View Issue Details

IDProjectCategoryView StatusLast Update
0004735Compliance Test Tool (CTT) Unified ArchitectureApi Changepublic2022-10-13 16:03
ReporterGerhard Gappmeier Assigned ToAlexander Allmendinger  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionduplicate 
Product Version1.03.341.383 
Target Version1.03 
Summary0004735: DOS test case does not wait until channel expires
Description

Testcase: Security->Security None->007.js

This test consumes all channels except one, by creating a channel and session.

Then it tries to create 5 more channels without session.
Only one channel is left, so the test expects that each new channel reclaims the previous empty (unused) channel.

However, our server defines a minimum age of 2s until a channel can be reused.
The reason for this is as follows:
If there is only one channel left and multiple clients try to connect by calling the sequence OpenSecureChannel, CreateSession,
other clients which also call OpenSecureChannel are "stealing" the channels of valid clients during the normal connect procedure.
To make the connect working reliably a minimum age of the channel is defined before it can be reclaimed.
This avoids this "multiple client interference", and the connection process works for the first client that has created the channel:
first comes, first serve...

The test case should get a configurable delay (default 3s) in the for loop before creating new channels.

This hardcoded delay fixes this issue for us to prove that the solition works:

    addLog( "Step 2: Add 5 more [idle] SecureChannels, which should succeed!" );
    for( i=0; i<5; i++ ) {
        channels.push( new OpenSecureChannelService() );
        createResults.push( channels[channels.length - 1].Execute( { RequestedSecurityPolicyUri: SecurityPolicy.None, MessageSecurityMode: MessageSecurityMode.None } ) );
        UaDateTime.CountDown({ Seconds: 3, Message: "wait to expire channel" }); // <--- new delay
    }
TagsNo tags attached.
Files Affected

Relationships

duplicate of 0005119 closedSebastian Allmendinger Reducing number of session and secure channel for embedded profiles 

Activities

Paul Hunkar

2019-04-19 14:50

administrator   ~0010212

The script should be updated to keep trying until a session is reclaimed (noting the time until it is reclaimed). if the server is reporting that no-sessions are available the script should be nice and pause for some short time (1/2 second or 1 second before trying again).

Sebastian Allmendinger

2022-03-18 15:26

developer   ~0016418

This issue has already been resolved with Mantis 5119.

Paul Hunkar

2022-10-13 16:03

administrator   ~0018033

Agreed in call to duplicate, closed issue

Issue History

Date Modified Username Field Change
2019-04-18 09:09 Gerhard Gappmeier New Issue
2019-04-19 14:46 Paul Hunkar Assigned To => Alexander Allmendinger
2019-04-19 14:46 Paul Hunkar Status new => assigned
2019-04-19 14:50 Paul Hunkar Target Version => 1.03
2019-04-19 14:50 Paul Hunkar Note Added: 0010212
2022-03-18 15:26 Sebastian Allmendinger Status assigned => resolved
2022-03-18 15:26 Sebastian Allmendinger Resolution open => duplicate
2022-03-18 15:26 Sebastian Allmendinger Note Added: 0016418
2022-03-18 15:26 Sebastian Allmendinger Relationship added duplicate of 0005119
2022-08-02 20:23 Paul Hunkar Project Compliance Test Tool (CTT) Unified Architecture => CTT UA Scripts
2022-08-02 20:23 Paul Hunkar Project CTT UA Scripts => .NET API
2022-08-02 20:23 Paul Hunkar Category 1 - Script Issue => Api Change
2022-08-04 14:24 Paul Hunkar Project .NET API => Compliance Test Tool (CTT) Unified Architecture
2022-10-13 16:03 Paul Hunkar Status resolved => closed
2022-10-13 16:03 Paul Hunkar Note Added: 0018033