You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2019/09/08 17:08:00 UTC
[jira] [Updated] (WAGON-565) Do not skip retry on SSLException by
default
[ https://issues.apache.org/jira/browse/WAGON-565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Osipov updated WAGON-565:
---------------------------------
Fix Version/s: waiting-for-feedback
> Do not skip retry on SSLException by default
> --------------------------------------------
>
> Key: WAGON-565
> URL: https://issues.apache.org/jira/browse/WAGON-565
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 3.3.3
> Reporter: Martin Furmanski
> Priority: Minor
> Fix For: waiting-for-feedback
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> The SSL stack in Java will transform any transport error into an SSLException, so it is very bad to skip retries for this entire class of exceptions. Transport errors are probably the number one reason why retries are needed, so it defeats the purpose for any secure deployments using HTTPS.
> {code:java}
> Caused by: javax.net.ssl.SSLProtocolException: Connection reset
> at sun.security.ssl.Alert.createSSLException (Alert.java:126)
> at sun.security.ssl.TransportContext.fatal (TransportContext.java:321)
> at sun.security.ssl.TransportContext.fatal (TransportContext.java:264)
> at sun.security.ssl.TransportContext.fatal (TransportContext.java:259)
> at sun.security.ssl.SSLSocketImpl.handleException (SSLSocketImpl.java:1314)
> at sun.security.ssl.SSLSocketImpl$AppInputStream.read (SSLSocketImpl.java:839)
> at org.apache.maven.wagon.providers.http.httpclient.impl.io.SessionInputBufferImpl.streamRead (SessionInputBufferImpl.java:137)
> at org.apache.maven.wagon.providers.http.httpclient.impl.io.SessionInputBufferImpl.fillBuffer (SessionInputBufferImpl.java:153)
> at org.apache.maven.wagon.providers.http.httpclient.impl.io.SessionInputBufferImpl.readLine (SessionInputBufferImpl.java:280)
> at org.apache.maven.wagon.providers.http.httpclient.impl.conn.DefaultHttpResponseParser.parseHead (DefaultHttpResponseParser.java:138)
> at org.apache.maven.wagon.providers.http.httpclient.impl.conn.DefaultHttpResponseParser.parseHead (DefaultHttpResponseParser.java:56)
> at org.apache.maven.wagon.providers.http.httpclient.impl.io.AbstractMessageParser.parse (AbstractMessageParser.java:259)
> at org.apache.maven.wagon.providers.http.httpclient.impl.DefaultBHttpClientConnection.receiveResponseHeader (DefaultBHttpClientConnection.java:163)
> at org.apache.maven.wagon.providers.http.httpclient.impl.conn.CPoolProxy.receiveResponseHeader (CPoolProxy.java:157)
> at org.apache.maven.wagon.providers.http.httpclient.protocol.HttpRequestExecutor.doReceiveResponse (HttpRequestExecutor.java:273)
> at org.apache.maven.wagon.providers.http.httpclient.protocol.HttpRequestExecutor.execute (HttpRequestExecutor.java:125)
> at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec.execute (MainClientExec.java:272)
> at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.ProtocolExec.execute (ProtocolExec.java:185)
> at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.RetryExec.execute (RetryExec.java:89)
> at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.RedirectExec.execute (RedirectExec.java:110)
> at org.apache.maven.wagon.providers.http.httpclient.impl.client.InternalHttpClient.doExecute (InternalHttpClient.java:185)
> at org.apache.maven.wagon.providers.http.httpclient.impl.client.CloseableHttpClient.execute (CloseableHttpClient.java:83)
> at org.apache.maven.wagon.providers.http.wagon.shared.AbstractHttpClientWagon.execute (AbstractHttpClientWagon.java:958)
> at org.apache.maven.wagon.providers.http.wagon.shared.AbstractHttpClientWagon.fillInputData (AbstractHttpClientWagon.java:1117)
> at org.apache.maven.wagon.providers.http.wagon.shared.AbstractHttpClientWagon.fillInputData (AbstractHttpClientWagon.java:1094)
> at org.apache.maven.wagon.StreamWagon.getInputStream (StreamWagon.java:126)
> at org.apache.maven.wagon.StreamWagon.getIfNewer (StreamWagon.java:88)
> at org.apache.maven.wagon.StreamWagon.get (StreamWagon.java:61)
> {code}
> I realise this is the default of the HTTP client, but changing that library is just too wide of a change in a patch, but for the maven wagon it sounds quite safe and should help many people which experience this in their deployments. The alternative is that everyone using HTTPS has to track down this issue and tweak their configs.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)