Juniper Openstack

SSL session object is not deleted for SSL handshake failures

Bug #1488434 reported by Prabhjot Singh Sethi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R2.20
Fix Committed
High
Prabhjot Singh Sethi
Juniper Openstack r2.21
Trunk
Fix Committed
High
Prabhjot Singh Sethi
Juniper Openstack r3.0-fcs

Bug Description

in case an error occurs (mainly due to protocol/certs) while doing a SSL handshake.

SSL server fails to delete the closed session object, resulting in memory loss.

Tags: base
Prabhjot Singh Sethi (prabhjot)
Changed in juniperopenstack:
assignee: nobody → Prabhjot Singh Sethi (prabhjot)
importance: Undecided → High
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/13403
Submitter: Prabhjot Singh Sethi (<email address hidden>)

Prabhjot Singh Sethi (prabhjot)
tags: added: base
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.20

Review in progress for https://review.opencontrail.org/13404
Submitter: Prabhjot Singh Sethi (<email address hidden>)

Nischal Sheth (nsheth)
information type: Proprietary → Public
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/13403
Committed: http://github.org/Juniper/contrail-controller/commit/8e52d701f8786ab9e6c11e5b7bd6cf3312fb21ad
Submitter: Zuul
Branch: master

commit 8e52d701f8786ab9e6c11e5b7bd6cf3312fb21ad
Author: Prabhjot Singh Sethi <email address hidden>
Date: Fri Aug 28 16:18:14 2015 +0530

Fix session object reference management for SSL

Issue:
------
In case of SSL certificate Authentication failure,
SSL/TCP infra was not releasing the reference to
session keeping the object forever in the map.

this was happening since TCP server state machine moves
ahead by adding the session to reference map before ssl
handshake is triggered, on handshake failure infra
doesn't remove the session from reference map causing
this issue

Fix:
----
move SSL handshake to the context of SSL server instead
of SSL Session object so that the Accept/Connect state
machine complete event can be triggered once the
handshake is complete

Added test case of the same.

Closes-Bug: 1488434
Change-Id: Ia8436f0f31392dae3315f6f025ca3046af485964

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/13404
Committed: http://github.org/Juniper/contrail-controller/commit/3b9dc73a31959ca2cffd7357dbafb62e160df4ba
Submitter: Zuul
Branch: R2.20

commit 3b9dc73a31959ca2cffd7357dbafb62e160df4ba
Author: Prabhjot Singh Sethi <email address hidden>
Date: Fri Aug 28 16:18:14 2015 +0530

Fix session object reference management for SSL

Issue:
------
In case of SSL certificate Authentication failure,
SSL/TCP infra was not releasing the reference to
session keeping the object forever in the map.

this was happening since TCP server state machine moves
ahead by adding the session to reference map before ssl
handshake is triggered, on handshake failure infra
doesn't remove the session from reference map causing
this issue

Fix:
----
move SSL handshake to the context of SSL server instead
of SSL Session object so that the Accept/Connect state
machine complete event can be triggered once the
handshake is complete

Added test case of the same.

Closes-Bug: 1488434
Change-Id: Ia8436f0f31392dae3315f6f025ca3046af485964
(cherry picked from commit 8e52d701f8786ab9e6c11e5b7bd6cf3312fb21ad)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.22-dev

Review in progress for https://review.opencontrail.org/13927
Submitter: Vinay Vithal Mahuli (<email address hidden>)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.