You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Wei-Chiu Chuang (Jira)" <ji...@apache.org> on 2022/05/19 20:26:00 UTC

[jira] [Resolved] (HADOOP-18245) Extend KMS related exceptions that get mapped to ConnectException

     [ https://issues.apache.org/jira/browse/HADOOP-18245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Wei-Chiu Chuang resolved HADOOP-18245.
--------------------------------------
    Fix Version/s: 3.4.0
       Resolution: Fixed

The PR is merged in trunk. Thanks [~kerneltime]!

> Extend KMS related exceptions that get mapped to ConnectException 
> ------------------------------------------------------------------
>
>                 Key: HADOOP-18245
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18245
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>            Reporter: Ritesh H Shukla
>            Assignee: Ritesh H Shukla
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.4.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Based on production workload, we found that it is not enough to map just SSLHandshakeException to ConnectException in Loadbalancing KMS Client but that needs to be extended to SSLExceptions and SocketExceptions.
> Sample JDK code that can raise these exceptions: https://github.com/openjdk/jdk/blob/jdk-18%2B32/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java#L1409-L1428
> Sample Exception backtrace: 
> 22/04/13 16:25:53 WARN kms.LoadBalancingKMSClientProvider: KMS provider at [https://bdgtr041x10h5.nam.nsroot.net:16001/kms/v1/] threw an IOException:
> javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
>         at sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1470)
>         at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1298)
>         at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1199)
>         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373)
>         at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:587)
>         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDe
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:480)
>         at sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:469)
>         ... 59 more



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org