Issue 1397: Gerrit hangs when user registers email and Gerrit uses TLS smtp encryption
Status:  Released
Owner: ----
Closed:  May 2012
Reported by Yubao....@gmail.com, May 21, 2012
Affected Version: 2.3 and later

What steps will reproduce the problem?
1. configure a SMTP server to support STARTTLS feature
2. configure etc/gerrit.config to set sendemail.smtpEncryption to TLS
3. access Gerrit web page and register an email for current user

What is the expected output? What do you see instead?

Gerrit shows "Loading..." on the top and hangs for a very long time
until SMTP server kicks it off. The verification email isn't sent out.

I expect Gerrit successfully sends verification email very soon.

Please provide any additional information below.

This is a bug in AuthSMTPClient.startTLS():
https://code.google.com/p/gerrit/source/browse/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java?name=stable-2.3

This method calls inherited SMTP._connectAction_() to initialize
some properties of this object, but _connectAction_() tries to read
banner from SMTP server, which SMTP server won't give after STARTTLS:

$ gsasl --smtp smtp.corp.example.com
Trying `gold.corp.example.com'...
220 gold.corp.example.com ESMTP Exim 4.77 Mon, 21 May 2012 14:46:43 +0800  <--- banner
EHLO [127.0.0.1]
250-gold.corp.example.com Hello localhost [127.0.0.1]
250-SIZE 10485760
250-PIPELINING
250-AUTH GSSAPI
250-STARTTLS
250 HELP
STARTTLS
220 TLS go ahead    <----no banner after STARTTLS
EHLO [127.0.0.1]
250-gold.corp.example.com Hello localhost [127.0.0.1]
250-SIZE 10485760
250-PIPELINING
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250 HELP
AUTH GSSAPI
....

So AuthSMTPClient.startTLS() just hangs until timeout.
According to RFC2487 section 5.2, the behaviour of SMTP
server is right.

I attached a dirty patch, it copies neccesary code from
SocketClient._connectAction_() and SMTP._connectAction_(),

I'm curious why you don't upgrade to Apache commons-net 3.x
or use standard JavaMail API. The current AuthSMTPClient hack
is somewhat dirty.

dont-wait-for-smtp-server-banner-after-starttls-in-gerrit-2.3.patch
1.7 KB   View   Download
May 24, 2012
#1 sop@google.com
(No comment was entered for this change.)
Status: Submitted
Labels: FixedIn-2.5
Oct 31, 2012
Project Member #2 edwin.ke...@gmail.com
(No comment was entered for this change.)
Status: Released