Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8293657: sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 failed with "SSLHandshakeException: Remote host terminated the handshake" #10323

Closed
wants to merge 1 commit into from

Conversation

jaikiran
Copy link
Member

@jaikiran jaikiran commented Sep 18, 2022

Can I please get a review of this change which proposes to fix the intermittent failures noted in https://bugs.openjdk.org/browse/JDK-8293657?

There are two parts to this fix. One is straightforward fix in the test configuration file where it uses an incompatible cipher suite with the enabled protocols. The details of that are noted in my comment in the JBS https://bugs.openjdk.org/browse/JDK-8293657?focusedCommentId=14524400&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-14524400. The fix for that resides solely in management_ssltest07_ok.properties.in file.

The more curious part was why this specific test configuration is ever passing instead of always failing. That turned out to be a bug in the sun.management.jmxremote.HostAwareSslSocketFactory. The (internal implementation detail) in sun.rmi.transport.tcp.TCPEndpoint holds a cache of localEndpoints which effectively are server and client socket factories that get used when creating the corresponding socket/server sockets. The cache uses a key, whose one component is the HostAwareSslSocketFactory instance. This class extends from javax.rmi.ssl.SslRMIServerSocketFactory which is where the equals() is implemented for the HostAwareSslSocketFactory instances. The bug resides in the fact that the current implementation of the HostAwareSslSocketFactory constructor doesn't pass to its super the enabledCipherSuites, enabledProtocols and needClientAuth values with which the HostAwareSslSocketFactory was constructed with. Instead it stores these values as private members and thus the SslRMIServerSocketFactory has its own version of these members as null. The SslRMIServerSocketFactory uses these values in its equals implementation and thus ends up computing a wrong output from the equals call. This ultimately ends up with the (internal) TCPEndpoint returning an incorrect (server) socket factory that gets used during the client/server communication. What this means is that the restrictions imposed on enabled protocols and enabled cipher suites in management_ssltest07_ok.properties.in aren't taken into account and instead a different set of (lenient) configurations for these attributes gets used (because of the cached socket factory constructed for a previous run of a different test configuration).

The commit in this PR fixes the HostAwareSslSocketFactory to correctly pass to its super the enabled protocols, enabled cipher suites and the client auth mode, instead of saving that state (only) in HostAwareSslSocketFactory.

Additionally the commit removes this test from the problem listing.


Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue

Issue

  • JDK-8293657: sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 failed with "SSLHandshakeException: Remote host terminated the handshake"

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/10323/head:pull/10323
$ git checkout pull/10323

Update a local copy of the PR:
$ git checkout pull/10323
$ git pull https://git.openjdk.org/jdk pull/10323/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 10323

View PR using the GUI difftool:
$ git pr show -t 10323

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/10323.diff

… failed with "SSLHandshakeException: Remote host terminated the handshake"
@bridgekeeper
Copy link

bridgekeeper bot commented Sep 18, 2022

👋 Welcome back jpai! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot added the rfr Pull request is ready for review label Sep 18, 2022
@openjdk
Copy link

openjdk bot commented Sep 18, 2022

@jaikiran The following labels will be automatically applied to this pull request:

  • jmx
  • serviceability

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

@openjdk openjdk bot added serviceability serviceability-dev@openjdk.org jmx jmx-dev@openjdk.org labels Sep 18, 2022
@mlbridge
Copy link

mlbridge bot commented Sep 18, 2022

Webrevs

@kevinjwalls
Copy link
Contributor

Great investigation, of what must be a long-standing issue. Looks good.

@jaikiran
Copy link
Member Author

Thank you Kevin for the review.

Copy link
Member

@dfuch dfuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had a look at the RMIServerSocketFactory hierarchy and the proposed changes look reasonable.

@openjdk
Copy link

openjdk bot commented Sep 22, 2022

@jaikiran This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8293657: sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 failed with "SSLHandshakeException: Remote host terminated the handshake"

Reviewed-by: kevinw, dfuchs

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 69 new commits pushed to the master branch:

  • 3fa6778: 8292296: Use multiple threads to process ParallelGC deferred updates
  • 800e68d: 8292044: HttpClient doesn't handle 102 or 103 properly
  • 83abfa5: 8255670: Improve C2's detection of modified nodes
  • 5652030: 8292376: A few Swing methods use inheritDoc on exceptions which are not inherited
  • 03f287d: 8293995: Problem list sun/tools/jstatd/TestJstatdRmiPort.java on all platforms because of 8293577
  • d5bee4a: 8294086: RISC-V: Cleanup InstructionMark usages in the backend
  • 47f233a: 8292202: modules_do is called without Module_lock
  • 742bc04: 8294100: RISC-V: Move rt_call and xxx_move from SharedRuntime to MacroAssembler
  • 2283c32: 8294149: JMH 1.34 and later requires jopt-simple 5.0.4
  • 9f90eb0: 8294062: Improve parsing performance of j.l.c.MethodTypeDesc
  • ... and 59 more: https://git.openjdk.org/jdk/compare/cfd44bb2cd4f2fdbfc15a7a76757a92c0a557439...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Sep 22, 2022
@jaikiran
Copy link
Member Author

Thank you Daniel for your review.

My tier1,tier2,tier3 testing which change went fine without any issues.

@jaikiran
Copy link
Member Author

/integrate

@openjdk
Copy link

openjdk bot commented Sep 23, 2022

Going to push as commit f6d78cd.
Since your change was applied there have been 81 commits pushed to the master branch:

  • a4dc035: 8290910: Wrong memory state is picked in SuperWord::co_locate_pack()
  • f3ba332: 8294183: AArch64: Wrong macro check in SharedRuntime::generate_deopt_blob
  • df53fa7: 8292328: AccessibleActionsTest.java test instruction for show popup on JLabel did not specify shift key
  • 5285035: 8294075: gtest/AsyncLogGtest crashes with SEGV
  • 696287d: 8294037: Using alias template to unify hashtables in AsyncLogWriter
  • 48cc156: 8293331: Refactor FileDispatcherImpl into operating system-specific components
  • f751e60: 8294197: Zero: JVM_handle_linux_signal should not assume deopt NOPs
  • 4a6060b: 8294190: Incorrect check messages in SharedRuntime::generate_uncommon_trap_blob
  • 0be2b2c: 8292756: java.lang.AssertionError at at jdk.compiler/com.sun.tools.javac.code.Scope$ScopeImpl.leave(Scope.java:386)
  • bc2af47: 8254711: Add java.security.Provider.getService JFR Event
  • ... and 71 more: https://git.openjdk.org/jdk/compare/cfd44bb2cd4f2fdbfc15a7a76757a92c0a557439...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Sep 23, 2022
@openjdk openjdk bot closed this Sep 23, 2022
@openjdk openjdk bot removed ready Pull request is ready to be integrated rfr Pull request is ready for review labels Sep 23, 2022
@openjdk
Copy link

openjdk bot commented Sep 23, 2022

@jaikiran Pushed as commit f6d78cd.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@jaikiran jaikiran deleted the 8293657 branch September 23, 2022 04:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
integrated Pull request has been integrated jmx jmx-dev@openjdk.org serviceability serviceability-dev@openjdk.org
3 participants