1240552 – No error info logged for io errors with ssl

Bug 1240552 - No error info logged for io errors with ssl

Summary: No error info logged for io errors with ssl

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-cpp
Sub Component:
Version:	3.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	3.2
Target Release:	---
Assignee:	Andrew Stitcher
QA Contact:	Petr Matousek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-07-07 08:32 UTC by Pavel Moravec
Modified:	2019-08-15 04:50 UTC (History)
CC List:	7 users (show)
Fixed In Version:	qpid-cpp-0.34-3
Doc Type:	Bug Fix
Doc Text:	There was a regression in the error messages of the MRG-3.0 release as compared to previous releases. This relates to errors occurring with SSL/TLS connections. In the 3.0 release error related to SSL/TLS were not informative and even appeared not to be errors: ---- Error reading socket: Success(0)` ---- The regression has been fixed and error messages relating to SSL/TLS now have the same information as previous releases.
Clone Of:
Environment:
Last Closed:	2015-10-08 13:10:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Apache JIRA	QPID-6435	0	None	None	None	Never
Red Hat Product Errata	RHEA-2015:1879	0	normal	SHIPPED_LIVE	Red Hat Enterprise MRG Messaging 3.2 Release	2015-10-08 17:07:53 UTC

Description Pavel Moravec 2015-07-07 08:32:03 UTC

Description of problem:
Prior 3.0, broker provided NSS error details like:

2015-06-30 10:37:27 [Security] error Error reading socket: SSL peer cannot verify your certificate. [-12271]

These details are now hidden due to QPID-4272. Please extend broker logs by the NSS error details back, i.e. fix&backport QPID-6435.


Version-Release number of selected component (if applicable):
0.22-*, 0.30-* 


How reproducible:
100%


Steps to Reproduce:
1. Run broker with SSL enabled / enforced.
2. Try to login to the broker with invalid SSL cert or anyhow else to get auth/SSL failure.
3. Check qpid logs for details.


Actual results:
broker logs just general errors from IO and not from SSL, like:

2015-06-30 10:39:01 [System] error Error reading socket: Success(0)
or
2015-06-30 10:42:01 [System] error Error reading socket: No such file or directory(2)

Expected results:
Same errors like in MRG 2.* / 0.18 brokers (see Description for an example)


Additional info:

Comment 2 Andrew Stitcher 2015-08-20 07:56:05 UTC

This issue is now fixed upstream on trunk:

https://svn.apache.org/r1696715

Comment 4 Petr Matousek 2015-09-15 17:01:57 UTC

This issue has been fixed. Verified on rhel6.7 (i386, x86_64) and rhel7.1 (x86_64). NSS error are logged again.

packages:
qpid-cpp-0.34-4

-> VERIFIED

Comment 6 Scott Mumford 2015-09-30 02:26:19 UTC

Thanks for the draft text Andrew.

Marking for inclusion in the 3.2 Release Notes.

Comment 8 errata-xmlrpc 2015-10-08 13:10:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-1879.html

Note You need to log in before you can comment on or make changes to this bug.