You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by GitBox <gi...@apache.org> on 2019/03/11 16:52:45 UTC
[GitHub] [zookeeper] lvfangmin commented on a change in pull request #843:
ZOOKEEPER-3296: Explicitly closing the sslsocket when it failed handshake
to prevent issue where peers cannot join quorum
lvfangmin commented on a change in pull request #843: ZOOKEEPER-3296: Explicitly closing the sslsocket when it failed handshake to prevent issue where peers cannot join quorum
URL: https://github.com/apache/zookeeper/pull/843#discussion_r264328572
##########
File path: zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/QuorumCnxManager.java
##########
@@ -648,17 +650,16 @@ synchronized private boolean connectOne(long sid, InetSocketAddress electionAddr
try {
LOG.debug("Opening channel to server " + sid);
if (self.isSslQuorum()) {
- SSLSocket sslSock = self.getX509Util().createSSLSocket();
- setSockOpts(sslSock);
- sslSock.connect(electionAddr, cnxTO);
- sslSock.startHandshake();
Review comment:
Yes. During exception handling in the existing code, it will check and only close if the sock instance is not null.
Previously, we only assign the sock instance when it finished handshake, which may leak the connection in case if failed there after connection is created.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services