SslSocketConnector loops forever during initialization

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

SslSocketConnector loops forever during initialization

wsharten
During initialization, Jetty's SslSocketConnector goes into an
infinite loop, apparently while SSL is trying to close something in
its Finalizer.

It's not a browser issue; it happens during startup before any browser
requests are sent.  The SSL certificates get added ok and
SecureRandom() completes, then 'Finalizer' tries to close something
and report it, looping forever.

I get this on two separate linux boxes using java versions 1.5.0_14
and 1.5.0_04.

Does anyone have SslSocketConnector working on linux?  Does anyone
know what is wrong? Are there any alternatives that would let me still
use Jetty but with SSL?

Here's the program, followed by the output.

Program:
package uniflow;

import org.mortbay.jetty.Server;
import org.mortbay.jetty.security.SslSocketConnector;

public class JettySSL
{
 public static void main (String[] args)
 {
   try {
    Server server = new Server();

    SslSocketConnector sslConnector =  new SslSocketConnector();
    sslConnector.setPort(443);
    sslConnector.setMaxIdleTime(30000);
    sslConnector.setKeystore("/home/uniflow/keystore");
    sslConnector.setTruststore("/home/uniflow/keystore");
    sslConnector.setPassword("snow1226");
    sslConnector.setKeyPassword("snow1226");
    sslConnector.setTrustPassword("snow1226");
    server.addConnector (sslConnector);

    server.start();
    server.join();
   } catch (Exception e) {e.printStackTrace();}
 }
}

Output:

adding as trusted cert:
 Subject: CN=uniflowlims.com, OU=Domain Control Validated, O=uniflowlims.com
 Issuer:  EMAILADDRESS=[hidden email], CN=Starfield
Secure Certification Authority, OU=
http://www.starfieldtech.com/repository, O="Starfield Technologies,
Inc.", L=Scottsdale, ST=Arizona, C=US
 Algorithm: RSA; Serial number: 0x3e1958
 Valid from Mon Jun 26 16:55:55 CDT 2006 until Thu Jun 26 16:55:55 CDT 2008

adding as trusted cert:
 Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US
 Issuer:  EMAILADDRESS=[hidden email], CN=http://www.valicert.com/,
OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
 Algorithm: RSA; Serial number: 0x10d
 Valid from Tue Jun 29 12:06:20 CDT 2004 until Sat Jun 29 12:06:20 CDT 2024

trigger seeding of SecureRandom
done seeding SecureRandom
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
...
-----these last 4 lines loop forever, until filehandles run out.  Then I get:
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
Finalizer, Exception sending alert: java.net.SocketException: Too many
open files
...
-----These loop forever until memory runs out.

Thanks.

Bill

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support
Reply | Threaded
Open this post in threaded view
|

Re: SslSocketConnector loops forever during initialization

Greg Wilkins

Bill,

I can't see anything obviously wrong with this code.

Jetty is developed on linux, so it definitely runs.
Can you try running this code with the keystore and passwords
shipped with Jetty?

Also - which version of Jetty are you using?

Finally, getting a thread dump with kill -3 would be very useful
while the jvm is in the infinite loop.

cheers



Bill Harten wrote:

> During initialization, Jetty's SslSocketConnector goes into an
> infinite loop, apparently while SSL is trying to close something in
> its Finalizer.
>
> It's not a browser issue; it happens during startup before any browser
> requests are sent.  The SSL certificates get added ok and
> SecureRandom() completes, then 'Finalizer' tries to close something
> and report it, looping forever.
>
> I get this on two separate linux boxes using java versions 1.5.0_14
> and 1.5.0_04.
>
> Does anyone have SslSocketConnector working on linux?  Does anyone
> know what is wrong? Are there any alternatives that would let me still
> use Jetty but with SSL?
>
> Here's the program, followed by the output.
>
> Program:
> package uniflow;
>
> import org.mortbay.jetty.Server;
> import org.mortbay.jetty.security.SslSocketConnector;
>
> public class JettySSL
> {
>  public static void main (String[] args)
>  {
>    try {
>     Server server = new Server();
>
>     SslSocketConnector sslConnector =  new SslSocketConnector();
>     sslConnector.setPort(443);
>     sslConnector.setMaxIdleTime(30000);
>     sslConnector.setKeystore("/home/uniflow/keystore");
>     sslConnector.setTruststore("/home/uniflow/keystore");
>     sslConnector.setPassword("snow1226");
>     sslConnector.setKeyPassword("snow1226");
>     sslConnector.setTrustPassword("snow1226");
>     server.addConnector (sslConnector);
>
>     server.start();
>     server.join();
>    } catch (Exception e) {e.printStackTrace();}
>  }
> }
>
> Output:
>
> adding as trusted cert:
>  Subject: CN=uniflowlims.com, OU=Domain Control Validated, O=uniflowlims.com
>  Issuer:  EMAILADDRESS=[hidden email], CN=Starfield
> Secure Certification Authority, OU=
> http://www.starfieldtech.com/repository, O="Starfield Technologies,
> Inc.", L=Scottsdale, ST=Arizona, C=US
>  Algorithm: RSA; Serial number: 0x3e1958
>  Valid from Mon Jun 26 16:55:55 CDT 2006 until Thu Jun 26 16:55:55 CDT 2008
>
> adding as trusted cert:
>  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
> Group, Inc.", C=US
>  Issuer:  EMAILADDRESS=[hidden email], CN=http://www.valicert.com/,
> OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
>  Algorithm: RSA; Serial number: 0x10d
>  Valid from Tue Jun 29 12:06:20 CDT 2004 until Sat Jun 29 12:06:20 CDT 2024
>
> trigger seeding of SecureRandom
> done seeding SecureRandom
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
> Finalizer, WRITE: TLSv1 Alert, length = 2
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
> Finalizer, WRITE: TLSv1 Alert, length = 2
> ...
> -----these last 4 lines loop forever, until filehandles run out.  Then I get:
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
> Finalizer, Exception sending alert: java.net.SocketException: Too many
> open files
> ...
> -----These loop forever until memory runs out.
>
> Thanks.
>
> Bill
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Jetty-support mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/jetty-support
>


--
Greg Wilkins<[hidden email]>                       US:  +1  3104915462
http://www.webtide.com           UK: +44(0)2079932589 AU: +61(0)417786631

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support
Reply | Threaded
Open this post in threaded view
|

Re: [Jetty-support] SslSocketConnector loops forever during initialization

wsharten
Greg,

You considered this problem last January.  I have been unable to make any progress on it because of other duties, but it has become a crisis. 
  • Is this something I could hire your firm to get working for me at my internet server with my GoDaddy SSL certificate?
  • How much / how soon? 
  • Could we do this through our goToMeeting/WebEx connection or some other way I could watch so that I didn't have to give you a userId and password?

I have been running Jetty 6.0.1.  I have attached the java source that invokes Jetty that I have to get running, in case you want to look at it.\

Thank you.

Bill
--
Bill Harten, UNIConnect LC
[hidden email] www.uniconnect.com
Phone +1 801 560 1080 Fax +1 801 298 1595
888 West 2000 South, Woods Cross, UT, 84087-2173 USA



On Sat, Jan 5, 2008 at 5:45 PM, Greg Wilkins <[hidden email]> wrote:

Bill,

I can't see anything obviously wrong with this code.

Jetty is developed on linux, so it definitely runs.
Can you try running this code with the keystore and passwords
shipped with Jetty?

Also - which version of Jetty are you using?

Finally, getting a thread dump with kill -3 would be very useful
while the jvm is in the infinite loop.

cheers



Bill Harten wrote:
> During initialization, Jetty's SslSocketConnector goes into an
> infinite loop, apparently while SSL is trying to close something in
> its Finalizer.
>
> It's not a browser issue; it happens during startup before any browser
> requests are sent.  The SSL certificates get added ok and
> SecureRandom() completes, then 'Finalizer' tries to close something
> and report it, looping forever.
>
> I get this on two separate linux boxes using java versions 1.5.0_14
> and 1.5.0_04.
>
> Does anyone have SslSocketConnector working on linux?  Does anyone
> know what is wrong? Are there any alternatives that would let me still
> use Jetty but with SSL?
>
> Here's the program, followed by the output.
>
> Program:
> package uniflow;
>
> import org.mortbay.jetty.Server;
> import org.mortbay.jetty.security.SslSocketConnector;
>
> public class JettySSL
> {
>  public static void main (String[] args)
>  {
>    try {
>     Server server = new Server();
>
>     SslSocketConnector sslConnector =  new SslSocketConnector();
>     sslConnector.setPort(443);
>     sslConnector.setMaxIdleTime(30000);
>     sslConnector.setKeystore("/home/uniflow/keystore");
>     sslConnector.setTruststore("/home/uniflow/keystore");
>     sslConnector.setPassword("snow1226");
>     sslConnector.setKeyPassword("snow1226");
>     sslConnector.setTrustPassword("snow1226");
>     server.addConnector (sslConnector);
>
>     server.start();
>     server.join();
>    } catch (Exception e) {e.printStackTrace();}
>  }
> }
>
> Output:
>
> adding as trusted cert:
>  Subject: CN=uniflowlims.com, OU=Domain Control Validated, O=uniflowlims.com
>  Issuer:  EMAILADDRESS=[hidden email], CN=Starfield
> Secure Certification Authority, OU=
> http://www.starfieldtech.com/repository, O="Starfield Technologies,
> Inc.", L=Scottsdale, ST=Arizona, C=US
>  Algorithm: RSA; Serial number: 0x3e1958
>  Valid from Mon Jun 26 16:55:55 CDT 2006 until Thu Jun 26 16:55:55 CDT 2008
>
> adding as trusted cert:
>  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
> Group, Inc.", C=US
>  Issuer:  EMAILADDRESS=[hidden email], CN=http://www.valicert.com/,
> OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
>  Algorithm: RSA; Serial number: 0x10d
>  Valid from Tue Jun 29 12:06:20 CDT 2004 until Sat Jun 29 12:06:20 CDT 2024
>
> trigger seeding of SecureRandom
> done seeding SecureRandom
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
> Finalizer, WRITE: TLSv1 Alert, length = 2
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
> Finalizer, WRITE: TLSv1 Alert, length = 2
> ...
> -----these last 4 lines loop forever, until filehandles run out.  Then I get:
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
> Finalizer, Exception sending alert: java.net.SocketException: Too many
> open files
> ...
> -----These loop forever until memory runs out.
>
> Thanks.
>
> Bill
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Jetty-support mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/jetty-support
>


--
Greg Wilkins<[hidden email]>                       US:  +1  3104915462
http://www.webtide.com           UK: +44(0)2079932589 AU: +61(0)417786631



--
Bill Harten, UNIConnect LC
[hidden email] www.uniconnect.com
Phone +1 801 560 1080 Fax +1 801 298 1595
888 West 2000 South, Woods Cross, UT, 84087-2173 USA
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support

Jetty6Uniflow.java (14K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SslSocketConnector loops forever during initialization

Joe Fernandez
In reply to this post by Greg Wilkins
Hi,

I am having the same exact problem. I am running version 6.1.9 and here is the relevant thread dumps.

...
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify

Full thread dump Java HotSpot(TM) Client VM (1.5.0_06-b05 mixed mode):

"btpool0-0 - Acceptor0 SslSocketConnector@localhost:61617" prio=6 tid=0x27419628 nid=0xd68 runnable [0x2847f000..0x2847fc68]
        at java.io.ByteArrayOutputStream.<init>(ByteArrayOutputStream.java:59)
        at com.sun.net.ssl.internal.ssl.OutputRecord.<init>(OutputRecord.java:56)
        at com.sun.net.ssl.internal.ssl.OutputRecord.<init>(OutputRecord.java:66)
        at com.sun.net.ssl.internal.ssl.HandshakeOutStream.<init>(HandshakeOutStream.java:36)
        at com.sun.net.ssl.internal.ssl.Handshaker.setEnabledProtocols(Handshaker.java:281)
        at com.sun.net.ssl.internal.ssl.Handshaker.init(Handshaker.java:131)
        at com.sun.net.ssl.internal.ssl.Handshaker.<init>(Handshaker.java:102)
        at com.sun.net.ssl.internal.ssl.ServerHandshaker.<init>(ServerHandshaker.java:73)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.initHandshaker(SSLSocketImpl.java:978)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getServerHandshaker(SSLSocketImpl.java:926)
        at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:288)
        - locked <0x053d2d38> (a com.sun.net.ssl.internal.ssl.SSLServerSocketImpl)
        at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
        at org.mortbay.jetty.security.SslSocketConnector.accept(SslSocketConnector.java:170)
        at org.mortbay.jetty.AbstractConnector$Acceptor.run(AbstractConnector.java:537)
        at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)

...

"Finalizer" daemon prio=8 tid=0x00a88290 nid=0x1350 runnable [0x26d2f000..0x26d2fa68]
        at java.nio.CharBuffer.wrap(CharBuffer.java:350)
        at sun.nio.cs.StreamEncoder$CharsetSE.implWrite(StreamEncoder.java:378)
        at sun.nio.cs.StreamEncoder.write(StreamEncoder.java:136)
        - locked <0x0525aa50> (a java.io.OutputStreamWriter)
        at java.io.OutputStreamWriter.write(OutputStreamWriter.java:191)
        at java.io.BufferedWriter.flushBuffer(BufferedWriter.java:111)
        - locked <0x0525aa50> (a java.io.OutputStreamWriter)
        at java.io.PrintStream.newLine(PrintStream.java:477)
        - locked <0x052553a8> (a java.io.PrintStream)
        at java.io.PrintStream.println(PrintStream.java:740)
        - locked <0x052553a8> (a java.io.PrintStream)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.sendAlert(SSLSocketImpl.java:1572)
        - locked <0x052553a8> (a java.io.PrintStream)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.warning(SSLSocketImpl.java:1433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.closeInternal(SSLSocketImpl.java:1296)
        - locked <0x04b456c0> (a com.sun.net.ssl.internal.ssl.SSLSocketImpl)
        - locked <0x04b45808> (a java.lang.Object)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.close(SSLSocketImpl.java:1200)
        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.finalize(BaseSSLSocketImpl.java:230)
        at java.lang.ref.Finalizer.invokeFinalizeMethod(Native Method)
        at java.lang.ref.Finalizer.runFinalizer(Finalizer.java:83)
        at java.lang.ref.Finalizer.access$100(Finalizer.java:14)
        at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:160)

Any help would be greatly appreciated. Thanks - Joe


Greg Wilkins wrote
Bill,

I can't see anything obviously wrong with this code.

Jetty is developed on linux, so it definitely runs.
Can you try running this code with the keystore and passwords
shipped with Jetty?

Also - which version of Jetty are you using?

Finally, getting a thread dump with kill -3 would be very useful
while the jvm is in the infinite loop.

cheers



Bill Harten wrote:
> During initialization, Jetty's SslSocketConnector goes into an
> infinite loop, apparently while SSL is trying to close something in
> its Finalizer.
>
> It's not a browser issue; it happens during startup before any browser
> requests are sent.  The SSL certificates get added ok and
> SecureRandom() completes, then 'Finalizer' tries to close something
> and report it, looping forever.
>
> I get this on two separate linux boxes using java versions 1.5.0_14
> and 1.5.0_04.
>
> Does anyone have SslSocketConnector working on linux?  Does anyone
> know what is wrong? Are there any alternatives that would let me still
> use Jetty but with SSL?
>
> Here's the program, followed by the output.
>
> Program:
> package uniflow;
>
> import org.mortbay.jetty.Server;
> import org.mortbay.jetty.security.SslSocketConnector;
>
> public class JettySSL
> {
>  public static void main (String[] args)
>  {
>    try {
>     Server server = new Server();
>
>     SslSocketConnector sslConnector =  new SslSocketConnector();
>     sslConnector.setPort(443);
>     sslConnector.setMaxIdleTime(30000);
>     sslConnector.setKeystore("/home/uniflow/keystore");
>     sslConnector.setTruststore("/home/uniflow/keystore");
>     sslConnector.setPassword("snow1226");
>     sslConnector.setKeyPassword("snow1226");
>     sslConnector.setTrustPassword("snow1226");
>     server.addConnector (sslConnector);
>
>     server.start();
>     server.join();
>    } catch (Exception e) {e.printStackTrace();}
>  }
> }
>
> Output:
>
> adding as trusted cert:
>  Subject: CN=uniflowlims.com, OU=Domain Control Validated, O=uniflowlims.com
>  Issuer:  EMAILADDRESS=practices@starfieldtech.com, CN=Starfield
> Secure Certification Authority, OU=
> http://www.starfieldtech.com/repository, O="Starfield Technologies,
> Inc.", L=Scottsdale, ST=Arizona, C=US
>  Algorithm: RSA; Serial number: 0x3e1958
>  Valid from Mon Jun 26 16:55:55 CDT 2006 until Thu Jun 26 16:55:55 CDT 2008
>
> adding as trusted cert:
>  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
> Group, Inc.", C=US
>  Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
>  Algorithm: RSA; Serial number: 0x10d
>  Valid from Tue Jun 29 12:06:20 CDT 2004 until Sat Jun 29 12:06:20 CDT 2024
>
> trigger seeding of SecureRandom
> done seeding SecureRandom
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
> Finalizer, WRITE: TLSv1 Alert, length = 2
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
> Finalizer, WRITE: TLSv1 Alert, length = 2
> ...
> -----these last 4 lines loop forever, until filehandles run out.  Then I get:
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
> Finalizer, Exception sending alert: java.net.SocketException: Too many
> open files
> ...
> -----These loop forever until memory runs out.
>
> Thanks.
>
> Bill
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Jetty-support mailing list
> Jetty-support@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jetty-support
>


--
Greg Wilkins<gregw@webtide.com>                       US:  +1  3104915462
http://www.webtide.com           UK: +44(0)2079932589 AU: +61(0)417786631

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Jetty-support mailing list
Jetty-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jetty-support
Reply | Threaded
Open this post in threaded view
|

Re: SslSocketConnector loops forever during initialization

Athena Yao-2
The infinite loop may be triggered if the certificates and keys are set up improperly. Can you check that both the key and certificate were loaded in the keystore? The wiki page[1] contains instruction; if you're using a trusted certificate, take particular note of step 3b.

[1] http://docs.codehaus.org/display/JETTY/How+to+configure+SSL

ttmdev wrote:
Hi,

I am having the same exact problem. I am running version 6.1.9 and here is
the relevant thread dumps. 

...
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify

Full thread dump Java HotSpot(TM) Client VM (1.5.0_06-b05 mixed mode):

"btpool0-0 - Acceptor0 SslSocketConnector@localhost:61617" prio=6
tid=0x27419628 nid=0xd68 runnable [0x2847f000..0x2847fc68]
	at java.io.ByteArrayOutputStream.<init>(ByteArrayOutputStream.java:59)
	at com.sun.net.ssl.internal.ssl.OutputRecord.<init>(OutputRecord.java:56)
	at com.sun.net.ssl.internal.ssl.OutputRecord.<init>(OutputRecord.java:66)
	at
com.sun.net.ssl.internal.ssl.HandshakeOutStream.<init>(HandshakeOutStream.java:36)
	at
com.sun.net.ssl.internal.ssl.Handshaker.setEnabledProtocols(Handshaker.java:281)
	at com.sun.net.ssl.internal.ssl.Handshaker.init(Handshaker.java:131)
	at com.sun.net.ssl.internal.ssl.Handshaker.<init>(Handshaker.java:102)
	at
com.sun.net.ssl.internal.ssl.ServerHandshaker.<init>(ServerHandshaker.java:73)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.initHandshaker(SSLSocketImpl.java:978)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.getServerHandshaker(SSLSocketImpl.java:926)
	at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:288)
	- locked <0x053d2d38> (a com.sun.net.ssl.internal.ssl.SSLServerSocketImpl)
	at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
	at
org.mortbay.jetty.security.SslSocketConnector.accept(SslSocketConnector.java:170)
	at
org.mortbay.jetty.AbstractConnector$Acceptor.run(AbstractConnector.java:537)
	at
org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)

...

"Finalizer" daemon prio=8 tid=0x00a88290 nid=0x1350 runnable
[0x26d2f000..0x26d2fa68]
	at java.nio.CharBuffer.wrap(CharBuffer.java:350)
	at sun.nio.cs.StreamEncoder$CharsetSE.implWrite(StreamEncoder.java:378)
	at sun.nio.cs.StreamEncoder.write(StreamEncoder.java:136)
	- locked <0x0525aa50> (a java.io.OutputStreamWriter)
	at java.io.OutputStreamWriter.write(OutputStreamWriter.java:191)
	at java.io.BufferedWriter.flushBuffer(BufferedWriter.java:111)
	- locked <0x0525aa50> (a java.io.OutputStreamWriter)
	at java.io.PrintStream.newLine(PrintStream.java:477)
	- locked <0x052553a8> (a java.io.PrintStream)
	at java.io.PrintStream.println(PrintStream.java:740)
	- locked <0x052553a8> (a java.io.PrintStream)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.sendAlert(SSLSocketImpl.java:1572)
	- locked <0x052553a8> (a java.io.PrintStream)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.warning(SSLSocketImpl.java:1433)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.closeInternal(SSLSocketImpl.java:1296)
	- locked <0x04b456c0> (a com.sun.net.ssl.internal.ssl.SSLSocketImpl)
	- locked <0x04b45808> (a java.lang.Object)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.close(SSLSocketImpl.java:1200)
	at
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.finalize(BaseSSLSocketImpl.java:230)
	at java.lang.ref.Finalizer.invokeFinalizeMethod(Native Method)
	at java.lang.ref.Finalizer.runFinalizer(Finalizer.java:83)
	at java.lang.ref.Finalizer.access$100(Finalizer.java:14)
	at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:160)

Any help would be greatly appreciated. Thanks - Joe



Greg Wilkins wrote:
  
Bill,

I can't see anything obviously wrong with this code.

Jetty is developed on linux, so it definitely runs.
Can you try running this code with the keystore and passwords
shipped with Jetty?

Also - which version of Jetty are you using?

Finally, getting a thread dump with kill -3 would be very useful
while the jvm is in the infinite loop.

cheers



Bill Harten wrote:
    
During initialization, Jetty's SslSocketConnector goes into an
infinite loop, apparently while SSL is trying to close something in
its Finalizer.

It's not a browser issue; it happens during startup before any browser
requests are sent.  The SSL certificates get added ok and
SecureRandom() completes, then 'Finalizer' tries to close something
and report it, looping forever.

I get this on two separate linux boxes using java versions 1.5.0_14
and 1.5.0_04.

Does anyone have SslSocketConnector working on linux?  Does anyone
know what is wrong? Are there any alternatives that would let me still
use Jetty but with SSL?

Here's the program, followed by the output.

Program:
package uniflow;

import org.mortbay.jetty.Server;
import org.mortbay.jetty.security.SslSocketConnector;

public class JettySSL
{
 public static void main (String[] args)
 {
   try {
    Server server = new Server();

    SslSocketConnector sslConnector =  new SslSocketConnector();
    sslConnector.setPort(443);
    sslConnector.setMaxIdleTime(30000);
    sslConnector.setKeystore("/home/uniflow/keystore");
    sslConnector.setTruststore("/home/uniflow/keystore");
    sslConnector.setPassword("snow1226");
    sslConnector.setKeyPassword("snow1226");
    sslConnector.setTrustPassword("snow1226");
    server.addConnector (sslConnector);

    server.start();
    server.join();
   } catch (Exception e) {e.printStackTrace();}
 }
}

Output:

adding as trusted cert:
 Subject: CN=uniflowlims.com, OU=Domain Control Validated,
O=uniflowlims.com
 Issuer:  [hidden email], CN=Starfield
Secure Certification Authority, OU=
http://www.starfieldtech.com/repository, O="Starfield Technologies,
Inc.", L=Scottsdale, ST=Arizona, C=US
 Algorithm: RSA; Serial number: 0x3e1958
 Valid from Mon Jun 26 16:55:55 CDT 2006 until Thu Jun 26 16:55:55 CDT
2008

adding as trusted cert:
 Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US
 Issuer:  [hidden email], CN=http://www.valicert.com/,
OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
 Algorithm: RSA; Serial number: 0x10d
 Valid from Tue Jun 29 12:06:20 CDT 2004 until Sat Jun 29 12:06:20 CDT
2024

trigger seeding of SecureRandom
done seeding SecureRandom
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
...
-----these last 4 lines loop forever, until filehandles run out.  Then I
get:
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
Finalizer, Exception sending alert: java.net.SocketException: Too many
open files
...
-----These loop forever until memory runs out.

Thanks.

Bill

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support

      
-- 
Greg Wilkins[hidden email]                       US:  +1  3104915462
http://www.webtide.com           UK: +44(0)2079932589 AU: +61(0)417786631

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support


    

  

Reply | Threaded
Open this post in threaded view
|

Re: SslSocketConnector loops forever during initialization

Joe Fernandez
Thank you for the reply. As it turned out, it was an improper setup that was causing the infinite loop.

Regards,
Joe

Athena Yao-2 wrote
The infinite loop may be triggered if the certificates and keys are set
up improperly. Can you check that both the key and certificate were
loaded in the keystore? The wiki page[1] contains instruction; if you're
using a trusted certificate, take particular note of step 3b.

[1] http://docs.codehaus.org/display/JETTY/How+to+configure+SSL

ttmdev wrote:
> Hi,
>
> I am having the same exact problem. I am running version 6.1.9 and here is
> the relevant thread dumps.
>
> ...
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
> Finalizer, WRITE: TLSv1 Alert, length = 2
> Finalizer, called close()
> Finalizer, called closeInternal(true)
> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
>
> Full thread dump Java HotSpot(TM) Client VM (1.5.0_06-b05 mixed mode):
>
> "btpool0-0 - Acceptor0 SslSocketConnector@localhost:61617" prio=6
> tid=0x27419628 nid=0xd68 runnable [0x2847f000..0x2847fc68]
> at java.io.ByteArrayOutputStream.<init>(ByteArrayOutputStream.java:59)
> at com.sun.net.ssl.internal.ssl.OutputRecord.<init>(OutputRecord.java:56)
> at com.sun.net.ssl.internal.ssl.OutputRecord.<init>(OutputRecord.java:66)
> at
> com.sun.net.ssl.internal.ssl.HandshakeOutStream.<init>(HandshakeOutStream.java:36)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.setEnabledProtocols(Handshaker.java:281)
> at com.sun.net.ssl.internal.ssl.Handshaker.init(Handshaker.java:131)
> at com.sun.net.ssl.internal.ssl.Handshaker.<init>(Handshaker.java:102)
> at
> com.sun.net.ssl.internal.ssl.ServerHandshaker.<init>(ServerHandshaker.java:73)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.initHandshaker(SSLSocketImpl.java:978)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.getServerHandshaker(SSLSocketImpl.java:926)
> at
> com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:288)
> - locked <0x053d2d38> (a com.sun.net.ssl.internal.ssl.SSLServerSocketImpl)
> at
> com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
> at
> org.mortbay.jetty.security.SslSocketConnector.accept(SslSocketConnector.java:170)
> at
> org.mortbay.jetty.AbstractConnector$Acceptor.run(AbstractConnector.java:537)
> at
> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)
>
> ...
>
> "Finalizer" daemon prio=8 tid=0x00a88290 nid=0x1350 runnable
> [0x26d2f000..0x26d2fa68]
> at java.nio.CharBuffer.wrap(CharBuffer.java:350)
> at sun.nio.cs.StreamEncoder$CharsetSE.implWrite(StreamEncoder.java:378)
> at sun.nio.cs.StreamEncoder.write(StreamEncoder.java:136)
> - locked <0x0525aa50> (a java.io.OutputStreamWriter)
> at java.io.OutputStreamWriter.write(OutputStreamWriter.java:191)
> at java.io.BufferedWriter.flushBuffer(BufferedWriter.java:111)
> - locked <0x0525aa50> (a java.io.OutputStreamWriter)
> at java.io.PrintStream.newLine(PrintStream.java:477)
> - locked <0x052553a8> (a java.io.PrintStream)
> at java.io.PrintStream.println(PrintStream.java:740)
> - locked <0x052553a8> (a java.io.PrintStream)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.sendAlert(SSLSocketImpl.java:1572)
> - locked <0x052553a8> (a java.io.PrintStream)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.warning(SSLSocketImpl.java:1433)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.closeInternal(SSLSocketImpl.java:1296)
> - locked <0x04b456c0> (a com.sun.net.ssl.internal.ssl.SSLSocketImpl)
> - locked <0x04b45808> (a java.lang.Object)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.close(SSLSocketImpl.java:1200)
> at
> com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.finalize(BaseSSLSocketImpl.java:230)
> at java.lang.ref.Finalizer.invokeFinalizeMethod(Native Method)
> at java.lang.ref.Finalizer.runFinalizer(Finalizer.java:83)
> at java.lang.ref.Finalizer.access$100(Finalizer.java:14)
> at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:160)
>
> Any help would be greatly appreciated. Thanks - Joe
>
>
>
> Greg Wilkins wrote:
>  
>> Bill,
>>
>> I can't see anything obviously wrong with this code.
>>
>> Jetty is developed on linux, so it definitely runs.
>> Can you try running this code with the keystore and passwords
>> shipped with Jetty?
>>
>> Also - which version of Jetty are you using?
>>
>> Finally, getting a thread dump with kill -3 would be very useful
>> while the jvm is in the infinite loop.
>>
>> cheers
>>
>>
>>
>> Bill Harten wrote:
>>    
>>> During initialization, Jetty's SslSocketConnector goes into an
>>> infinite loop, apparently while SSL is trying to close something in
>>> its Finalizer.
>>>
>>> It's not a browser issue; it happens during startup before any browser
>>> requests are sent.  The SSL certificates get added ok and
>>> SecureRandom() completes, then 'Finalizer' tries to close something
>>> and report it, looping forever.
>>>
>>> I get this on two separate linux boxes using java versions 1.5.0_14
>>> and 1.5.0_04.
>>>
>>> Does anyone have SslSocketConnector working on linux?  Does anyone
>>> know what is wrong? Are there any alternatives that would let me still
>>> use Jetty but with SSL?
>>>
>>> Here's the program, followed by the output.
>>>
>>> Program:
>>> package uniflow;
>>>
>>> import org.mortbay.jetty.Server;
>>> import org.mortbay.jetty.security.SslSocketConnector;
>>>
>>> public class JettySSL
>>> {
>>>  public static void main (String[] args)
>>>  {
>>>    try {
>>>     Server server = new Server();
>>>
>>>     SslSocketConnector sslConnector =  new SslSocketConnector();
>>>     sslConnector.setPort(443);
>>>     sslConnector.setMaxIdleTime(30000);
>>>     sslConnector.setKeystore("/home/uniflow/keystore");
>>>     sslConnector.setTruststore("/home/uniflow/keystore");
>>>     sslConnector.setPassword("snow1226");
>>>     sslConnector.setKeyPassword("snow1226");
>>>     sslConnector.setTrustPassword("snow1226");
>>>     server.addConnector (sslConnector);
>>>
>>>     server.start();
>>>     server.join();
>>>    } catch (Exception e) {e.printStackTrace();}
>>>  }
>>> }
>>>
>>> Output:
>>>
>>> adding as trusted cert:
>>>  Subject: CN=uniflowlims.com, OU=Domain Control Validated,
>>> O=uniflowlims.com
>>>  Issuer:  EMAILADDRESS=practices@starfieldtech.com, CN=Starfield
>>> Secure Certification Authority, OU=
>>> http://www.starfieldtech.com/repository, O="Starfield Technologies,
>>> Inc.", L=Scottsdale, ST=Arizona, C=US
>>>  Algorithm: RSA; Serial number: 0x3e1958
>>>  Valid from Mon Jun 26 16:55:55 CDT 2006 until Thu Jun 26 16:55:55 CDT
>>> 2008
>>>
>>> adding as trusted cert:
>>>  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
>>> Group, Inc.", C=US
>>>  Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
>>> OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
>>> L=ValiCert Validation Network
>>>  Algorithm: RSA; Serial number: 0x10d
>>>  Valid from Tue Jun 29 12:06:20 CDT 2004 until Sat Jun 29 12:06:20 CDT
>>> 2024
>>>
>>> trigger seeding of SecureRandom
>>> done seeding SecureRandom
>>> Finalizer, called close()
>>> Finalizer, called closeInternal(true)
>>> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
>>> Finalizer, WRITE: TLSv1 Alert, length = 2
>>> Finalizer, called close()
>>> Finalizer, called closeInternal(true)
>>> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
>>> Finalizer, WRITE: TLSv1 Alert, length = 2
>>> ...
>>> -----these last 4 lines loop forever, until filehandles run out.  Then I
>>> get:
>>> Finalizer, called close()
>>> Finalizer, called closeInternal(true)
>>> Finalizer, SEND TLSv1 ALERT:  warning, description = close_notify
>>> Finalizer, Exception sending alert: java.net.SocketException: Too many
>>> open files
>>> ...
>>> -----These loop forever until memory runs out.
>>>
>>> Thanks.
>>>
>>> Bill
>>>
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by: Microsoft
>>> Defy all challenges. Microsoft(R) Visual Studio 2005.
>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>> _______________________________________________
>>> Jetty-support mailing list
>>> Jetty-support@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/jetty-support
>>>
>>>      
>> --
>> Greg Wilkins<gregw@webtide.com>                       US:  +1  3104915462
>> http://www.webtide.com           UK: +44(0)2079932589 AU: +61(0)417786631
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Microsoft
>> Defy all challenges. Microsoft(R) Visual Studio 2005.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>> _______________________________________________
>> Jetty-support mailing list
>> Jetty-support@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/jetty-support
>>
>>
>>    
>
>