New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Owner can't register with node #547

Closed
fkleedorfer opened this Issue May 19, 2016 · 9 comments

Comments

Projects
None yet
1 participant
@fkleedorfer
Member

fkleedorfer commented May 19, 2016

When starting both applications within the same tomcat, in the right order (first node, then owner), the register step fails with an exception:

org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://192.168.124.49:8443/won/resource?register=owner":Software caused connection abort: socket write error; nested exception is java.net.SocketException: Software caused connection abort: socket write error
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:584) ~[spring-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:529) ~[spring-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:447) ~[spring-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at won.cryptography.service.RegistrationRestClientHttps.register(RegistrationRestClientHttps.java:75) ~[won-core-0.2-SNAPSHOT.jar:na]
    at won.owner.messaging.OwnerProtocolCommunicationServiceImpl.register(OwnerProtocolCommunicationServiceImpl.java:95) ~[won-owner-0.2-SNAPSHOT.jar:na]
    at won.owner.messaging.OwnerWonMessageSenderJMSBased$1.run(OwnerWonMessageSenderJMSBased.java:150) ~[won-owner-0.2-SNAPSHOT.jar:na]
Caused by: java.net.SocketException: Software caused connection abort: socket write error
    at java.net.SocketOutputStream.socketWrite0(Native Method) ~[na:1.8.0_92]
    at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:109) ~[na:1.8.0_92]
    at java.net.SocketOutputStream.write(SocketOutputStream.java:153) ~[na:1.8.0_92]
    at sun.security.ssl.OutputRecord.writeBuffer(OutputRecord.java:431) ~[na:1.8.0_92]
    at sun.security.ssl.OutputRecord.write(OutputRecord.java:417) ~[na:1.8.0_92]
    at sun.security.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:876) ~[na:1.8.0_92]
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:847) ~[na:1.8.0_92]
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:717) ~[na:1.8.0_92]
    at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1077) ~[na:1.8.0_92]
    at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1222) ~[na:1.8.0_92]
    at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1134) ~[na:1.8.0_92]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) ~[na:1.8.0_92]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_92]
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_92]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_92]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_92]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_92]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_92]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275) ~[httpclient-4.3.5.jar:4.3.5]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254) ~[httpclient-4.3.5.jar:4.3.5]
    at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123) ~[httpclient-4.3.5.jar:4.3.5]
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318) ~[httpclient-4.3.5.jar:4.3.5]
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) ~[httpclient-4.3.5.jar:4.3.5]
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) ~[httpclient-4.3.5.jar:4.3.5]
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) ~[httpclient-4.3.5.jar:4.3.5]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) ~[httpclient-4.3.5.jar:4.3.5]
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) ~[httpclient-4.3.5.jar:4.3.5]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.3.5.jar:4.3.5]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[httpclient-4.3.5.jar:4.3.5]
    at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:91) ~[spring-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) ~[spring-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53) ~[spring-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:568) ~[spring-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
    ... 5 common frames omitted

@fkleedorfer fkleedorfer added the bug label May 19, 2016

@fkleedorfer

This comment has been minimized.

Show comment
Hide comment
@fkleedorfer

fkleedorfer May 19, 2016

Member

Isolated the issue:
The above steps (starting node then owner) work in tomcat 8.0.30 and earlier versions and stops working with tomcat 8.0.32 (there is no .31 version).
More debugging (using the system property -Djavax.net.debug=all ) showed that it is the TLS handshake fails because the client certificate we're sending is not accepted. The TLS spec is not strict in prescribing how the server should handle our case (a self-signed client cert), and APR was the only TLS implementation for tomcat 8 that accepted those (using SSLVerifyClient="optionalNoCA"). However, it seems that this behaviour has changed:
tomcat 8.0.30 uses tcnative version 1.1.33.0, OpenSSL 1.0.1m 19 Mar 2015 (works for us)
tomcat 8.0.32 uses tcnative version 1.2.4.0 , OpenSSL 1.0.2e 3 Dec 2015 (doesn't work for us)
tomcat 8.0.33 uses tcnative version 1.2.5.0 , OpenSSL 1.0.2g 1 Mar 2016 (doesn't work for us)

I'm guessing that this change is responsible for our problems.

Member

fkleedorfer commented May 19, 2016

Isolated the issue:
The above steps (starting node then owner) work in tomcat 8.0.30 and earlier versions and stops working with tomcat 8.0.32 (there is no .31 version).
More debugging (using the system property -Djavax.net.debug=all ) showed that it is the TLS handshake fails because the client certificate we're sending is not accepted. The TLS spec is not strict in prescribing how the server should handle our case (a self-signed client cert), and APR was the only TLS implementation for tomcat 8 that accepted those (using SSLVerifyClient="optionalNoCA"). However, it seems that this behaviour has changed:
tomcat 8.0.30 uses tcnative version 1.1.33.0, OpenSSL 1.0.1m 19 Mar 2015 (works for us)
tomcat 8.0.32 uses tcnative version 1.2.4.0 , OpenSSL 1.0.2e 3 Dec 2015 (doesn't work for us)
tomcat 8.0.33 uses tcnative version 1.2.5.0 , OpenSSL 1.0.2g 1 Mar 2016 (doesn't work for us)

I'm guessing that this change is responsible for our problems.

@fkleedorfer

This comment has been minimized.

Show comment
Hide comment
@fkleedorfer
Member

fkleedorfer commented May 19, 2016

docker/compose#890 may be related

@fkleedorfer

This comment has been minimized.

Show comment
Hide comment
@fkleedorfer
Member

fkleedorfer commented May 19, 2016

@fkleedorfer

This comment has been minimized.

Show comment
Hide comment
@fkleedorfer

fkleedorfer May 19, 2016

Member

Note: how to get more verbose logging from tomcat:

  1. pass this to tomcat: -Djava.util.logging.config.file=/some/path/to/logging.properties
  2. use these contents of that file:
handlers = java.util.logging.ConsoleHandler

############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
org.apache.level=ALL
java.util.logging.ConsoleHandler.level=ALL
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
Member

fkleedorfer commented May 19, 2016

Note: how to get more verbose logging from tomcat:

  1. pass this to tomcat: -Djava.util.logging.config.file=/some/path/to/logging.properties
  2. use these contents of that file:
handlers = java.util.logging.ConsoleHandler

############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
org.apache.level=ALL
java.util.logging.ConsoleHandler.level=ALL
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
@fkleedorfer

This comment has been minimized.

Show comment
Hide comment
@fkleedorfer

fkleedorfer May 24, 2016

Member

Posted the question into the tomcat-users mailing list http://mail-archives.apache.org/mod_mbox/tomcat-users/201605.mbox/browser

Member

fkleedorfer commented May 24, 2016

Posted the question into the tomcat-users mailing list http://mail-archives.apache.org/mod_mbox/tomcat-users/201605.mbox/browser

@fkleedorfer

This comment has been minimized.

Show comment
Hide comment
@fkleedorfer

fkleedorfer May 24, 2016

Member

Posted into the apache bugtracker for tomcat native https://bz.apache.org/bugzilla/show_bug.cgi?id=59616

Member

fkleedorfer commented May 24, 2016

Posted into the apache bugtracker for tomcat native https://bz.apache.org/bugzilla/show_bug.cgi?id=59616

@fkleedorfer fkleedorfer self-assigned this May 30, 2016

@fkleedorfer

This comment has been minimized.

Show comment
Hide comment
@fkleedorfer

fkleedorfer Jun 17, 2016

Member

Closing this as it has been reproduced by a tomcat committer and we cannot really do anything about it currently

Member

fkleedorfer commented Jun 17, 2016

Closing this as it has been reproduced by a tomcat committer and we cannot really do anything about it currently

@fkleedorfer

This comment has been minimized.

Show comment
Hide comment
@fkleedorfer

fkleedorfer Jun 20, 2016

Member

For the record: the bug has been fixed: https://bz.apache.org/bugzilla/show_bug.cgi?id=59616#c6

1.1.x is not affected.
1.2.0 to 1.2.7 is affected.
This has been fixed in 1.2.x and will be included in 1.2.8 onwards.
Member

fkleedorfer commented Jun 20, 2016

For the record: the bug has been fixed: https://bz.apache.org/bugzilla/show_bug.cgi?id=59616#c6

1.1.x is not affected.
1.2.0 to 1.2.7 is affected.
This has been fixed in 1.2.x and will be included in 1.2.8 onwards.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment