You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Jonathan Haber (JIRA)" <ji...@apache.org> on 2015/01/23 16:33:36 UTC
[jira] [Commented] (HTTPCLIENT-1478) https calls ignore
http.socket.timeout during SSL Handshake
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14289392#comment-14289392 ]
Jonathan Haber commented on HTTPCLIENT-1478:
--------------------------------------------
I believe we ran into this yesterday using httpclient 4.3.6 and httpcore 4.3.3. We had multiple services hang indefinitely during an SSL handshake (process had to be restarted), the stack trace on all of them looked like:
{code}
java.lang.Thread.State: RUNNABLE
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
- locked <0x000000074dc8e430> (a java.lang.Object)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
- locked <0x000000074dc8e4e0> (a java.lang.Object)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
{code}
> https calls ignore http.socket.timeout during SSL Handshake
> -----------------------------------------------------------
>
> Key: HTTPCLIENT-1478
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1478
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpConn
> Affects Versions: 4.3 Final, 4.3.1, 4.3.2, 4.3.3
> Environment: All
> Reporter: Jonah Schwartz
> Priority: Minor
> Fix For: 4.3.4
>
>
> https calls ignore http.socket.timeout during SSL Handshake. This can result in a https call hanging forever waiting for socket read.
> In both SSLSocketFactory and SSLConnectionSocketFactory, sslsock.startHandshake(); is called before socket timeout is set on the socket. This means timeout is not respected during the SSL handshake, and the thread can hang with a stacktrace that looks like this:
> org.apache.http.impl.client.AbstractHttpClient.doExecute
> org.apache.http.impl.client.DefaultRequestDirector.execute
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect
> org.apache.http.impl.conn.ManagedClientConnectionImpl.open
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket
> sun.security.ssl.SSLSocketImpl.startHandshake
> sun.security.ssl.SSLSocketImpl.startHandshake
> sun.security.ssl.SSLSocketImpl.performInitialHandshake
> sun.security.ssl.SSLSocketImpl.readRecord
> sun.security.ssl.InputRecord.read
> sun.security.ssl.InputRecord.readV3Record
> sun.security.ssl.InputRecord.readFully
> java.net.SocketInputStream.read
> java.net.SocketInputStream.socketRead0
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org