[Mono-bugs] [Bug 78597][Nor] Changed - SSL re-negotiation failure
with Postgres
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Fri Jun 16 11:31:01 EDT 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by sebastien at ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=78597
--- shadow/78597 2006-06-07 09:03:59.000000000 -0400
+++ shadow/78597.tmp.1821 2006-06-16 11:31:01.000000000 -0400
@@ -1,23 +1,23 @@
Bug#: 78597
Product: Mono: Class Libraries
Version: 1.1
-OS: Windows XP
+OS: All
OS Details:
-Status: NEEDINFO
+Status: ASSIGNED
Resolution:
Severity: Unknown
Priority: Normal
Component: Mono.Security
AssignedTo: sebastien at ximian.com
ReportedBy: mfarr at paradise.net.nz
QAContact: mono-bugs at ximian.com
TargetMilestone: ---
URL:
Cc:
-Summary: NRE in SSL/NPGSQL
+Summary: SSL re-negotiation failure with Postgres
Description of Problem:
"Object reference not set to an instance of an object." in
Mono.Security.dll when loading large amounts of data with ssl+npgsql.
Steps to reproduce the problem:
@@ -91,6 +91,97 @@
between SSL and NPGSQL (like in the BufferedStream between them);
- Execute your application (or test case) on Mono (at least on Windows
and if possible on Linux) for both the 2.0 and the 1.1 profile - if it
works then it would indicate that the code depends on a Mono-specific
behaviour.
+
+------- Additional Comments From mfarr at paradise.net.nz 2006-06-08 05:07 -------
+OK, Compiled with 2005.
+
+Issue occurs during connection renegotiation.
+
+ClientRecordProtocol.cs:line 81
+message = this.createServerHandshakeMessage(handshakeType, data);
+//no null check here, createServerHandshakeMessage can return null
+message.Process();<<== this is the line that causes the null reference
+exception, but it is the renegotiation that fails.
+
+Are there renegotiation unit tests somewhere that I can test with?
+
+My Postgresql is running on
+Linux 203-97-254-16 2.6.12-gentoo-r6
+
+start of the related errors in data/postgresql.log
+LOG: SSL SYSCALL error: Connection reset by peer
+LOG: could not receive data from client: Connection reset by peer
+LOG: unexpected EOF on client connection
+LOG: SSL renegotiation failure
+LOG: SSL error: ssl handshake failure
+LOG: could not send data to client: Connection reset by peer
+LOG: SSL error: ssl handshake failure
+LOG: could not receive data from client: Connection reset by peer
+LOG: unexpected EOF on client connection
+LOG: SSL SYSCALL error: Connection reset by peer
+LOG: could not send data to client: Connection reset by peer
+
+
+------- Additional Comments From sebastien at ximian.com 2006-06-08 09:17 -------
+The createServerHandshakeMessage method sends an alert to warn the
+server that it won't re-negotiate, then returns NULL.
+
+So, of course, line 81 will throw a NRE when asked to Process this
+message. The message Update block is protected by a null check.
+
+Please try to add a null check before line 81, like:
+message = this.createServerHandshakeMessage(handshakeType, data);
+if (message != null)
+{
+ message.Process();
+}
+to see if this fix the problem (it should fix the NRE, not sure how
+postgress will react to a no-renegogiation warning).
+
+------- Additional Comments From sebastien at ximian.com 2006-06-09 11:28 -------
+The null check was added in SVN r61588. Please let me know if this
+solve the problem completely - or if anything else fails after that.
+Thanks
+
+------- Additional Comments From mfarr at paradise.net.nz 2006-06-11 16:38 -------
+I get "server returned unknown error" where the type is 0.
+
+Is there any reason in particular why mono.security will not
+renegotiate? Is it just missing the state-machine to handle it?
+
+
+
+------- Additional Comments From sebastien at ximian.com 2006-06-12 09:21 -------
+Hmmm... that doesn't tell much. Is that the exact and only text shown ?
+
+A type of 0 could be, if it's coming from an Alert message, a
+close_notify, which could mean the server refuse to continue (after
+receiving the no_renegotiation). However I don't have enough data to
+be sure of that. Can you please attach an (compressed) ethereal trace
+to the bug ?
+Thanks
+
+Re-negotiation is not implemented because:
+(a) it's a rare event, i.e. we don't have (even unpredictable) test
+cases to replicate it and test it properly. Even your case doesn't fit
+the "normal" case of a renegotiation; and
+(b) it's very CPU intensive, i.e. it greatly affect performance.
+
+
+------- Additional Comments From sebastien at ximian.com 2006-06-12 09:50 -------
+Looks like this is done on purpose, so it should be possible to build
+a predictable test case
+http://archives.postgresql.org/pgsql-interfaces/2003-04/msg00088.php
+http://archives.postgresql.org/pgsql-patches/2003-04/msg00093.php
+
+
+------- Additional Comments From sebastien at ximian.com 2006-06-16 11:31 -------
+Ok, I'm setup to duplicate the issue (it takes about 5 minutes to
+reach the negotiation point).
+
+It seems we're not sending the alert (and doing so doesn't fix the
+issue) and it's obvious, from the NRE, that this case hasn't been tested.
+
More information about the mono-bugs
mailing list