Error establishing SSL connections: OpenSSL::SSL::SSLError: Socket closed #13

Open
matthauck opened this Issue Jan 17, 2012 · 2 comments

Projects

None yet

1 participant

@matthauck

(Also logged this here: http://jira.codehaus.org/browse/JRUBY-6346 -- wasn't sure the best place to put it)

Mac OSX Lion, jruby 1.6.5.1, 1.9 mode, jruby-openssl 0.7.5.dev

I have been intermittently seeing "SSLError: Socket closed" upon connect, trying to establish an SSL socket connection. Hard to tell whether it was just my connection or not. Then I noticed that it happens without fail upon accept when running WEBrick in https mode--except from Safari. I mean, Webrick starts up okay, but when I navigate to https://localhost:3000 in my browser (though, strangely, Safari works fine), it fails with the following backtrace:

#
org/jruby/ext/openssl/SSLSocket.java:227:in accept
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/jruby-openssl-0.7.5.1.dev.ibm/lib/1.9/openssl/ssl-internal.rb:164:in accept
/Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:159:in accept_client
/Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:94:in start
org/jruby/RubyArray.java:1612:in each
/Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:91:in start
/Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:22:in start
/Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:81:in start
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/rack-1.2.4/lib/rack/handler/webrick.rb:13:in run
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/rack-1.2.4/lib/rack/server.rb:217:in start
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/railties-3.0.10/lib/rails/commands/server.rb:65:in start
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/railties-3.0.10/lib/rails/commands.rb:30:in (root)
org/jruby/RubyKernel.java:1804:in tap
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/railties-3.0.10/lib/rails/commands.rb:27:in (root)
org/jruby/RubyKernel.java:1047:in require
script/rails:59:in (root)

The failure in connect comes from the following code (from jtv-apns gem):

context = OpenSSL::SSL::SSLContext.new
context.cert = cert
context.key = pem
sock = TCPSocket.new(host, port)
ssl = OpenSSL::SSL::SSLSocket.new(sock, context)
ssl.connect

PS. I configured webrick to use SSL as detailed here: http://www.nearinfinity.com/blogs/chris_rohr/configuring_webrick_to_use_ssl.html

@matthauck

It appears that in both places, the problem is happening in doHandshake() -- it is expecting there to be more data from the client / server (readAndUnwrap()) but there is none.

if(readAndUnwrap() == -1 && hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
throw new SSLHandshakeException("Socket closed");
}

@matthauck

Okay, got jdb up and working. It is exiting here from lines 464-466 in readAndUnwrap():

if(status == SSLEngineResult.Status.CLOSED) {
doShutdown();
return -1;
}

hsStatus = "NEED_WRAP"
peerNetData.hasRemaining() = false
peerAppData.hasRemaining() = true

Reading peerAppData gives me a 96-long "0000<...>" string. Is there anything I can inspect here that might be of interest?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment