Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IOError with OpenSSL #connect_nonblock: Writing not possible during handshake #1715

Closed
Zapotek opened this issue May 26, 2014 · 10 comments
Closed
Labels
Milestone

Comments

@Zapotek
Copy link

@Zapotek Zapotek commented May 26, 2014

Hey guys,

I've got another socket/SSL inconsistency between MRI and JRuby.
I'm not 100% sure but its root cause may be the same as #1694.

Code:

require 'socket'
require 'openssl'

def start_server( host, port )
    s = TCPServer.new( host, port )

    context                 = OpenSSL::SSL::SSLContext.new
    context.key             = OpenSSL::PKey::RSA.new( 2048 )
    context.cert            = OpenSSL::X509::Certificate.new
    context.cert.subject    = OpenSSL::X509::Name.new( [['CN', 'localhost']] )
    context.cert.issuer     = context.cert.subject
    context.cert.public_key = context.key
    context.cert.not_before = Time.now
    context.cert.not_after  = Time.now + 60 * 60 * 24
    context.verify_mode     = OpenSSL::SSL::VERIFY_NONE
    context.cert.version    = 2
    context.cert.serial     = 1
    context.cert.sign(context.key, OpenSSL::Digest::SHA1.new)

    OpenSSL::SSL::SSLServer.new( s, context )
end

def connect( host, port )
    context = OpenSSL::SSL::SSLContext.new
    context.verify_mode = OpenSSL::SSL::VERIFY_NONE

    s = OpenSSL::SSL::SSLSocket.new( TCPSocket.new( host, port ), context )
    s.sync_close = true

    begin
        s.connect_nonblock
        # Works with #connect
    rescue IO::WaitReadable, IO::WaitWritable
    end

    s
end

address = ['127.0.0.1', 7331]

server = start_server( *address )

t = Thread.new do
    puts "Got: #{server.accept.readpartial(1024).inspect}"
end

c = connect( *address )

p IO.select( nil, [c] )
# => [[], [#<OpenSSL::SSL::SSLSocket:0x7a21bdb8 @context=#<OpenSSL::SSL::SSLContext:0x469fea95 @verify_mode=0>, @eof=false, @sync_close=true, @rbuffer="", @hostname="", @io=#<TCPSocket:fd 17>, @sync=true>], []]

begin
    c.write 'stuff'
rescue => e
    p e
    # #<IOError: Writing not possible during handshake>
    puts e.backtrace.join( "\n" )
    # org/jruby/ext/openssl/SSLSocket.java:673:in `syswrite'
    # /home/zapotek/.rvm/rubies/jruby-1.7.12/lib/ruby/shared/jopenssl19/openssl/buffering.rb:318:in `do_write'
    # /home/zapotek/.rvm/rubies/jruby-1.7.12/lib/ruby/shared/jopenssl19/openssl/buffering.rb:336:in `write'
    # tmp/jruby_openssl.rb:51:in `(root)'

    t.kill
end

t.join

MRI 2.1.2:

Got: "stuff"

JRuby (jruby 1.7.12 (2.0.0p195) 2014-04-15 643e292 on Java HotSpot(TM) 64-Bit Server VM 1.7.0_55-b13 [linux-amd64]):

#<IOError: Writing not possible during handshake>
org/jruby/ext/openssl/SSLSocket.java:673:in `syswrite'
/home/zapotek/.rvm/rubies/jruby-1.7.12/lib/ruby/shared/jopenssl19/openssl/buffering.rb:318:in `do_write'
/home/zapotek/.rvm/rubies/jruby-1.7.12/lib/ruby/shared/jopenssl19/openssl/buffering.rb:336:in `write'
tmp/jruby_openssl.rb:52:in `(root)'

Cheers

@donv
Copy link
Member

@donv donv commented May 26, 2014

Have you tried jruby-1_7 branch or master lately? I think maybe 2b172a7 may have fixed this. It addresses the same symptom at least.

@Zapotek
Copy link
Author

@Zapotek Zapotek commented May 26, 2014

Certainly looked like it was related but I just tried with master (rvm install jruby-head) and got the same error.

jruby 9000.dev-SNAPSHOT (2.1.2) 2014-05-26 7bf6b39 on Java HotSpot(TM) 64-Bit Server VM 1.7.0_55-b13 [linux-amd64]

@donv
Copy link
Member

@donv donv commented May 26, 2014

That might be a delayed effect since the change is in ext/openssl which is a part of the jruby-openssl gem which may not be updated using RVM.

@mkristian might shed some light on this.

@Zapotek
Copy link
Author

@Zapotek Zapotek commented May 26, 2014

Ah, that makes sense. Not sure how to test it though.

@mkristian
Copy link
Member

@mkristian mkristian commented May 26, 2014

yes possible that I need to push a new jruby-openssl gem for the build.
just do so now . . .

@mkristian
Copy link
Member

@mkristian mkristian commented May 26, 2014

@Zapotek now the build on both master and jruby-1_7 will pick the latest jruby-openssl code. as far I understand RVM it will do the same.

@Zapotek
Copy link
Author

@Zapotek Zapotek commented May 26, 2014

I issued rvm reinstall jruby-head but got the same error when I ran the code.
I could be going something wrong, never tried to work with the repo jruby code before.

Not sure if it's helpful but the jruby-openssl gem on my system is called: jruby-openssl-0.9.5.dev-SNAPSHOT.gem [1]
Also, /home/zapotek/.rvm/repos/jruby/ext/openssl/src/main/java/org/jruby/ext/openssl/SSLSocket.java contains the 2b172a7 commit.

[1] Located at: /home/zapotek/.rvm/rubies/jruby-head/lib/target/jruby-openssl-0.9.5.dev-SNAPSHOT.gem

@mkristian
Copy link
Member

@mkristian mkristian commented May 26, 2014

well, that is tricky - if you have the logs on jruby install then you need
to see something like

Downloaded:
https://oss.sonatype.org/content/repositories/snapshots/org/jruby/gems/jruby-openssl/0.9.5.dev-SNAPSHOT/jruby-openssl-0.9.5.dev-20140526.094409-6.gem(2649
KB at 872.1 KB/sec)

or the installed jar file must show the following length
$ ll /home/zapotek/.rvm/repos/jruby/lib/ruby/shared/jopenssl.jar
563245 lib/ruby/shared/jopenssl.jar

anyways since you had such nice test-case I tried it on the master branch
(with all the openssl patches in place) and got the same error as you
mentioned in the very beginning :(

@Zapotek
Copy link
Author

@Zapotek Zapotek commented Aug 1, 2014

Has there been any progress on this?

@Zapotek
Copy link
Author

@Zapotek Zapotek commented Sep 8, 2014

Closing, root cause and workaround can be found at: #1694

@Zapotek Zapotek closed this Sep 8, 2014
@enebo enebo added this to the JRuby 1.7.16 milestone Sep 25, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants