search

jruby / jruby-ossl

DEFUNCT, new repository at:
https://github.com/jruby/jruby-openssl
47 stars 19 forks source link

Error establishing SSL connections: OpenSSL::SSL::SSLError: Socket closed #13

Open matthauck opened 12 years ago

matthauck commented 12 years ago

(Also logged this here: http://jira.codehaus.org/browse/JRUBY-6346 -- wasn't sure the best place to put it)

Mac OSX Lion, jruby 1.6.5.1, 1.9 mode, jruby-openssl 0.7.5.dev

I have been intermittently seeing "SSLError: Socket closed" upon connect, trying to establish an SSL socket connection. Hard to tell whether it was just my connection or not. Then I noticed that it happens without fail upon accept when running WEBrick in https mode--except from Safari. I mean, Webrick starts up okay, but when I navigate to https://localhost:3000 in my browser (though, strangely, Safari works fine), it fails with the following backtrace: —

org/jruby/ext/openssl/SSLSocket.java:227:in accept /Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/jruby-openssl-0.7.5.1.dev.ibm/lib/1.9/openssl/ssl-internal.rb:164:in accept /Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:159:in accept_client /Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:94:in start org/jruby/RubyArray.java:1612:in each /Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:91:in start /Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:22:in start /Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:81:in start /Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/rack-1.2.4/lib/rack/handler/webrick.rb:13:in run /Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/rack-1.2.4/lib/rack/server.rb:217:in start /Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/railties-3.0.10/lib/rails/commands/server.rb:65:in start /Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/railties-3.0.10/lib/rails/commands.rb:30:in (root) org/jruby/RubyKernel.java:1804:in tap /Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/railties-3.0.10/lib/rails/commands.rb:27:in (root) org/jruby/RubyKernel.java:1047:in require script/rails:59:in (root)

The failure in connect comes from the following code (from jtv-apns gem): — context = OpenSSL::SSL::SSLContext.new context.cert = cert context.key = pem sock = TCPSocket.new(host, port) ssl = OpenSSL::SSL::SSLSocket.new(sock, context) ssl.connect —

PS. I configured webrick to use SSL as detailed here: http://www.nearinfinity.com/blogs/chris_rohr/configuring_webrick_to_use_ssl.html

matthauck commented 12 years ago

It appears that in both places, the problem is happening in doHandshake() -- it is expecting there to be more data from the client / server (readAndUnwrap()) but there is none.

if(readAndUnwrap() == -1 && hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { throw new SSLHandshakeException("Socket closed"); }

matthauck commented 12 years ago

Okay, got jdb up and working. It is exiting here from lines 464-466 in readAndUnwrap():

if(status == SSLEngineResult.Status.CLOSED) { doShutdown(); return -1; }

hsStatus = "NEED_WRAP" peerNetData.hasRemaining() = false peerAppData.hasRemaining() = true

Reading peerAppData gives me a 96-long "0000<...>" string. Is there anything I can inspect here that might be of interest?