Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IOError with OpenSSL #connect_nonblock: Writing not possible during handshake #1715

Closed
Zapotek opened this Issue May 26, 2014 · 10 comments

Comments

Projects
None yet
4 participants
@Zapotek
Copy link

Zapotek commented May 26, 2014

Hey guys,

I've got another socket/SSL inconsistency between MRI and JRuby.
I'm not 100% sure but its root cause may be the same as #1694.

Code:

require 'socket'
require 'openssl'

def start_server( host, port )
    s = TCPServer.new( host, port )

    context                 = OpenSSL::SSL::SSLContext.new
    context.key             = OpenSSL::PKey::RSA.new( 2048 )
    context.cert            = OpenSSL::X509::Certificate.new
    context.cert.subject    = OpenSSL::X509::Name.new( [['CN', 'localhost']] )
    context.cert.issuer     = context.cert.subject
    context.cert.public_key = context.key
    context.cert.not_before = Time.now
    context.cert.not_after  = Time.now + 60 * 60 * 24
    context.verify_mode     = OpenSSL::SSL::VERIFY_NONE
    context.cert.version    = 2
    context.cert.serial     = 1
    context.cert.sign(context.key, OpenSSL::Digest::SHA1.new)

    OpenSSL::SSL::SSLServer.new( s, context )
end

def connect( host, port )
    context = OpenSSL::SSL::SSLContext.new
    context.verify_mode = OpenSSL::SSL::VERIFY_NONE

    s = OpenSSL::SSL::SSLSocket.new( TCPSocket.new( host, port ), context )
    s.sync_close = true

    begin
        s.connect_nonblock
        # Works with #connect
    rescue IO::WaitReadable, IO::WaitWritable
    end

    s
end

address = ['127.0.0.1', 7331]

server = start_server( *address )

t = Thread.new do
    puts "Got: #{server.accept.readpartial(1024).inspect}"
end

c = connect( *address )

p IO.select( nil, [c] )
# => [[], [#<OpenSSL::SSL::SSLSocket:0x7a21bdb8 @context=#<OpenSSL::SSL::SSLContext:0x469fea95 @verify_mode=0>, @eof=false, @sync_close=true, @rbuffer="", @hostname="", @io=#<TCPSocket:fd 17>, @sync=true>], []]

begin
    c.write 'stuff'
rescue => e
    p e
    # #<IOError: Writing not possible during handshake>
    puts e.backtrace.join( "\n" )
    # org/jruby/ext/openssl/SSLSocket.java:673:in `syswrite'
    # /home/zapotek/.rvm/rubies/jruby-1.7.12/lib/ruby/shared/jopenssl19/openssl/buffering.rb:318:in `do_write'
    # /home/zapotek/.rvm/rubies/jruby-1.7.12/lib/ruby/shared/jopenssl19/openssl/buffering.rb:336:in `write'
    # tmp/jruby_openssl.rb:51:in `(root)'

    t.kill
end

t.join

MRI 2.1.2:

Got: "stuff"

JRuby (jruby 1.7.12 (2.0.0p195) 2014-04-15 643e292 on Java HotSpot(TM) 64-Bit Server VM 1.7.0_55-b13 [linux-amd64]):

#<IOError: Writing not possible during handshake>
org/jruby/ext/openssl/SSLSocket.java:673:in `syswrite'
/home/zapotek/.rvm/rubies/jruby-1.7.12/lib/ruby/shared/jopenssl19/openssl/buffering.rb:318:in `do_write'
/home/zapotek/.rvm/rubies/jruby-1.7.12/lib/ruby/shared/jopenssl19/openssl/buffering.rb:336:in `write'
tmp/jruby_openssl.rb:52:in `(root)'

Cheers

@donv

This comment has been minimized.

Copy link
Member

donv commented May 26, 2014

Have you tried jruby-1_7 branch or master lately? I think maybe 2b172a7 may have fixed this. It addresses the same symptom at least.

@Zapotek

This comment has been minimized.

Copy link
Author

Zapotek commented May 26, 2014

Certainly looked like it was related but I just tried with master (rvm install jruby-head) and got the same error.

jruby 9000.dev-SNAPSHOT (2.1.2) 2014-05-26 7bf6b39 on Java HotSpot(TM) 64-Bit Server VM 1.7.0_55-b13 [linux-amd64]

@donv

This comment has been minimized.

Copy link
Member

donv commented May 26, 2014

That might be a delayed effect since the change is in ext/openssl which is a part of the jruby-openssl gem which may not be updated using RVM.

@mkristian might shed some light on this.

@Zapotek

This comment has been minimized.

Copy link
Author

Zapotek commented May 26, 2014

Ah, that makes sense. Not sure how to test it though.

@mkristian

This comment has been minimized.

Copy link
Member

mkristian commented May 26, 2014

yes possible that I need to push a new jruby-openssl gem for the build.
just do so now . . .

@mkristian

This comment has been minimized.

Copy link
Member

mkristian commented May 26, 2014

@Zapotek now the build on both master and jruby-1_7 will pick the latest jruby-openssl code. as far I understand RVM it will do the same.

@Zapotek

This comment has been minimized.

Copy link
Author

Zapotek commented May 26, 2014

I issued rvm reinstall jruby-head but got the same error when I ran the code.
I could be going something wrong, never tried to work with the repo jruby code before.

Not sure if it's helpful but the jruby-openssl gem on my system is called: jruby-openssl-0.9.5.dev-SNAPSHOT.gem [1]
Also, /home/zapotek/.rvm/repos/jruby/ext/openssl/src/main/java/org/jruby/ext/openssl/SSLSocket.java contains the 2b172a7 commit.

[1] Located at: /home/zapotek/.rvm/rubies/jruby-head/lib/target/jruby-openssl-0.9.5.dev-SNAPSHOT.gem

@mkristian

This comment has been minimized.

Copy link
Member

mkristian commented May 26, 2014

well, that is tricky - if you have the logs on jruby install then you need
to see something like

Downloaded:
https://oss.sonatype.org/content/repositories/snapshots/org/jruby/gems/jruby-openssl/0.9.5.dev-SNAPSHOT/jruby-openssl-0.9.5.dev-20140526.094409-6.gem(2649
KB at 872.1 KB/sec)

or the installed jar file must show the following length
$ ll /home/zapotek/.rvm/repos/jruby/lib/ruby/shared/jopenssl.jar
563245 lib/ruby/shared/jopenssl.jar

anyways since you had such nice test-case I tried it on the master branch
(with all the openssl patches in place) and got the same error as you
mentioned in the very beginning :(

@mkristian mkristian added the openssl label Jun 25, 2014

@Zapotek

This comment has been minimized.

Copy link
Author

Zapotek commented Aug 1, 2014

Has there been any progress on this?

@Zapotek

This comment has been minimized.

Copy link
Author

Zapotek commented Sep 8, 2014

Closing, root cause and workaround can be found at: #1694

@Zapotek Zapotek closed this Sep 8, 2014

@enebo enebo added this to the JRuby 1.7.16 milestone Sep 25, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.