JDK-4280362 : periodic "broken pipe" IOException with mutual auth and new handshake
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 1.0
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic
  • CPU: generic
  • Submitted: 1999-10-12
  • Updated: 1999-10-28
  • Resolved: 1999-10-28
Related Reports
Duplicate :  
JDK-4282681 - IOException/SocketException with startHandshake() call
Description
daniel.daugherty@Eng 1999-10-12

There appears to be a periodic problem when mutual authentication is
enabled and a new handshake is started. When this problem occurs, I
typically see it in the following test cases:

        tcList[0] = new SessionTC(
            // begin base test case elements:
            "SSL_DHE_DSS_WITH_DES_CBC_SHA",     // cipher suite name
            false,                      // disjoint cipher suites?
            true,                       // keystore enabled?
            true,                       // mutual authentication enabled?
            EXP_PASS,                   // expected test result
            // end base test case elements

            // begin session management test case elements:
            true,               // server socket session creation enabled?
            true,               // client session creation enabled?
            true,               // invalidate the current session?
            true);              // start a new handshake?

        tcList[1] = new SessionTC(
            // begin base test case elements:
            "SSL_DHE_DSS_WITH_DES_CBC_SHA",     // cipher suite name
            false,                      // disjoint cipher suites?
            true,                       // keystore enabled?
            true,                       // mutual authentication enabled?
            EXP_PASS,                   // expected test result
            // end base test case elements
            
            // begin session management test case elements:
            true,               // server socket session creation enabled?
            false,              // client session creation enabled?
            false,              // invalidate the current session?
            true);              // start a new handshake?

The server side is happy:

    + java -version
    java version "1.3.0"
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-I)
    Java HotSpot (TM) Client VM (build 1.3-I, interpreted mode)
    + java SessionServer -v
    VERBOSE: Loop config=1 interation(s)
    VERBOSE: port=32000  sessions=1
    VERBOSE: 0: open connection from owjones/192.129.100.2:33257
    VERBOSE: 0/0/0: tc=((SSL_DHE_DSS_WITH_DES_CBC_SHA, false, true, true,
    EXP_PASS), true, true, true, true)
    VERBOSE: 0/0: server PASSed.
    VERBOSE: 0/1/0: tc=((SSL_DHE_DSS_WITH_DES_CBC_SHA, false, true, true,
    EXP_PASS), true, false, false, true)
    VERBOSE: 0/1: server PASSed.
    VERBOSE: 0: close connection from 192.129.100.2:33257
    FINALSTATUS:SessionServer:EXIT_PASS:0:TEST PASSED

On the client side, an IOException is thrown on the *second* message
loop;

    + java -version
    java version "1.3.0"
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-I)
    Java HotSpot (TM) Client VM (build 1.3-I, interpreted mode)
    + java SessionClient -v owjones
    VERBOSE: Loop config=1 interation(s)
    VERBOSE: port=32000  sessions=1  server='owjones'
    VERBOSE: loop #0: connecting to owjones:32000
    VERBOSE: 0/0/0: tc=((SSL_DHE_DSS_WITH_DES_CBC_SHA, false, true, true, EXP_PASS), true, true, true, true)
    VERBOSE: 0/0/0: mesg loop #0
    VERBOSE: 0/0/0: mesg loop #1
    ERROR: 0/0/0: java.io.IOException: Broken pipe
    java.io.IOException: Broken pipe
	    at java.net.SocketOutputStream.socketWrite(Native Method)
	    at java.net.SocketOutputStream.write(SocketOutputStream.java:87)
	    at com.sun.net.ssl.internal.ssl.OutputRecord.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.AppInputStream.read([DashoPro-V1.2-120198])
	    at SSLDataComm.recvMesg(SSLDataComm.java:207)
	    at SSLDataComm.doClientWork(SSLDataComm.java:95)
	    at SSLDataComm.run(SSLDataComm.java:61)
	    at java.lang.Thread.run(Thread.java:485)
    ERROR: 0/0: wrong number of SSL sessions: expect=2 actual=1
    VERBOSE: 0/0: client FAILed.
    VERBOSE: 0/0: server PASSed.
    ERROR: 0/0: tc=((SSL_DHE_DSS_WITH_DES_CBC_SHA, false, true, true, EXP_PASS), true, true, true, true)
    ERROR: 0/0: expected client and server to PASS.
    VERBOSE: 0/1/0: tc=((SSL_DHE_DSS_WITH_DES_CBC_SHA, false, true, true, EXP_PASS), true, false, false, true)
    VERBOSE: 0/1/0: mesg loop #0
    VERBOSE: 0/1/0: mesg loop #1
    ERROR: 0/1/0: java.io.IOException: Broken pipe
    java.io.IOException: Broken pipe
	    at java.net.SocketOutputStream.socketWrite(Native Method)
	    at java.net.SocketOutputStream.write(SocketOutputStream.java:87)
	    at com.sun.net.ssl.internal.ssl.OutputRecord.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
	    at com.sun.net.ssl.internal.ssl.AppInputStream.read([DashoPro-V1.2-120198])
	    at SSLDataComm.recvMesg(SSLDataComm.java:207)
	    at SSLDataComm.doClientWork(SSLDataComm.java:95)
	    at SSLDataComm.run(SSLDataComm.java:61)
	    at java.lang.Thread.run(Thread.java:485)
    VERBOSE: 0/1: client FAILed.
    VERBOSE: 0/1: server PASSed.
    ERROR: 0/1: tc=((SSL_DHE_DSS_WITH_DES_CBC_SHA, false, true, true, EXP_PASS), true, false, false, true)
    ERROR: 0/1: expected client and server to PASS.
    FINALSTATUS:SessionClient:EXIT_FAIL:1:Number of FAILURES:2:TEST FAILED

This bug has been reproduced on the following configurations:

    S2.6/Kestrel server with S2.6/Kestrel client
    S2.6/JDK1.2.2 server with S2.6/JDK1.2.2 client
    S2.6/Kestrel server with S2.6/JDK1.2.2 client
    S2.6/Kestrel server with Win98/Kestrel client
    S2.6/Kestrel server with WinNT/JDK1.2.2 client
    Win98/Kestrel server with S2.6/Kestrel client (two runs to repro)
    WinNT/JDK1.2.2 server with S2.6/Kestrel client (six runs to repro)

    Kestrel version is Build FCS-I

It appears that you need a fast machine to repro this. I used:

    - S2.6, 300MHZ Ultra 30
    - Win98, 450MHZ Pentium III
    - WinNT, 400MHZ Pentium II (difficult to repro here)
Comments
EVALUATION daniel.daugherty@Eng 1999-10-28 Yingxian tracked the immediate cause of this bug down to the closing of the SSLSocket in the SSLDataComm thread. In cases where a second handshake is initiated, that second handshake occurs asynchronously. If the second handshake accesses the SSLSocket after the SSLDataComm thread closes it, then an exception is thrown. On Solaris, "java.io.IOException: Broken pipe" is thrown and on WinNT, a "java.net.SocketException: Connection reset by peer: socket write error" is thrown. Yingxian's analysis shows that the root cause of this bug is the same as: 4282681 2/2 Win*: SocketException with invalidated session and startHandshake() call I am closing this bug as a duplicate of the higher priority bug.
02-09-2004
WORK AROUND
02-09-2004
SUGGESTED FIX
02-09-2004
PUBLIC COMMENTS
02-09-2004