Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix] TLS verification hang on JRuby #2890

Merged
merged 9 commits into from
Jun 1, 2022
Merged

[fix] TLS verification hang on JRuby #2890

merged 9 commits into from
Jun 1, 2022

Conversation

kares
Copy link
Contributor

@kares kares commented May 31, 2022
edited

Description

The native JRuby extension was not utilizing the Java SSL API properly.
With certain buffering scenarios the internal delegated task was not executed.
This lead to issues such as #2729 (which contains a reproducer).

Closes #2729

Your checklist for this pull request

  • I have reviewed the guidelines for contributing to this repository.
  • I have added (or updated) appropriate tests if this PR fixes a bug or adds a feature.
  • My pull request is 100 lines added/removed or less so that it can be easily reviewed.
  • If this PR doesn't need tests (docs change), I added [ci skip] to the title of the PR.
  • If this closes any issues, I have added "Closes #issue" to the PR description or my commit messages.
  • I have updated the documentation accordingly.
  • All new and existing tests passed, including Rubocop.

kares added 9 commits May 31, 2022 11:11
@kares
[fix] jruby hang with TLS due not executing task
d1731a5 
basically the use of Java SSL API was incorrect ...

and reproduced when verification is enabled - the engine needs
to execute a task but the handling code was not reached
@kares
Revert "[fix] jruby hang with TLS due not executing task"
3c5727f 
This reverts commit d1731a5.
@kares
[chore] re-generate certs with a subjectAltName ext
a1b01a1
@kares
[test] more ssl test with server verify peer
8e462c8
@kares
[test] a proper rperoducer for the TLS hang in JRuby
075685a
@kares
[test] cleanup and better naming
e2f0a91
@kares
Revert "[chore] re-generate certs with a subjectAltName ext"
e40fa7c 
This reverts commit a1b01a1.
@kares
Revert "Revert "[fix] jruby hang with TLS due not executing task""
e7a482b 
This reverts commit 3c5727f.
@kares
[test] restore ssl run - hangs with peer on MRI
0e940f4
@kares kares marked this pull request as ready for review May 31, 2022 16:05
@kares kares mentioned this pull request May 31, 2022
Closed
@MSP-Greg
Copy link
Member

@kares Thanks again. Would you like me to cancel the older CI runs?

@MSP-Greg MSP-Greg merged commit dfe46ad into puma:master Jun 1, 2022
nateberkopec pushed a commit that referenced this pull request Aug 22, 2022
@kares @nateberkopec
[fix] TLS verification hang on JRuby (#2890)
470df09 
* [fix] jruby hang with TLS due not executing task

basically the use of Java SSL API was incorrect and reproduced when verification is enabled - the engine needs to execute a task but the handling code was not reached

* Revert "[fix] jruby hang with TLS due not executing task"

This reverts commit d1731a5.

* [chore] re-generate certs with a subjectAltName ext

* [test] more ssl test with server verify peer

* [test] a proper reproducer for the TLS hang in JRuby

* [test] cleanup and better naming

* Revert "[chore] re-generate certs with a subjectAltName ext"

This reverts commit a1b01a1.

* Revert "Revert "[fix] jruby hang with TLS due not executing task""

This reverts commit 3c5727f.

* [test] restore ssl run - hangs with peer on MRI
JuanitoFatas pushed a commit to JuanitoFatas/puma that referenced this pull request Sep 9, 2022
@kares @JuanitoFatas
[fix] TLS verification hang on JRuby (puma#2890)
5b8d672 
* [fix] jruby hang with TLS due not executing task

basically the use of Java SSL API was incorrect and reproduced when verification is enabled - the engine needs to execute a task but the handling code was not reached

* Revert "[fix] jruby hang with TLS due not executing task"

This reverts commit d1731a5.

* [chore] re-generate certs with a subjectAltName ext

* [test] more ssl test with server verify peer

* [test] a proper reproducer for the TLS hang in JRuby

* [test] cleanup and better naming

* Revert "[chore] re-generate certs with a subjectAltName ext"

This reverts commit a1b01a1.

* Revert "Revert "[fix] jruby hang with TLS due not executing task""

This reverts commit 3c5727f.

* [test] restore ssl run - hangs with peer on MRI
dentarg
dentarg reviewed Feb 12, 2023
View reviewed changes
test/test_integration_ssl.rb
@@ -93,6 +93,48 @@ def test_ssl_run
end
end

def test_ssl_run_with_curl_client
skip_if :windows; require 'stringio'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kares was the stringio require here intentional?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dentarg dentarg dentarg left review comments

Assignees
No one assigned
Labels
bug jruby ssl
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

JRuby verify_mode: peer (force_peer) hang
3 participants
@kares @MSP-Greg @dentarg