************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC. *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS! *****
************************************************************
Affected Version: 29-rc2
What steps will reproduce the problem?
0. Run on Ubuntu 14.04
1. Do a fresh install of Gerrit with HTTPS (using a self-signed cert)
2. These both fail:
openssl s_client -connect 10.10.1.168:8443
...
140688968496800:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
openssl s_client -connect 10.10.1.168:8443 -tls1
...
140255261521568:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
However this one succeeds:
openssl s_client -connect 10.10.1.168:8443 -ssl3
Also, I am able to use Chrome to connect successfully with HTTPS.
The support for TLSv1 is necessary for running an Android mirror.
When trying to run a local Android mirror and submit with "repo upload", the HTTPS connection from Python fails. But the simplest repro case is using the openssl commands above.
I have tried running Gerrit with OpenJDK 7 and Oracle Sun Java(TM) 7. The results are identical.
$ repo upload
Upload project kernel/ to remote branch wt-branch:
branch derek_test1 ( 1 commit, Mon Jun 16 18:20:45 2014 -0700):
827eb588 README1: Apply test change for Gerrit validation.
to https://10.10.1.168:8443/ (y/N)? y
----------------------------------------------------------------------
[FAILED] kernel/ derek_test1
(https://10.10.1.168:8443/ <urlopen error [Errno 8] _ssl.c:510: EOF occurred in violation of protocol>)
Further info: The error seems to disappear if I run Gerrit manually with this command: java -jar /home/gerrit2/review_site/bin/gerrit.war daemon -d /home/gerrit2/review_site --run-id=1403630880.8398 (I discovered this when I tried the above command both with and without the options "-Djavax.net.debug=ssl,handshake,failure". When I tried to get extra info the problem just went away.) I am running this on a machine that has OpenJDK 6, 7, and Sun Java(TM) 7 installed. I need Java 7 to run Gerrit but Java 6 to build Jelly Bean. Although I have been careful to make sure Sun Java(TM) is the default version in my OS and in my bash environment, I suspect that the gerrit.sh launcher script is somehow choosing the wrong Java environment. It's probably in this section: for N in java jdk jre ; do for L in $JAVA_LOCATIONS ; do ...