Chunked transfer encoding and SSL

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 6.1.18
Fix Version/s: 6.1.20
Component/s: Security and SSL
Labels:
None

Number of attachments :
1

Description

I am using transfer-encoding and Continuations quite happily and have been
for a while, which enables a Duplex Http connection. This works if I just use HTTP

The problem is when this happens through the SSL connector, no data is sent
to the client. The First part (Chunk) of the response is correctly written,
but not data reaches the client after that.

Is there something that has to happen differently when SSL is used over
chunked encoding?

The connections are still valid, and it is possible to write to the response
output stream, it just doesn't seem to be going on the wire.

The stream is being flushed, and I am wrapping the message in the correct
Chunked Encoding headers and this works a dream just using HTTP.

Its not a cert thing, as I can access the web server using https and the SSL
hadshake completes OK.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

ChunkingTest.java

17/Aug/09 10:54 AM

5 kB

Rob Beazizo

Issue Links

is duplicated by

JETTY-1087 Request chunking not working with HTTPS

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Greg Wilkins added a comment - 30/Jun/09 1:45 AM

Darren,

sorry but not enough information for us to investigate.

SSL definitely works with chunked responses
and it also works with continuations.

I don't have any test harnesses that do SSL with chunking and continuations, so I can't test exactly your use-case. If you could put together a simple test case that demonstrates this issue, then please re-open this issue.

Show

Greg Wilkins added a comment - 30/Jun/09 1:45 AM Darren, sorry but not enough information for us to investigate. SSL definitely works with chunked responses and it also works with continuations. I don't have any test harnesses that do SSL with chunking and continuations, so I can't test exactly your use-case. If you could put together a simple test case that demonstrates this issue, then please re-open this issue.

Hide

Permalink

Darren Hudson added a comment - 30/Jun/09 2:14 AM

Hi Greg, Here is what the servelt code is doing,

private void setUpDuplexConnection(HttpServletRequest request,
HttpServletResponse response) {

if(request.getAttribute(DUPLEX_REQUEST_ATTRIBUTE) != null)

{ // We have seen this before, so this must be the close request return; }

theLogger.fine("setUpDuplexConnection...");

Continuation continuation = null;

try {
HTTPDuplexClient client = new HTTPDuplexClient(request, response);

client.accept();

// Stop mux processing..
client.changeStateToProcessing();

client.handleHandshake();

TopicSet topicSet = new TopicSet(request
.getHeader(BaseWebClientDetail.TOPIC));

if (theLogger.isFineLogging())

{ theLogger.fine("DiffusionServlet: Adding client " + client.getClientID() + " with topics " + topicSet); }

// Do some topic stuff here...
client.clientSubscribe(topicSet);

client.notifyConnection();

theClients.put(client.getClientID(), client);

theDuplexClientProcessor.addDuplexClient(client);

request.setAttribute(DUPLEX_REQUEST_ATTRIBUTE, client.getClientID());

continuation = ContinuationSupport.getContinuation(
request, client);

client.setContinuation(continuation);
} catch (Exception ex)

{ theLogger.warning("Problem with Duplex request", ex); }

// Time to sleep
// NB: This throws a runtime exception, so make sure there is no catch
// try around the suspend
// Sleep for ever
continuation.suspend(0);
}

This works fine for normal HTTP transport, but when other thread sends information to the output stream and its SSL then the client never receives any responses

Show

Darren Hudson added a comment - 30/Jun/09 2:14 AM Hi Greg, Here is what the servelt code is doing, private void setUpDuplexConnection(HttpServletRequest request, HttpServletResponse response) { if(request.getAttribute(DUPLEX_REQUEST_ATTRIBUTE) != null) { // We have seen this before, so this must be the close request return; } theLogger.fine("setUpDuplexConnection..."); Continuation continuation = null; try { HTTPDuplexClient client = new HTTPDuplexClient(request, response); client.accept(); // Stop mux processing.. client.changeStateToProcessing(); client.handleHandshake(); TopicSet topicSet = new TopicSet(request .getHeader(BaseWebClientDetail.TOPIC)); if (theLogger.isFineLogging()) { theLogger.fine("DiffusionServlet: Adding client " + client.getClientID() + " with topics " + topicSet); } // Do some topic stuff here... client.clientSubscribe(topicSet); client.notifyConnection(); theClients.put(client.getClientID(), client); theDuplexClientProcessor.addDuplexClient(client); request.setAttribute(DUPLEX_REQUEST_ATTRIBUTE, client.getClientID()); continuation = ContinuationSupport.getContinuation( request, client); client.setContinuation(continuation); } catch (Exception ex) { theLogger.warning("Problem with Duplex request", ex); } // Time to sleep // NB: This throws a runtime exception, so make sure there is no catch // try around the suspend // Sleep for ever continuation.suspend(0); } This works fine for normal HTTP transport, but when other thread sends information to the output stream and its SSL then the client never receives any responses

Hide

Permalink

Rob Beazizo added a comment - 17/Aug/09 10:17 AM

This is happening for me too. I've attached a test program that reproduces the error.

Show

Rob Beazizo added a comment - 17/Aug/09 10:17 AM This is happening for me too. I've attached a test program that reproduces the error.

Hide

Permalink

Rob Beazizo added a comment - 17/Aug/09 10:17 AM

Hit ENTER too early :^(

Show

Rob Beazizo added a comment - 17/Aug/09 10:17 AM Hit ENTER too early :^(

Hide

Permalink

Rob Beazizo added a comment - 17/Aug/09 10:32 AM

Argh!

When "https" is true, the program reads the first 122 bytes then blocks on the second read at this stack when trying to read from the input stream on the servlet side:

Thread [1658468894@qtp0-4] (Suspended)
Object.wait(long) line: not available [native method] [local variables unavailable]
SslHttpChannelEndPoint(SelectChannelEndPoint).blockReadable(long) line: 243
HttpParser$Input.blockForContent() line: 1147
HttpParser$Input.read(byte[], int, int) line: 1103
HttpParser$Input(InputStream).read(byte[]) line: 85
ChunkingTest$Test.doPost(HttpServletRequest, HttpServletResponse) line: 70
ChunkingTest$Test(HttpServlet).service(HttpServletRequest, HttpServletResponse) line: 760
ChunkingTest$Test(HttpServlet).service(ServletRequest, ServletResponse) line: 853
ServletHolder.handle(ServletRequest, ServletResponse) line: 502
ServletHandler.handle(String, HttpServletRequest, HttpServletResponse, int) line: 363
Server(HandlerWrapper).handle(String, HttpServletRequest, HttpServletResponse, int) line: 152
Server.handle(HttpConnection) line: 324
HttpConnection.handleRequest() line: 534
HttpConnection$RequestHandler.content(Buffer) line: 879
HttpParser.parseNext() line: 828
HttpParser.parseAvailable() line: 207
HttpConnection.handle() line: 403
SslHttpChannelEndPoint(SelectChannelEndPoint).run() line: 409
QueuedThreadPool$PoolThread.run() line: 522

When "https" is false, then you see the output:

read chunk: 122
read chunk: 122
NEVER GETS HERE WHEN SERVER IS HTTPS !!!!!

Anyways, probably something I'm doing wrong.

Show

Rob Beazizo added a comment - 17/Aug/09 10:32 AM Argh! When "https" is true, the program reads the first 122 bytes then blocks on the second read at this stack when trying to read from the input stream on the servlet side: Thread [1658468894@qtp0-4] (Suspended) Object.wait(long) line: not available [native method] [local variables unavailable] SslHttpChannelEndPoint(SelectChannelEndPoint).blockReadable(long) line: 243 HttpParser$Input.blockForContent() line: 1147 HttpParser$Input.read(byte[], int, int) line: 1103 HttpParser$Input(InputStream).read(byte[]) line: 85 ChunkingTest$Test.doPost(HttpServletRequest, HttpServletResponse) line: 70 ChunkingTest$Test(HttpServlet).service(HttpServletRequest, HttpServletResponse) line: 760 ChunkingTest$Test(HttpServlet).service(ServletRequest, ServletResponse) line: 853 ServletHolder.handle(ServletRequest, ServletResponse) line: 502 ServletHandler.handle(String, HttpServletRequest, HttpServletResponse, int) line: 363 Server(HandlerWrapper).handle(String, HttpServletRequest, HttpServletResponse, int) line: 152 Server.handle(HttpConnection) line: 324 HttpConnection.handleRequest() line: 534 HttpConnection$RequestHandler.content(Buffer) line: 879 HttpParser.parseNext() line: 828 HttpParser.parseAvailable() line: 207 HttpConnection.handle() line: 403 SslHttpChannelEndPoint(SelectChannelEndPoint).run() line: 409 QueuedThreadPool$PoolThread.run() line: 522 When "https" is false, then you see the output: read chunk: 122 read chunk: 122 NEVER GETS HERE WHEN SERVER IS HTTPS !!!!! Anyways, probably something I'm doing wrong.

Hide

Permalink

Rob Beazizo added a comment - 17/Aug/09 10:54 AM

Slight problem with the first version, this one is more correct...

Show

Rob Beazizo added a comment - 17/Aug/09 10:54 AM Slight problem with the first version, this one is more correct...

Hide

Permalink

Rob Beazizo added a comment - 17/Aug/09 11:11 AM

Also, note that I've tried both JDK 1.5 and 1.6, and both have the same problem.

Show

Rob Beazizo added a comment - 17/Aug/09 11:11 AM Also, note that I've tried both JDK 1.5 and 1.6, and both have the same problem.

Hide

Permalink

Rob Beazizo added a comment - 17/Aug/09 11:12 AM

I also tried changing the test program to use Apache HttpClient instead of HttpsURLConnection (and using its chunking). It resulted in the same problem on the server side.

Show

Rob Beazizo added a comment - 17/Aug/09 11:12 AM I also tried changing the test program to use Apache HttpClient instead of HttpsURLConnection (and using its chunking). It resulted in the same problem on the server side.

Hide

Permalink

Greg Wilkins added a comment - 08/Sep/09 2:42 AM

This looks to be the same

Show

Greg Wilkins added a comment - 08/Sep/09 2:42 AM This looks to be the same

Hide

Permalink

Greg Wilkins added a comment - 08/Sep/09 2:43 AM

This was fixed as ~~JETTY-1087~~ and your test program works in 6.1.20

Show

Greg Wilkins added a comment - 08/Sep/09 2:43 AM This was fixed as JETTY-1087 and your test program works in 6.1.20

People

Assignee:

Greg Wilkins

Reporter:

Darren Hudson

Vote (0)

Watch (1)

Dates

Created:

15/Jun/09 8:25 AM

Updated:

08/Sep/09 2:43 AM

Resolved:

08/Sep/09 2:43 AM