Client-Server with SSL hangs if TrustManager throws exception

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Client-Server with SSL hangs if TrustManager throws exception

Siim Annuk
Hello!

When using SSL (with custom Trust/KeyManagers) in Jetty in a
client-server environment, the program hangs and times out if the
TrustManager throws an exception during handshake.

For example, if the TrustManager.checkServerTrusted method simply throws
an CertificateException, the program does not terminate with an
exception and just waits until the client times out. The exception that
is thrown is only logged and a "General SSLEngine problem" appears.

So, the question is, how should SSL error handling be done in such case?

I have attached a simple client-server program that triggers the behaviour.

Best regards,
Siim Annuk


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

CertificateExceptionTest.java (9K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Client-Server with SSL hangs if TrustManager throws exception

Simone Bordet-2
Hi,

On Thu, Nov 22, 2012 at 2:08 PM, Siim Annuk <[hidden email]> wrote:

> Hello!
>
> When using SSL (with custom Trust/KeyManagers) in Jetty in a client-server
> environment, the program hangs and times out if the TrustManager throws an
> exception during handshake.
>
> For example, if the TrustManager.checkServerTrusted method simply throws an
> CertificateException, the program does not terminate with an exception and
> just waits until the client times out. The exception that is thrown is only
> logged and a "General SSLEngine problem" appears.
>
> So, the question is, how should SSL error handling be done in such case?
>
> I have attached a simple client-server program that triggers the behaviour.

Can you please attach your comments and test to a bugzilla here:
https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty ?

Thanks,

Simon
--
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
----
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email