Netty ClientBootstrap SSL Handshake Terminates--Channel/ClientBootstrap closing?
https://stackoverflow.com/questions/9875812
-
26-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
My Connection to my test application keeps terminating in the same place without any errors.
I think perhaps something is triggering the channel/connection to close, but I don't know what it could be. Where exactly it closes changes slightly if I change printouts in the code, so the timing appears to be on a different thread.
I've been working on this for four days now and list myself as officially stuck.
Here is my connection code:
final HttpQueryRequestImpl realRequest = (HttpQueryRequestImpl) getPredecessorQueryResolver().resolvePredecessorResults(getPredecessorResults(), getQueryRequest(), getId());
// Configure the client.
// TODO determine if this ClientBootstrap object can be reused. Indications in the doucmentation
// seem to say yes, with caveats. Reusing the pool would improve performance. Caveats must be investigated.
final ClientBootstrap bootstrap = new ClientBootstrap(
new NioClientSocketChannelFactory(
Executors.newCachedThreadPool(),
Executors.newCachedThreadPool()));
// Set up the event pipeline factory.
bootstrap.setPipelineFactory(new HttpSnoopClientPipelineFactory());
// TODO audit and timestamp logging
if (logger.isInfoEnabled()) {
logger.info("Starting connection to !" + realRequest.getUri());
}
// Start the connection attempt.
// ChannelFuture future = bootstrap.connect(new InetSocketAddress(realRequest.getHost(), realRequest.getPort()));
logger.info(realRequest.getHost() + " " + realRequest.getPort());
ChannelFuture future = bootstrap.connect(new InetSocketAddress("myname.organization.com", 8443));
// register some things to happen after the channel completes
future.addListener(new ChannelFutureListener() {
@Override
public void operationComplete(ChannelFuture future) throws Exception {
if (!future.isSuccess()) {
logger.error("Error connecting to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri());
bootstrap.releaseExternalResources();
} else {
if (logger.isInfoEnabled()) {
logger.info("Connected to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri());
}
// Send the HTTP request.
Channel channel = future.getChannel();
HttpRequest request = new DefaultHttpRequest(
HttpVersion.HTTP_1_1, HttpMethod.GET, "/factorial");
request.setHeader(HttpHeaders.Names.HOST, "myname.organization.com");
request.setHeader(HttpHeaders.Names.CONNECTION, HttpHeaders.Values.CLOSE);
request.setHeader(HttpHeaders.Names.ACCEPT_ENCODING, HttpHeaders.Values.GZIP);
ChannelFuture writeFuture = channel.write(request);
writeFuture.addListener(new ChannelFutureListener() {
@Override
public void operationComplete(ChannelFuture future) throws Exception {
logger.info("Wrote data complete");
// TODO once bootstrap is reused, get rid of this
// Shut down executor threads to exit.
// bootstrap.releaseExternalResources();
}
});
}
}
});
This is what my output looks like with SSL debugging enabled:
32 [main] INFO nettyliteserver.remotequeries.HttpsQuery - Starting connection to !https://myname.organization.com:8443/factorial
32 [main] INFO nettyliteserver.remotequeries.HttpsQuery - myname.organization.com 8443
***
found key for : myname.organization.com
chain [0] = [
[
Version: V1
Subject: CN=myname.organization.com, OU=myname.organization.com, O=myname.organization.com, L=myname.organization.com, ST=myname.organization.com, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 94642469145065852073118930371145672868332389407646565010478303790446281089121119363888463093443199472593726155607365724815252704927244864250811984977900576391208121343883948799873869280369621492901495505803717080952775289840654752626694613842653754724186814688913115288788127483906065658243886585022651573993
public exponent: 65537
Validity: [From: Fri Mar 09 13:29:22 EST 2012,
To: Sat Mar 09 13:29:22 EST 2013]
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
SerialNumber: [ 71c8]
]
Algorithm: [SHA1withRSA]
Signature:
0000: C5 55 9C 1D 76 CE 05 87 45 0D C3 15 9C DB 0B 3A .U..v...E......:
0010: 70 0E 50 0C DB DB B4 62 2F BA A3 30 48 C0 D2 E9 p.P....b/..0H...
0020: 45 9C 3C C0 4A 84 7B 21 51 78 93 F1 63 4C 61 37 E.<.J..!Qx..cLa7
0030: 21 97 E8 38 F9 62 C5 EA 02 53 28 4F F8 EC 01 F2 !..8.b...S(O....
0040: 08 70 DB 96 D5 1D 9E 0A 89 33 D3 1D C8 79 8B C1 .p.......3...y..
0050: 6E 07 C4 98 FA 55 85 80 D4 10 AF A7 E5 A7 94 FA n....U..........
0060: 45 CB DA 7C FA 66 C6 FC 69 A4 B2 05 01 C6 DC 8E E....f..i.......
0070: AC 15 7D A2 FC 25 DF FE 19 80 D4 27 07 EA D6 3F .....%.....'...?
0080: 5C 73 5F 63 0B 4E 02 FC 49 EA 76 69 FA 82 5B 1B \s_c.N..I.vi..[.
0090: 3B 45 6B 95 DC 8F C2 E8 A9 6C 10 CD 9B E0 59 D7 ;Ek......l....Y.
00A0: DC E6 69 2C F9 DB 99 F7 7F E3 76 81 13 CD B3 FE ..i,......v.....
00B0: 1D AD 32 7D 6F 74 A9 12 4B 06 E2 9F E9 1F EF 8A ..2.ot..K.......
00C0: 1F CA 1D B8 08 47 00 1D 19 53 87 0A E3 FA B4 B5 .....G...S......
00D0: 99 4F B9 97 5D D0 EE 0D DD 09 5F 3C 41 31 D6 18 .O..]....._<A1..
00E0: 5C 39 01 8E DA D9 27 85 FE 0F C5 EE 00 A3 27 44 \9....'.......'D
00F0: C0 A1 42 EA 13 5B 66 3B 64 E3 EA 9B 23 20 0B C6 ..B..[f;d...# ..
0100: 66 DB AB 79 77 97 3E 4A D0 C7 79 C4 D2 E7 BD 1A f..yw.>J..y.....
0110: F3 90 39 A2 A4 69 A9 A1 4E A3 0B 92 93 9F 8F 4F ..9..i..N......O
0120: C3 4F CE E7 20 D6 45 4D 9B E0 B2 58 EC 96 19 99 .O.. .EM...X....
0130: E0 F3 BB E4 EF 7E 1D C7 C3 48 8B D0 7D 2D 8C 3A .........H...-.:
0140: 1A AF 77 3A 83 F4 51 C9 D6 DE BE 24 3B 03 7C A9 ..w:..Q....$;...
0150: 4B 5C C4 6E 59 AB E2 02 63 73 CE 98 8A D0 45 D5 K\.nY...cs....E.
0160: 6C FE 23 79 93 69 D5 74 0D AF FE 23 AE BB 3F E4 l.#y.i.t...#..?.
0170: 9C 05 87 E1 2E 91 51 D6 44 55 7E 66 73 1D BB C2 ......Q.DU.fs...
0180: F3 E8 4D CA 50 D9 6D 2A AD 84 EF C7 70 4B 15 EA ..M.P.m*....pK..
0190: C4 E0 33 3E 44 89 A3 97 8C 32 17 FD B9 DD 22 FB ..3>D....2....".
01A0: 08 CF 1E 49 78 B7 2F 8E 60 66 58 3D 57 6F 21 72 ...Ix./.`fX=Wo!r
01B0: D3 87 38 9C DD EB 60 D8 BD 06 A8 04 FD 2D 59 EA ..8...`......-Y.
01C0: 82 A8 E8 E7 73 81 1E DE FD 51 33 0C F7 47 AE 34 ....s....Q3..G.4
01D0: 58 57 DD CE FD 12 68 A6 A8 2E 58 4F C7 6A 1E 27 XW....h...XO.j.'
01E0: 39 EF C7 BE 75 32 96 99 6B 1B E6 23 2A A5 0E 2F 9...u2..k..#*../
01F0: 35 0A 0C 0C FA 92 65 1D DC 17 56 57 C4 08 89 48 5.....e...VW...H
]
chain [1] = [
[
Version: V1
Subject: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 4096 bits
modulus: 806866056348410276765741718640530245144236832502515305762072630647553277327953919063172921502880537921571234334570551528531888439605163701867371172813984927986527584575335107418628498623377289440387978453125866503947773575289298639780740830349842738718874502642354354786938153803982142709595698253667527748252780647208422256786989310056682111281793756866001585577762899819782647308899956239433307951381179494148030342543127196354965114705680137760255253494869690234155019595101679874833401305309080790668924554791611347641826073186513714032079267845800910995372117962695304732667441462587341743926848435668491205343373472147947564642450777593350053051331533112897445884090255314793988795654376385927964164743689070718825504556057816253883950563232708345137230621100544965407234099088514072120925433729718654307794068734283314839693884400349895261851764957828001331060077733384251643023885026867016629337741393451760864161087662305445338147618921663305526880031574988450298248773113067904762125722376437187045162922144483754266350990810318433387352520742359961188082219224300651116723774686748606066644650420169490565673256120050113505389581136874611045622641221693918773655462724374483166653830081719164259720121105179323613660081321
public exponent: 65537
Validity: [From: Fri Mar 09 13:29:15 EST 2012,
To: Sat Mar 09 13:29:15 EST 2013]
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
SerialNumber: [ c1e2c18c f327ad81]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 8A EB 65 0E 88 09 BE 9A BA 88 FB CA 9A D4 53 F4 ..e...........S.
0010: B0 5C 91 67 BD C9 35 67 2D 37 78 2D 5C E6 4B 26 .\.g..5g-7x-\.K&
0020: E9 8E 20 3D DE 92 9B 29 A7 CB CC 5F 4E E3 CD 1A .. =...)..._N...
0030: FA 5B EB 0D 42 DC 17 05 4E D6 34 72 43 46 6C 55 .[..B...N.4rCFlU
0040: 99 FF AC 00 2E BF 28 5D 4A 6A 21 DE 72 9E 6C 7A ......(]Jj!.r.lz
0050: A6 10 28 27 21 72 0F 69 09 04 D3 FB A7 83 DF 81 ..('!r.i........
0060: E2 78 BD 0B 4F D7 AA B4 CC E2 E4 3B A5 30 A3 14 .x..O......;.0..
0070: B4 83 75 DC E6 8C 01 9A B2 BA FF 0D 3F AA F1 30 ..u.........?..0
0080: A0 33 A9 CC 13 08 72 8F E2 75 1D 3B 30 B8 82 3C .3....r..u.;0..<
0090: 9A A0 A3 68 18 60 C0 1F E4 2E 06 D6 1B B8 46 6F ...h.`........Fo
00A0: AB D3 C9 AD 89 E6 E7 48 12 0F 90 A5 B8 A2 17 51 .......H.......Q
00B0: 41 AF 1E 62 6C D2 48 B2 41 C6 CE 1D 4E B1 F7 90 A..bl.H.A...N...
00C0: 34 26 E0 5D 95 7B BD 93 BA 4C D1 7A 08 A9 1E 57 4&.].....L.z...W
00D0: 03 EE F2 EC BD 8E 36 43 1D 4F 9E 39 56 A8 E4 B6 ......6C.O.9V...
00E0: 44 6C D5 D3 8C F0 FE 1F 87 87 67 2D E6 05 7E BA Dl........g-....
00F0: 18 FB 6C 0B D8 80 19 08 27 8F 60 09 A6 BA 68 55 ..l.....'.`...hU
0100: 05 13 A8 9C 04 06 F8 24 A1 52 DB 67 69 2E FE 12 .......$.R.gi...
0110: A5 23 D1 2E 56 EA 54 08 83 DD 91 43 45 8B F6 97 .#..V.T....CE...
0120: 01 65 CC 32 4C FA D6 89 81 83 B4 21 92 F4 EC 29 .e.2L......!...)
0130: 68 87 51 A0 FC B7 7D BD 90 F8 A1 F8 68 82 CF 03 h.Q.........h...
0140: 4E 9C C2 FA AF 4A D3 AD 0B AB AB 73 4B B4 95 B0 N....J.....sK...
0150: EC 64 6B 8E 2B D4 E1 41 96 19 EC E9 6B 92 51 8A .dk.+..A....k.Q.
0160: D8 C1 87 FC DB B4 12 BD 14 AB 5C 07 73 AA DE CE ..........\.s...
0170: E5 05 8F E9 CC 9F C4 2A B6 0F 5D 40 8E 7A 82 7E .......*..]@.z..
0180: CD 28 88 8F 01 3E 6C EF E7 01 58 2E C9 3F 0E 44 .(...>l...X..?.D
0190: 4D 1A 2B BB 0D 51 76 38 26 D4 89 5C 9B AB 63 FA M.+..Qv8&..\..c.
01A0: 4B 63 7C DC 0E 05 01 BB E4 97 73 03 4F 83 71 1E Kc........s.O.q.
01B0: B6 CB A6 62 F9 21 1B F2 24 D3 85 1D E6 31 87 E4 ...b.!..$....1..
01C0: D6 74 09 70 C3 D0 4C 35 7E F1 49 5A 60 B7 02 72 .t.p..L5..IZ`..r
01D0: 04 C9 83 AD 5E 63 1F 7B 97 4C 35 7F 15 88 D5 5D ....^c...L5....]
01E0: DA 3B F6 80 9B 07 E5 86 4B 67 F6 B2 66 DE 81 6C .;......Kg..f..l
01F0: FF B6 99 D1 06 EF 3A 27 68 8D F2 EE 72 C4 48 64 ......:'h...r.Hd
]
***
adding as trusted cert:
Subject: CN=myname.organization.com, OU=myname.organization.com, O=myname.organization.com, L=myname.organization.com, ST=myname.organization.com, C=US
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Algorithm: RSA; Serial number: 0x71c8
Valid from Fri Mar 09 13:29:22 EST 2012 until Sat Mar 09 13:29:22 EST 2013
adding as trusted cert:
Subject: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Algorithm: RSA; Serial number: 0xc1e2c18cf327ad81
Valid from Fri Mar 09 13:29:15 EST 2012 until Sat Mar 09 13:29:15 EST 2013
trigger seeding of SecureRandom
done seeding SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
985 [main] INFO nettyliteserver.ssl.FlexibleErrorSslHandler - handleDownstream
That's where it terminates. I've changed the printouts around a bit so that sometimes I also get one more line, the printout from logger.info("Connected to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri()); but I really don't know what is causing it to shut down.
I tried overriding the netty SSLHandler and on all it's public operations added a printout, but the close(), channelConnected(), channelDisconnected(), etc methods are never being called. Neither is handshake().
My pipeline is set up to do a handshake:
public class HttpSnoopClientPipelineFactory implements ChannelPipelineFactory {
public ChannelPipeline getPipeline() throws Exception {
// Create a default pipeline implementation.
ChannelPipeline pipeline = pipeline();
// Enable HTTPS
SSLEngine engine =
SecureChatSslContextFactory.getClientContext().createSSLEngine();
engine.setUseClientMode(true);
System.out.println("HERE!!!!!!!!!!!!");
pipeline.addLast("ssl", new SslHandler(engine));
pipeline.addLast("codec", new HttpClientCodec());
// Remove the following line if you don't want automatic content decompression.
pipeline.addLast("inflater", new HttpContentDecompressor());
// Uncomment the following line if you don't want to handle HttpChunks.
//pipeline.addLast("aggregator", new HttpChunkAggregator(1048576));
pipeline.addLast("handler", new HttpSnoopClientHandler());
return pipeline;
}
}
My custom SSLHandler is really the same as the library's SslHandler, I just overrode the methods to add printouts before delegating to the super version.
It looks like the only thing being called on it is handleDownstream()
Solution
You need to call SslHandler.handshake() by yourself after the connect success.
Something like:
future.getChannel().getPipeline(SslHandler.class).handshake();
This needs to get done in your ChannelFuture that gets returned by the connect method or a SimpleChannelUpstreamHandler implementation that you add to the ChannelPipeline
OTHER TIPS
Netty documentation states:
Handshake
If isIssueHandshake() is false (default) you will need to take care of calling handshake() by your own. In most situations were SslHandler is used in 'client mode' you want to issue a handshake once the connection was established. if setIssueHandshake(boolean) is set to true you don't need to worry about this as the SslHandler will take care of it.
see javadoc
So, you should set isIssueHandshake on SslHandler before estamblishing the connection:
SslHandler sslHandler = new SslHandler(engine);
setIssueHandshake(boolean);
pipeline.addLast("ssl", sslHandler);
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
