You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Aymeric Levaux (JIRA)" <ji...@apache.org> on 2013/06/06 19:41:19 UTC

[jira] [Updated] (CXF-5063) When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests

     [ https://issues.apache.org/jira/browse/CXF-5063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Aymeric Levaux updated CXF-5063:
--------------------------------

    Description: 
When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests. 

*Root cause:*
For each request, when AsyncHTTPConduit.getSSLContext() is called,  the KeyManagers are wrapped by an AliasedX509ExtendedKeyManager. After some time, the KeyManagers are wrapped thousands of times. Then, at the moment a new connection needs to be established, a StackOverflowError is thrown when AliasedX509ExtendedKeyManager.getPrivateKey() is called. This causes the I/O dispatchers of the HttpAsynClient to go down one after the other. When all the I/O dispatchers are down all requests done by CXF end up in timeout.

In AsyncHTTPConduit.getSSLContext() the hash code of the tlsClientParameters is checked to decide whether or not a new SSLContext should be created. This is not working in this context as the wrapping of the KeyManagers has an influence of the tlsClientParameters hash code.

*Other points:*
* The AsyncHTTPConduit is containing a few auto generated catch blocks (with e.printStackTrace(); ).
* When the I/O dispatchers are going down (quite an important issue), the error is logged on the System.err and nothing is logged on the Logger.
* In the CXF documentation nothing is mentioned on the fact the HttpAsyncClient is still in beta.

    
> When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests
> ----------------------------------------------------------------------------------------
>
>                 Key: CXF-5063
>                 URL: https://issues.apache.org/jira/browse/CXF-5063
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 2.7.5
>            Reporter: Aymeric Levaux
>            Priority: Critical
>
> When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests. 
> *Root cause:*
> For each request, when AsyncHTTPConduit.getSSLContext() is called,  the KeyManagers are wrapped by an AliasedX509ExtendedKeyManager. After some time, the KeyManagers are wrapped thousands of times. Then, at the moment a new connection needs to be established, a StackOverflowError is thrown when AliasedX509ExtendedKeyManager.getPrivateKey() is called. This causes the I/O dispatchers of the HttpAsynClient to go down one after the other. When all the I/O dispatchers are down all requests done by CXF end up in timeout.
> In AsyncHTTPConduit.getSSLContext() the hash code of the tlsClientParameters is checked to decide whether or not a new SSLContext should be created. This is not working in this context as the wrapping of the KeyManagers has an influence of the tlsClientParameters hash code.
> *Other points:*
> * The AsyncHTTPConduit is containing a few auto generated catch blocks (with e.printStackTrace(); ).
> * When the I/O dispatchers are going down (quite an important issue), the error is logged on the System.err and nothing is logged on the Logger.
> * In the CXF documentation nothing is mentioned on the fact the HttpAsyncClient is still in beta.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira