glassfish
  1. glassfish
  2. GLASSFISH-10535

ORB SSL : "IOP00710220: (INTERNAL) Error in GIOP magic"

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: V3
    • Fix Version/s: V3
    • Component/s: orb
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      10,535

      Description

      We are trying to test issue
      https://glassfish.dev.java.net/issues/show_bug.cgi?id=8602

      after the dependent issue 8861 was fixed recently by Ken C.

      The SSL handshake now fails in the very initial stages with error (INTERNAL)
      Error in GIOP magic" on the server side.

      Here is the stack trace :
      -------------------------------
      23T17:44:37.471+0530|WARNING|glassfish|javax.enterprise.resource.corba.ee.CORBA.rpc.protocol|_ThreadID=23;_ThreadName=Thread-1;|"IOP00710220:
      (INTERNAL) Error in GIOP magic"
      org.omg.CORBA.INTERNAL: vmcid: SUN minor code: 220 completed: Maybe
      at
      com.sun.corba.ee.impl.logging.ORBUtilSystemException.giopMagicError(ORBUtilSystemException.java:5910)
      at
      com.sun.corba.ee.impl.logging.ORBUtilSystemException.giopMagicError(ORBUtilSystemException.java:5924)
      at
      com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.parseGiopHeader(MessageBase.java:196)
      at
      com.sun.corba.ee.impl.protocol.MessageParserImpl.parseBytes(MessageParserImpl.java:181)
      at
      com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.parseBytesAndDispatchMessages(SocketOrChannelConnectionImpl.java:1829)
      at
      com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.doOptimizedReadStrategy(SocketOrChannelConnectionImpl.java:1656)
      at
      com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.doWork(SocketOrChannelConnectionImpl.java:1216)
      at
      com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:492)
      at
      com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:527)
      ------------------------

      We enabled SSL debugging on the client and see the following :

      --------------------------------

        • ClientHello, TLSv1
          RandomCookie: GMT: 1239457325 bytes = { 57, 147, 106, 112, 253, 66, 74, 48, 152, 7, 228, 231, 83, 105, 73, 170, 196, 213, 12, 167, 106, 199, 37, 3, 120, 240, 176, 126 }

          Session ID: {}
          Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
          TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
          TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
          SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
          SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
          SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
          SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
          SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
          Compression Methods:

          { 0 }

          ***
          [write] MD5 and SHA1 hashes: len = 73
          0000: 01 00 00 45 03 01 4A E1 9E 2D 39 93 6A 70 FD 42 ...E..J..-9.jp.B
          0010: 4A 30 98 07 E4 E7 53 69 49 AA C4 D5 0C A7 6A C7 J0....SiI.....j.
          0020: 25 03 78 F0 B0 7E 00 00 1E 00 04 00 05 00 2F 00 %.x.........../.
          0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
          0040: 03 00 08 00 14 00 11 01 00 .........
          p: default-threadpool; w: 3, WRITE: TLSv1 Handshake, length = 73
          [write] MD5 and SHA1 hashes: len = 98
          0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
          0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
          0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
          0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
          0040: 00 11 4A E1 9E 2D 39 93 6A 70 FD 42 4A 30 98 07 ..J..-9.jp.BJ0..
          0050: E4 E7 53 69 49 AA C4 D5 0C A7 6A C7 25 03 78 F0 ..SiI.....j.%.x.
          0060: B0 7E ..
          p: default-threadpool; w: 3, WRITE: SSLv2 client hello message, length = 98
          [Raw write]: length = 100
          0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... .....
          0010: 80 00 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A ....../..3..2...
          0020: 07 00 C0 00 00 16 00 00 13 00 00 09 06 00 40 00 ..............@.
          0030: 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 00 ................
          0040: 14 00 00 11 4A E1 9E 2D 39 93 6A 70 FD 42 4A 30 ....J..-9.jp.BJ0
          0050: 98 07 E4 E7 53 69 49 AA C4 D5 0C A7 6A C7 25 03 ....SiI.....j.%.
          0060: 78 F0 B0 7E x...
          [Raw read]: length = 5
          0000: 47 49 4F 50 01 GIOP.
          p: default-threadpool; w: 3, handling exception: javax.net.ssl.SSLException:
          Unrecognized SSL message, plaintext connection?
          p: default-threadpool; w: 3, SEND TLSv1 ALERT: fatal, description =
          unexpected_message
          p: default-threadpool; w: 3, WRITE: TLSv1 Alert, length = 2
          [Raw write]: length = 7
          0000: 15 03 01 00 02 02 0A .......
          p: default-threadpool; w: 3, called closeSocket()
          main, called close()
          main, called closeInternal(true)
          23 Oct, 2009 5:44:37 PM applicationclient4.Main lookupNewSessionBean
          SEVERE: exception caught
          java.rmi.MarshalException: CORBA COMM_FAILURE 1398079691 Maybe; nested exception
          is:
          org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 203 completed: Maybe
          at com.sun.corba.ee.impl.javax.rmi.CORBA.Util.mapSystemException(Util.java:270)
          at
          com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:197)
          at
          com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.invoke(StubInvocationHandlerImpl.java:144)
          at
          com.sun.corba.ee.impl.presentation.rmi.codegen.CodegenStubBase.invoke(CodegenStubBase.java:225)
          at
          test._NewSessionRemoteHome_DynamicStub.create(test/_NewSessionRemoteHome_DynamicStub.java)
          at applicationclient4.Main.lookupNewSessionBean(Main.java:40)
          at applicationclient4.Main.main(Main.java:31)
          Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 203 completed:
          Maybe
          at
          com.sun.corba.ee.impl.logging.ORBUtilSystemException.writeErrorSend(ORBUtilSystemException.java:3402)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.sendWithoutLock(SocketOrChannelConnectionImpl.java:1127)
          at
          com.sun.corba.ee.impl.encoding.BufferManagerWriteStream.sendFragment(BufferManagerWriteStream.java:148)
          at
          com.sun.corba.ee.impl.encoding.BufferManagerWriteStream.sendMessage(BufferManagerWriteStream.java:162)
          at
          com.sun.corba.ee.impl.encoding.CDROutputObject.finishSendingMessage(CDROutputObject.java:180)
          at
          com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.finishSendingRequest(CorbaMessageMediatorImpl.java:275)
          at
          com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete1(CorbaClientRequestDispatcherImpl.java:392)
          at
          com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(CorbaClientRequestDispatcherImpl.java:364)
          at
          com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.invoke(CorbaClientDelegateImpl.java:235)
          at
          com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:184)
          ... 5 more
          Caused by: javax.net.ssl.SSLException: Connection has been shutdown:
          javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1255)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1267)
          at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:43)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.write(SocketOrChannelConnectionImpl.java:764)
          at com.sun.corba.ee.impl.encoding.CDROutputObject.writeTo(CDROutputObject.java:221)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.sendWithoutLock(SocketOrChannelConnectionImpl.java:1113)
          ... 13 more
          Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
          connection?
          at
          com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523)
          at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
          at
          com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
          at
          com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
          at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readFully(SocketOrChannelConnectionImpl.java:653)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:477)
          at
          com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPHeader(MessageBase.java:133)
          at
          com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPMessage(MessageBase.java:121)
          at
          com.sun.corba.ee.impl.transport.CorbaContactInfoBase.createMessageMediator(CorbaContactInfoBase.java:150)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:374)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:341)
          at
          com.sun.corba.ee.impl.transport.ReaderThreadImpl.doWork(ReaderThreadImpl.java:113)
          at
          com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:492)
          at
          com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:527)
          Exception in thread "main" java.lang.RuntimeException:
          java.rmi.MarshalException: CORBA COMM_FAILURE 1398079691 Maybe; nested exception
          is:
          org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 203 completed: Maybe
          at applicationclient4.Main.lookupNewSessionBean(Main.java:49)
          at applicationclient4.Main.main(Main.java:31)
          Caused by: java.rmi.MarshalException: CORBA COMM_FAILURE 1398079691 Maybe;
          nested exception is:
          org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 203 completed: Maybe
          at com.sun.corba.ee.impl.javax.rmi.CORBA.Util.mapSystemException(Util.java:270)
          at
          com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:197)
          at
          com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.invoke(StubInvocationHandlerImpl.java:144)
          at
          com.sun.corba.ee.impl.presentation.rmi.codegen.CodegenStubBase.invoke(CodegenStubBase.java:225)
          at
          test._NewSessionRemoteHome_DynamicStub.create(test/_NewSessionRemoteHome_DynamicStub.java)
          at applicationclient4.Main.lookupNewSessionBean(Main.java:40)
          ... 1 more
          Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 203 completed:
          Maybe
          at
          com.sun.corba.ee.impl.logging.ORBUtilSystemException.writeErrorSend(ORBUtilSystemException.java:3402)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.sendWithoutLock(SocketOrChannelConnectionImpl.java:1127)
          at
          com.sun.corba.ee.impl.encoding.BufferManagerWriteStream.sendFragment(BufferManagerWriteStream.java:148)
          at
          com.sun.corba.ee.impl.encoding.BufferManagerWriteStream.sendMessage(BufferManagerWriteStream.java:162)
          at
          com.sun.corba.ee.impl.encoding.CDROutputObject.finishSendingMessage(CDROutputObject.java:180)
          at
          com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.finishSendingRequest(CorbaMessageMediatorImpl.java:275)
          at
          com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete1(CorbaClientRequestDispatcherImpl.java:392)
          at
          com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(CorbaClientRequestDispatcherImpl.java:364)
          at
          com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.invoke(CorbaClientDelegateImpl.java:235)
          at
          com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:184)
          ... 5 more
          Caused by: javax.net.ssl.SSLException: Connection has been shutdown:
          javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1255)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1267)
          at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:43)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.write(SocketOrChannelConnectionImpl.java:764)
          at com.sun.corba.ee.impl.encoding.CDROutputObject.writeTo(CDROutputObject.java:221)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.sendWithoutLock(SocketOrChannelConnectionImpl.java:1113)
          ... 13 more
          Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
          connection?
          at
          com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523)
          at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
          at
          com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
          at
          com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
          at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readFully(SocketOrChannelConnectionImpl.java:653)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:477)
          at
          com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPHeader(MessageBase.java:133)
          at
          com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPMessage(MessageBase.java:121)
          at
          com.sun.corba.ee.impl.transport.CorbaContactInfoBase.createMessageMediator(CorbaContactInfoBase.java:150)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:374)
          at
          com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:341)
          at
          com.sun.corba.ee.impl.transport.ReaderThreadImpl.doWork(ReaderThreadImpl.java:113)
          at
          com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:492)
          at
          com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:527)

      ------------------------------

        Issue Links

          Activity

          Hide
          kumarjayanti added a comment -

          We verified that the port being used by the client is 3920 for SSL_MUTUAL_AUTH
          and the client does create an SSLSocket as can be seen from the exception stack
          trace.

          Steps to reproduce :

          1. asadmin deploy EjbModule8.jar
          2. appclient
          -Djavax.net.ssl.keyStore=<gfv3.home>/glassfish/domains/domain1/config/keystore.jks
          -Djavax.net.ssl.trustStore=<gfv3.home>/glassfish/domains/domain1/config/cacerts.jks
          -Djavax.net.debug=all -client appClient4.jar

          Attaching EjbModule8.jar and appClient4.jar

          Show
          kumarjayanti added a comment - We verified that the port being used by the client is 3920 for SSL_MUTUAL_AUTH and the client does create an SSLSocket as can be seen from the exception stack trace. Steps to reproduce : 1. asadmin deploy EjbModule8.jar 2. appclient -Djavax.net.ssl.keyStore=<gfv3.home>/glassfish/domains/domain1/config/keystore.jks -Djavax.net.ssl.trustStore=<gfv3.home>/glassfish/domains/domain1/config/cacerts.jks -Djavax.net.debug=all -client appClient4.jar Attaching EjbModule8.jar and appClient4.jar
          Hide
          kumarjayanti added a comment -

          Created an attachment (id=3602)
          appClient4.jar

          Show
          kumarjayanti added a comment - Created an attachment (id=3602) appClient4.jar
          Hide
          kumarjayanti added a comment -

          Created an attachment (id=3603)
          EjbModule8.jar

          Show
          kumarjayanti added a comment - Created an attachment (id=3603) EjbModule8.jar
          Hide
          kumarjayanti added a comment -

          We also tried One-Way SSL and we essentially see the same exception. I am not
          aware of GIOP details but the client seems to send the following :

          [Raw read]: length = 5
          0000: 47 49 4F 50 01 GIOP.

          and somehow the server when trying to parse this throws the exception.

          com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.parseGiopHeader(MessageBase.java:196)

          Show
          kumarjayanti added a comment - We also tried One-Way SSL and we essentially see the same exception. I am not aware of GIOP details but the client seems to send the following : [Raw read] : length = 5 0000: 47 49 4F 50 01 GIOP. and somehow the server when trying to parse this throws the exception. com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.parseGiopHeader(MessageBase.java:196)
          Hide
          kumarjayanti added a comment -

          adding sudarsan to CC list

          Show
          kumarjayanti added a comment - adding sudarsan to CC list
          Hide
          haroldcarr added a comment -

          looks like a bug in org.glassfish.enterprise.iiop.impl.PEORBConfigurator

          Show
          haroldcarr added a comment - looks like a bug in org.glassfish.enterprise.iiop.impl.PEORBConfigurator
          Hide
          haroldcarr added a comment -

          Seems to be working now.

          Show
          haroldcarr added a comment - Seems to be working now.
          Hide
          Ken Cavanaugh added a comment -

          Harold fixed an error in CORBA acceptor initialization, so this part of
          the problem is finished.

          Show
          Ken Cavanaugh added a comment - Harold fixed an error in CORBA acceptor initialization, so this part of the problem is finished.

            People

            • Assignee:
              haroldcarr
              Reporter:
              kumarjayanti
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: