-
Bug
-
Resolution: Fixed
-
P2
-
1.0
-
1.0.1
-
sparc
-
solaris_7
The LDAP service provider in JNDI provokes a race condition in JSSE when
running on the JDK 1.3 platform. JNDI programs hang once the SSL handshake
completes. The problem doesn't occur when running on the JDK 1.2.x.
To reproduce the problem follow these steps:
1) Configure an LDAP server on HOSTNAME to accept SSL connections on port 636.
2) Ensure that JDK 1.3 is installed.
3) Install the JSSE 1.0 jars in the jre/lib/ext directory.
4) Import the LDAP server's certificate into the cacerts keystore in the
jre/lib/security directory. For example,
keytool -import -file server.crt -keystore cacerts
5) Run the JNDI program below with the following arguments:
/usr/local/java/jdk1.3/bin/java
-Djavax.net.debug="all"
SSLRead
ldap://HOSTNAME:636
The JNDI program hangs.
To demonstrate the JNDI program running successfully:
1) Ensure that JDK 1.2.2 is installed and follow steps 1, 3 and 4 above.
2) Install the JNDI 1.2.1 jars in the jre/lib/ext directory.
3) Run the JNDI program below with the following arguments:
/usr/local/java/jdk1.2.2/bin/java
-Djavax.net.debug="all"
SSLRead
ldap://HOSTNAME:636
The JNDI program completes successfully.
/*
* Copyright (c) 1997. Sun Microsystems. All rights reserved.
*/
import java.util.Hashtable;
import java.util.Enumeration;
import javax.naming.*;
import javax.naming.directory.*;
/**
* Display the attributes present at a given LDAP entry.
* Uses SSL and LDAP anonymous authentication.
*/
public class SSLRead {
public static void main(String[] args) {
// Register the JSSE provider
java.security.Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider());
int argc = args.length;
if ((argc < 1) ||
((argc == 1) && (args[0].equalsIgnoreCase("-help")))) {
System.out.println("Usage: SSLRead <ldapurl>\n");
System.out.println(" <ldapurl> is the LDAP URL of the entry to read\n
");
System.out.println("example:");
System.out.println(" java SSLRead ldap://oasis:636/o=airius.com");
return;
}
Hashtable env = new Hashtable(5, 0.75f);
/*
* Specify the initial context implementation to use.
* This could also be set by using the -D option to the java program.
* For example,
* java -Djava.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory * Search
*/
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
/* Specify host and port to use for directory service */
env.put(Context.PROVIDER_URL, args[0]);
/* de-activate ManageDsaIT control */
env.put(Context.REFERRAL, "follow");
/* Activate SSL use */
env.put(Context.SECURITY_PROTOCOL, "ssl");
if (args[args.length - 1].equalsIgnoreCase("-trace"))
env.put("com.sun.jndi.ldap.trace.ber", System.out);
try {
/* get a handle to an Initial DirContext */
DirContext ctx = new InitialDirContext(env);
System.out.println("[SSL connection is established]");
System.out.println();
Attributes attrs = ctx.getAttributes("");
if (attrs == null) {
System.out.println("No attributes");
} else {
/* print each attribute */
for (NamingEnumeration ae = attrs.getAll();
ae.hasMoreElements();) {
Attribute attr = (Attribute)ae.next();
String attrId = attr.getID();
/* print each value */
for (Enumeration vals = attr.getAll();
vals.hasMoreElements();
System.out.println(attrId + ": " + vals.nextElement()))
;
}
}
} catch (NamingException e) {
System.err.println("SSLRead failed.");
e.printStackTrace();
}
}
}
running on the JDK 1.3 platform. JNDI programs hang once the SSL handshake
completes. The problem doesn't occur when running on the JDK 1.2.x.
To reproduce the problem follow these steps:
1) Configure an LDAP server on HOSTNAME to accept SSL connections on port 636.
2) Ensure that JDK 1.3 is installed.
3) Install the JSSE 1.0 jars in the jre/lib/ext directory.
4) Import the LDAP server's certificate into the cacerts keystore in the
jre/lib/security directory. For example,
keytool -import -file server.crt -keystore cacerts
5) Run the JNDI program below with the following arguments:
/usr/local/java/jdk1.3/bin/java
-Djavax.net.debug="all"
SSLRead
ldap://HOSTNAME:636
The JNDI program hangs.
To demonstrate the JNDI program running successfully:
1) Ensure that JDK 1.2.2 is installed and follow steps 1, 3 and 4 above.
2) Install the JNDI 1.2.1 jars in the jre/lib/ext directory.
3) Run the JNDI program below with the following arguments:
/usr/local/java/jdk1.2.2/bin/java
-Djavax.net.debug="all"
SSLRead
ldap://HOSTNAME:636
The JNDI program completes successfully.
/*
* Copyright (c) 1997. Sun Microsystems. All rights reserved.
*/
import java.util.Hashtable;
import java.util.Enumeration;
import javax.naming.*;
import javax.naming.directory.*;
/**
* Display the attributes present at a given LDAP entry.
* Uses SSL and LDAP anonymous authentication.
*/
public class SSLRead {
public static void main(String[] args) {
// Register the JSSE provider
java.security.Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider());
int argc = args.length;
if ((argc < 1) ||
((argc == 1) && (args[0].equalsIgnoreCase("-help")))) {
System.out.println("Usage: SSLRead <ldapurl>\n");
System.out.println(" <ldapurl> is the LDAP URL of the entry to read\n
");
System.out.println("example:");
System.out.println(" java SSLRead ldap://oasis:636/o=airius.com");
return;
}
Hashtable env = new Hashtable(5, 0.75f);
/*
* Specify the initial context implementation to use.
* This could also be set by using the -D option to the java program.
* For example,
* java -Djava.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory * Search
*/
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
/* Specify host and port to use for directory service */
env.put(Context.PROVIDER_URL, args[0]);
/* de-activate ManageDsaIT control */
env.put(Context.REFERRAL, "follow");
/* Activate SSL use */
env.put(Context.SECURITY_PROTOCOL, "ssl");
if (args[args.length - 1].equalsIgnoreCase("-trace"))
env.put("com.sun.jndi.ldap.trace.ber", System.out);
try {
/* get a handle to an Initial DirContext */
DirContext ctx = new InitialDirContext(env);
System.out.println("[SSL connection is established]");
System.out.println();
Attributes attrs = ctx.getAttributes("");
if (attrs == null) {
System.out.println("No attributes");
} else {
/* print each attribute */
for (NamingEnumeration ae = attrs.getAll();
ae.hasMoreElements();) {
Attribute attr = (Attribute)ae.next();
String attrId = attr.getID();
/* print each value */
for (Enumeration vals = attr.getAll();
vals.hasMoreElements();
System.out.println(attrId + ": " + vals.nextElement()))
;
}
}
} catch (NamingException e) {
System.err.println("SSLRead failed.");
e.printStackTrace();
}
}
}
- relates to
-
-
- Closed
-