1029780 – C++ client connecting on SSL fails before its closing

Bug 1029780 - C++ client connecting on SSL fails before its closing

Summary: C++ client connecting on SSL fails before its closing

Keywords:
Status:	CLOSED DUPLICATE of bug 1024832
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-cpp
Sub Component:
Version:	Development
Hardware:	Unspecified
OS:	Windows
Priority:	high
Severity:	high
Target Milestone:	3.0
Target Release:	---
Assignee:	Chuck Rolke
QA Contact:	MRG Quality Engineering
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-13 08:12 UTC by Petra Svobodová
Modified:	2013-12-06 17:08 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-19 18:59:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Petra Svobodová 2013-11-13 08:12:59 UTC

Description of problem:
C++ client on Windows connecting via SSL sends or receives all messages and fails before closing. 
If SSL connection cannot be opened (due missing certificate for example), the client fails sometimes too, but with less frequency. 

Version-Release number of selected component (if applicable):
qpid-cpp-win-3.22.24.1-1

How reproducible:
about 1% cases; more often on Windows7-x86 and Windows Server2008-x86, but occurs also on 64bit architectures

Steps to Reproduce:
1. Unpack and build C++ examples.
2. On the linux machine create nss database and generate SSL certificates:
# mkdir qpid_nss_db
# cd qpid_nss_db/
# echo password > ssl_pw_file.txt
# certutil -N -d . -f ssl_pw_file.txt
# certutil -S -d . -n rootCA -s "CN=rootCA" -t "CT,," -x -m 1000 -v 120 -f ssl_pw_file.txt
# certutil -S -n "<server_cert_name>" -s "CN="<hostname> -c rootCA -t ",," -m 1001 -v 120 -d . -f ssl_pw_file.txt
# certutil -S -n client -s "CN=client" -t ",," -m 1002 -v 120 -c rootCA -d . -f ssl_pw_file.txt

3. Create a directory, export certificate of authority into .cer format, copy it on the Windows machine and install it into Trusted Root Certification Authorities.

4. Run a broker with configuration:
  # cat /etc/qpid/qpidd.conf
ssl-require-client-authentication=no
ssl-sasl-no-dict=no
log-to-file=/var/lib/qpidd/qpidd.log
ssl-port=5671
truncate=yes
log-enable=debug+
ssl-cert-password-file=/var/lib/qpidd/qpid_nss_db/ssl_pw_file.txt                                                   
ssl-cert-name=<server_cert_name>         
auth=no                 
ssl-cert-db=/var/lib/qpidd/qpid_nss_db

5. Run spout.exe/drain.exe examples in loop:
spout.exe --broker <hostname>:5671 --connection-options {transport:ssl} --content "HELLO" "addr;{create:always}"

Actual results:
The client application sends/receives messages and before its closing fails (returns exit code -1073741819).

Expected results:
The application should close cleanly and return exit code 0.

Comment 2 Chuck Rolke 2013-11-19 18:59:45 UTC

SSL is not the issue here. This is the same access violation as bz1030219.

*** This bug has been marked as a duplicate of bug 1030219 ***

Comment 3 Chuck Rolke 2013-12-06 17:08:52 UTC

After analyzing crash stacks in bz1030219 this crash in NOT the same. However, it is a duplicate of bz1024832 instead.

CRYPT32!ReleaseContextElement+0x13
CRYPT32!CertFreeCRLContext+0x17
qpidclientd!qpid::client::windows::SslConnector::~SslConnector+0x6c
qpidclientd!qpid::client::windows::SslConnector::`scalar deleting destructor'+0x31

*** This bug has been marked as a duplicate of bug 1024832 ***

Note You need to log in before you can comment on or make changes to this bug.