-
Bug
-
Resolution: Done
-
Major
-
EAP 5.0.1.CR1
-
None
-
Regression
We have one failed test in TCK - webservices:
com/sun/ts/tests/webservices/sec/ejb/certificate/Client.java -Dtest=secEjbCertif
Automated job:
http://hudson.qa.jboss.com/hudson/view/TCK5-EAP5-JDK6/job/tck5-eap5-jdk6-webservices/
Description:
############
Test fails when client wants to make renegotiation with https connector.
Client log:
############
ERROR [CommonClient:419] Exception caught while (preparing for) performing the invocation:
java.io.IOException: Could not transmit message
at org.jboss.ws.core.client.HTTPRemotingConnection.invoke(HTTPRemotingConnection.java:253)
at org.jboss.ws.core.client.SOAPProtocolConnectionHTTP.invoke(SOAPProtocolConnectionHTTP.java:71)
at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:339)
at org.jboss.ws.core.jaxrpc.client.CallImpl.invokeInternal(CallImpl.java:516)
at org.jboss.ws.core.jaxrpc.client.CallImpl.invoke(CallImpl.java:275)
at org.jboss.ws.core.jaxrpc.client.PortProxy.invoke(PortProxy.java:154)
at $Proxy9.sayHelloCertificate(Unknown Source)
...
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker after 1 attempt(s)
... 29 more
Caused by: java.net.SocketException: Unexpected end of file from server
... 34 more
Server log:
############
08:07:43,820 WARN [JSSESocketFactory] SSL renegotiation is disabled, closing connection
08:07:43,836 WARN [Http11Processor] Exception getting SSL attributes
java.net.SocketException: SSL Cert handshake timeout
at org.apache.tomcat.util.net.jsse.JSSESupport.handShake(JSSESupport.java:178)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:138)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1075)
at org.apache.coyote.Request.action(Request.java:350)
...
08:08:43,910 WARN [JSSESocketFactory] SSL renegotiation is disabled, closing connection
08:08:44,231 ERROR [STDERR] [Fatal Error] :-1:-1: Premature end of file.
08:08:44,244 ERROR [SOAPFaultHelperJAXRPC] SOAP request exception
javax.xml.rpc.soap.SOAPFaultException: org.xml.sax.SAXParseException: Premature end of file.
at org.jboss.ws.core.jaxrpc.SOAPFaultHelperJAXRPC.exceptionToFaultMessage(SOAPFaultHelperJAXRPC.java:189)
at org.jboss.ws.core.jaxrpc.SOAP11BindingJAXRPC.createFaultMessageFromException(SOAP11BindingJAXRPC.java:61)
at org.jboss.ws.core.CommonSOAPBinding.bindFaultMessage(CommonSOAPBinding.java:650)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:490)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:293)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:203)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:129)
at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
Workaround:
############
Enable renegotiation on https connector with parameter: allowUnsafeLegacyRenegotiation="true" with this workaround test passes.
But Is unsafe legacy TLS renegotiation allowed which is likely to expose users to CVE-2009-3555. Default is false.
