Closed Bug 247226 Opened 20 years ago Closed 13 years ago

timeout error when posting to newsgroup over SSL

Categories

(MailNews Core :: Security, defect)

Product:
MailNews Core
Component:
Security
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: zerohalo, Unassigned)

References

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614 Firefox/0.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614 Firefox/0.8

Most of the time (though not ALL the time), when posting to a newsgroup on a
server with SSL enabled, MailNews (and Thunderbird 0.7) returns a timeout (after
300 seconds). It seems to work okay the very first time MailNews is run, but not
on subsequent posts. This occurs not only on my system, but several friends of
mine as well running different OSs. SSL and port 563 are enabled in my options
so that's not an issue. This could similar to the bug that was fixed that caused
an error when sending mail via an SMTP server with SSL enabled. 

Reproducible: Sometimes
Steps to Reproduce:
1. Post to a newsgroup on a server with SSL enabled. The first time upon loading
the program it works (and occasionally the second time), but not on subsequent
tries. 

Actual Results:  
Timeout error received after 300 seconds.

Expected Results:  
Posted to the newsgroup.
I am also experiencing this with mozilla news as well as thunderbird. pan with
stunnel seems to work fine as an interim solutino for those using *nix and
outlook seems to work fine for those with windows. However, I would love to just
have everyone use mozilla ;-)
Summary: timeout error when posting to newsgroup over SSL → timeout error when posting to newsgroup over SSL
I've found that on restoring my computer from suspend that the first time I try
to post that both mozilla and thunderbird will hang (moz 1.7 and thunderbird
0.7). Pasting the post content into a new post will then succeed.

This doesn't seem to be affected by whether the posts are replies or new threads.

I can recreate this 100% on both Linux (RHEL 3) and Mac OSX.
With Thunderbird version 0.7 (20040623) on Gentoo Linux any post over SSL seems
to generate this bug (message sending dialog hangs). The post seems to go
through though.
I switched from Pan because of Thunderbirds SSL feature. Hope this gets fixed
for 0.8
Status: NEW → ASSIGNED
This seems to be a dupe of bug #<a
href="http://bugzilla.mozilla.org/show_bug.cgi?id=220921">220921</a> and
possibly bug #<a
href="http://bugzilla.mozilla.org/show_bug.cgi?id=253523">253523</a>.  I am
seeing these symptoms in Thunderbird 0.6 all the way through the nightly
"2004-08-02-04-0.8".  Also I have experienced it in Mozilla 1.7.1 under
Slackware 10, and an associate has had it happen in Mozilla 1.4.x in Mandrake. 
He claims that Mozilla 1.2 works.
OS: Windows XP → All
I have tested this with TB 0.8 on both WinXP and Linux (FC2) and this bug still
occurs.

I experienced this problem as well. It seems the SSL implementation of INN
doesn't play well with NSS. If I setup connections (on the server side) to go
through stunnel instead it all works perfect.

I stepped through the thunderbird code. The message is net all the way through
to the final '.' line. Thunderbird then waits for a response but somehow misses
the servers response (I also couldn't verify that the server actually sent a
response). The next response from the server that is read and parsed is the '500
Timeout' response that comes minutes later.
Product: MailNews → Core
Is someone looking at, or going to look at, this? I can provide an nntp server for testing if necessary.
Blocks: 253523
This bug has be seen very regular by users of a community i'm involved. It seems to happen more with windows then with linux clients. I personally encountered this only once on my Linux box (Thunderbird version 1.5.0.7 (20061013) (ubuntu)) but seen it on a friends windows box on the first try.
I will run a bunch of tests, like amount of time spent in composing window before sending to find more about it, as well as tcpdumps.
We INN 2.4.3 SSL have the same Problems with Thunderbird

There are no diffenrences between using Windows XP and Linux (SuSE/Ubuntu) and unsing thunderbird 1.5.* and 2.0.0.

Many of our students reported this problem.

There are no problems with Outlook Express and other newsreaders.

I think it is really a problem of Thunderbird and has to be fixed.

Best regards from the "FernUni in Hagen"
Perhaps these two articles in « news.software.nntp » might be of help, in case someone has an idea here of what is happening...

http://groups.google.fr/group/news.software.nntp/msg/152c96a77c18b07e?dmode=source
http://groups.google.fr/group/news.software.nntp/msg/0f24b62724d76041?dmode=source


We too have lots of students who reported this problem with Thunderbird/Icedove.
sorry for the spam.  making bugzilla reflect reality as I'm not working on these bugs.  filter on FOOBARCHEESE to remove these in bulk.
Assignee: sspitzer → nobody
Status: ASSIGNED → NEW
Is it possible to know what patch caused this regression?
Indeed, Thunderbird 0.6 is the last version which is working fine as for this issue. In the release notes of Thunderbird 0.7, there is a bug fix for "a potential hang when reading imap over SSL". Could that fix bring along the nntp over SSL bug?

I believe it would be a good start to understand the problem and what is going on.


This seems to be caused by a bug in INN version 2.4.3, which is fixed in version 2.4.4. 
Outlook Express is one of the few newsreaders that can tolerate this server bug - we found most other newsreaders would hang when attempting to post a message via SSL - Thunderbird included. 

I suggest this bug is closed as it's not really a Thunderbird bug. 

(In reply to comment #14)
> Outlook Express is one of the few newsreaders that can tolerate this server bug

Forté Agent too.  I do not know what triggers the bug out, unfortunately.
Note that the bug has not been identified in INN:  the fix is a workaround to make INN work with Thunderbird and a some other newsreaders...


> I suggest this bug is closed as it's not really a Thunderbird bug.

It would be great to identify the bug, especially why Thunderbird 0.6 is the last version which is working fine as for this issue.  In the release notes of Thunderbird 0.7, there is a bug fix for "a potential hang when reading imap over SSL".  Could that fix bring along the nntp over SSL bug?
It is very strange to see this coincidence...

(In reply to comment #15)
> (In reply to comment #14)
> > Outlook Express is one of the few newsreaders that can tolerate this server bug
> 
> Forté Agent too.  

We found Agent 3.3 shows the bug, but maybe Agent 4 is OK? We also found that Agent 2.0 would show the bug when connecting via Stunnel, as would other clients without built-in SSL support. The problem is certainly not limited to Thunderbird. 

> Note that the bug has not been identified in INN:  the fix is a workaround to
> make INN work with Thunderbird and a some other newsreaders...

But it is acknowledged that the problem lies with INN though, right? According to the 2.4.4 release notes: 
"it seems that nnrpd's SSL routines make it wrongly wait for data completion.  In order to fix the problem, the select() wait is now just bypassed."
QA Contact: security
(In reply to comment #16)
> We found Agent 3.3 shows the bug
> We also found that Agent 2.0 would show the bug when connecting via Stunnel
> The problem is certainly not limited to Thunderbird.

All right, I did not know that.

Therefore, I think the problem occurs for every software which uses, to POST a message, the connection it opened as a reader.
Otherwise, it seems to be fine (on a new connection to POST).


> But it is acknowledged that the problem lies with INN though, right? According
> to the 2.4.4 release notes: 
> "it seems that nnrpd's SSL routines make it wrongly wait for data completion. 
> In order to fix the problem, the select() wait is now just bypassed."

It is true that something was changed within INN as for nnrpd's SSL routines.  (By the way, it is me who wrote theses release notes and committed Kachun Lee's patch <http://groups.google.fr/group/news.software.nntp/tree/browse_frm/thread/53f4043e2bc0da8f#doc_61a1e2379a04489e>.)
I did not know to what extend the bug was.  So I now agree to say the problem lied with INN and to have fixed it in 2.4.4.
Product: Core → MailNews Core
Can anyone having this issue follow the instructions posted at https://wiki.mozilla.org/MailNews:Logging and provide nntp logs ? Do you still encounter this issue with recent versions of thunderbirds that can be found at : <http://www.mozillamessaging.com/en-US/thunderbird/early_releases/downloads.php>
I've been using news.eternal-september.org under SSL for a few months without problems, and my school's news server under SSL several times without problems. -> WFM.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
Yes Joshua, it was a bug in INN, as mentioned in my previous comment #17.

Thoroughly fixed in INN 2.4.5:

* Fixed the "alarm signal" around SSL_read in nnrpd: it allows a proper disconnection of news clients which were previously hanging when posting an article through a SSL connection. Moreover, the clienttimeout parameter now works on SSL connections. Thanks to Matija Nalis for the patch.

* SO_KEEPALIVE is now implemented for SSL TCP connections on systems which support it, allowing system detection and closing the dead TCP SSL connections automatically after system-specified time. Thanks to Matija Nalis for the patch.
You need to log in before you can comment on or make changes to this bug.