580)
> at
> tst.grizzly.streams.StreamReaderDecorator$FeederCompletionHandler.completed(StreamReaderDecorator.java:176)
> at
> tst.grizzly.nio.transport.TCPNIOStreamReader.notifyCondition(TCPNIOStreamReader.java:90)
> at
> tst.grizzly.streams.AbstractStreamReader.notifyAvailable(AbstractStreamReader.java:580)
> ...
> at
> tst.grizzly.streams.StreamReaderDecorator$FeederCompletionHandler.completed(StreamReaderDecorator.java:181)
> at
> tst.grizzly.nio.transport.TCPNIOStreamReader.notifyCondition(TCPNIOStreamReader.java:90)
>
> In the client log I see this:
>
> [7][08-06-2009 14:43:25:583][main] [Logger::log] Exception:
> javax.net.ssl.SSLHandshakeException: Received fatal alert:
> certificate_unknown
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1542)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
>
> Now I know that I shouldn't use an expired certificate, but a StackOverflow
> should not occur.
True. I think this is related to:
http://www.nabble.com/Grizzly-2.0-M3-infinite-loop-hang-in-SSL-handshake-td23870143.html
I will take a look as soon as I can. Do you have a simple test case I
can use?
Thanks
-- Jeanfrancois