jruby-ossl
jruby-ossl copied to clipboard
jruby
Error establishing SSL connections: OpenSSL::SSL::SSLError: Socket closed
(Also logged this here: http://jira.codehaus.org/browse/JRUBY-6346 -- wasn't sure the best place to put it)
Mac OSX Lion, jruby 1.6.5.1, 1.9 mode, jruby-openssl 0.7.5.dev
I have been intermittently seeing "SSLError: Socket closed" upon connect, trying to establish an SSL socket connection. Hard to tell whether it was just my connection or not. Then I noticed that it happens without fail upon accept when running WEBrick in https mode--except from Safari. I mean, Webrick starts up okay, but when I navigate to https://localhost:3000 in my browser (though, strangely, Safari works fine), it fails with the following backtrace:
—
<OpenSSL::SSL::SSLError: Socket closed>
org/jruby/ext/openssl/SSLSocket.java:227:in accept
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/jruby-openssl-0.7.5.1.dev.ibm/lib/1.9/openssl/ssl-internal.rb:164:in accept
/Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:159:in accept_client
/Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:94:in start
org/jruby/RubyArray.java:1612:in each
/Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:91:in start
/Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:22:in start
/Users/mhauck/.rvm/rubies/jruby-1.6.5.1/lib/ruby/1.9/webrick/server.rb:81:in start
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/rack-1.2.4/lib/rack/handler/webrick.rb:13:in run
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/rack-1.2.4/lib/rack/server.rb:217:in start
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/railties-3.0.10/lib/rails/commands/server.rb:65:in start
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/railties-3.0.10/lib/rails/commands.rb:30:in (root)
org/jruby/RubyKernel.java:1804:in tap
/Users/mhauck/.rvm/gems/jruby-1.6.5.1/gems/railties-3.0.10/lib/rails/commands.rb:27:in (root)
org/jruby/RubyKernel.java:1047:in require
script/rails:59:in (root)
—
The failure in connect comes from the following code (from jtv-apns gem):
—
context = OpenSSL::SSL::SSLContext.new
context.cert = cert
context.key = pem
sock = TCPSocket.new(host, port)
ssl = OpenSSL::SSL::SSLSocket.new(sock, context)
ssl.connect
—
PS. I configured webrick to use SSL as detailed here: http://www.nearinfinity.com/blogs/chris_rohr/configuring_webrick_to_use_ssl.html
It appears that in both places, the problem is happening in doHandshake() -- it is expecting there to be more data from the client / server (readAndUnwrap()) but there is none.
if(readAndUnwrap() == -1 && hsStatus != SSLEngineResult.HandshakeStatus.FINISHED) { throw new SSLHandshakeException("Socket closed"); }
Okay, got jdb up and working. It is exiting here from lines 464-466 in readAndUnwrap():
if(status == SSLEngineResult.Status.CLOSED) { doShutdown(); return -1; }
hsStatus = "NEED_WRAP"
peerNetData.hasRemaining() = false
peerAppData.hasRemaining() = true
Reading peerAppData gives me a 96-long "0000<...>" string. Is there anything I can inspect here that might be of interest?