You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Aymeric Levaux (JIRA)" <ji...@apache.org> on 2013/06/06 19:41:19 UTC
[jira] [Updated] (CXF-5063) When using AsyncHttpConduit with a
certificate alias CXF hangs after a bunch of requests
[ https://issues.apache.org/jira/browse/CXF-5063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aymeric Levaux updated CXF-5063:
--------------------------------
Description:
When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests.
*Root cause:*
For each request, when AsyncHTTPConduit.getSSLContext() is called, the KeyManagers are wrapped by an AliasedX509ExtendedKeyManager. After some time, the KeyManagers are wrapped thousands of times. Then, at the moment a new connection needs to be established, a StackOverflowError is thrown when AliasedX509ExtendedKeyManager.getPrivateKey() is called. This causes the I/O dispatchers of the HttpAsynClient to go down one after the other. When all the I/O dispatchers are down all requests done by CXF end up in timeout.
In AsyncHTTPConduit.getSSLContext() the hash code of the tlsClientParameters is checked to decide whether or not a new SSLContext should be created. This is not working in this context as the wrapping of the KeyManagers has an influence of the tlsClientParameters hash code.
*Other points:*
* The AsyncHTTPConduit is containing a few auto generated catch blocks (with e.printStackTrace(); ).
* When the I/O dispatchers are going down (quite an important issue), the error is logged on the System.err and nothing is logged on the Logger.
* In the CXF documentation nothing is mentioned on the fact the HttpAsyncClient is still in beta.
> When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests
> ----------------------------------------------------------------------------------------
>
> Key: CXF-5063
> URL: https://issues.apache.org/jira/browse/CXF-5063
> Project: CXF
> Issue Type: Bug
> Components: Transports
> Affects Versions: 2.7.5
> Reporter: Aymeric Levaux
> Priority: Critical
>
> When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests.
> *Root cause:*
> For each request, when AsyncHTTPConduit.getSSLContext() is called, the KeyManagers are wrapped by an AliasedX509ExtendedKeyManager. After some time, the KeyManagers are wrapped thousands of times. Then, at the moment a new connection needs to be established, a StackOverflowError is thrown when AliasedX509ExtendedKeyManager.getPrivateKey() is called. This causes the I/O dispatchers of the HttpAsynClient to go down one after the other. When all the I/O dispatchers are down all requests done by CXF end up in timeout.
> In AsyncHTTPConduit.getSSLContext() the hash code of the tlsClientParameters is checked to decide whether or not a new SSLContext should be created. This is not working in this context as the wrapping of the KeyManagers has an influence of the tlsClientParameters hash code.
> *Other points:*
> * The AsyncHTTPConduit is containing a few auto generated catch blocks (with e.printStackTrace(); ).
> * When the I/O dispatchers are going down (quite an important issue), the error is logged on the System.err and nothing is logged on the Logger.
> * In the CXF documentation nothing is mentioned on the fact the HttpAsyncClient is still in beta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira