Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-170

ASF Bug 57931 – NIO connector incorrectly closes connection when client certificate verification fails

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • JWS 3.0.3 ER1
    • JWS 3.0.1 DR1
    • tomcat8
    • None

    Description

      ASF Bug 57931 – NIO connector incorrectly closes connection when client certificate verification fails

      Ensure that TLS connections with the NIO or NIO2 HTTP connectors that experience issues during the handhshake (e.g. missing or invalid client certificate) are closed cleanly and that the client receives the correct error code rather than simply closing the connection.

      If tomcat is set to use TLS and clientAuth="want" or clientAuth="true", it appears the NIO connector closes the connection in response to an untrusted client certificate. This behavior differs from the BIO connector, and violates RFC 5246, which states that a fatal alert must be provided if "some aspect of the cert chain was unacceptable". By closing the connection, this causes OpenSSL to provide an obscure error "Unexpected EOF", which indicates the TLS protocol was violated.

      https://bz.apache.org/bugzilla/show_bug.cgi?id=57931
      http://svn.apache.org/r1680256

      Attachments

        Activity

          People

            rhn-support-csutherl Coty Sutherland
            dknox_jira David Knox (Inactive)
            Jan Štefl Jan Štefl
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: