Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-670

HTTPS connection hangs without diagnostic information

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 4.0.0
    • 4.0.0
    • None
    • OpenIG in Jetty, Java 7, protecting WordPress application in Apache HTTP server
    • OpenIG Sprint 68

      Description

      I'm having trouble getting diagnostic information about an HTTPS connection hanging.

      OpenIG is running in Jetty, configured to use HTTPS. The connection to the protected application seems to be over HTTPS. I've tried with Java options, JAVA_OPTIONS="-DDEBUG=true -Dorg.eclipse.jetty.LEVEL=DEBUG -Djavax.net.debug=ssl,handshake,data", but nothing shows up in Jetty's log.

      In the capture log (level DEBUG), I see this before the hang, then nothing more:

      TUE OCT 06 23:43:51 PDT 2015 INFO @Capture[{Chain}/handler] --- 
      
      --- (request) exchange:1510275502 --->
      
      GET https://forgerock-rockshop.openrock.org:443/ HTTP/1.1
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      Accept-Encoding: gzip, deflate
      Accept-Language: en;q=1
      Connection: keep-alive
      Host: forgerock-rockshop.openrock.org
      User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
      Exchange's content as JSON (without request/response):
      {
          "javax.servlet.request.cipher_suite": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
          "javax.servlet.request.ssl_session_id": "56140c14293586414aEcF9E43189A1CbCf22Bd8cEb6c7dF4A3B4745829909035",
          "javax.servlet.request.key_size": 128
      }
      

      The response seems to be coming back from Apache, but then not from OpenIG. The HTTPD access log says:

      127.0.0.1 - - [06/Oct/2015:23:43:51 -0700] "GET / HTTP/1.1" 200 20125
      

      My guess is that it's not a certificate problem, as I've seen the whole thing work in the past. But I've tried adding the cert into a trust store and using that for the HttpClient as described in Configuring OpenIG For HTTPS (Client-Side). That changes nothing. Still hangs without diagnostic information.

        Attachments

          Issue Links

            Activity

              People

              guillaume.sauthier Guillaume Sauthier
              Mark Mark Craig
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: