You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Keith Wall (JIRA)" <ji...@apache.org> on 2014/07/13 12:54:04 UTC
[jira] [Commented] (QPID-5892) SSL Sender may spuriously timeout if
SSL negotiation fails
[ https://issues.apache.org/jira/browse/QPID-5892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14060080#comment-14060080 ]
Keith Wall commented on QPID-5892:
----------------------------------
The race condition is between the IOReceiver thread and the Main thread.
In the unlucky case, the Main thread yields (SSLSender#send) after getting a NEED_UNWRAP, but before acquiring the sslLock. Meanwhile the IOReceiver thread receives the "Received fatal alert: bad_certificate" exception from the Engine and sets the sslErrorFlag. When the Main thread awakes, and begins to wait, but no notify will come. The wait times out and goes on to generate the spurious timeout, masking the (useful) true cause (bad certificate).
Checking the sslErrorFlag after acquiring the lock should resolve this issue.
> SSL Sender may spuriously timeout if SSL negotiation fails
> ----------------------------------------------------------
>
> Key: QPID-5892
> URL: https://issues.apache.org/jira/browse/QPID-5892
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker, Java Client
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: 0.29
>
>
> As highlighted by the occasionally failure SSLTest.testClientCertMissingWhilstWantingAndNeeding on a slower CI box, there is a race condition in SSLSender code. When the race condition manifests the test hangs for 60s then produces a timeout exception (SSL Engine timed out), rather than the expected (Received fatal alert: bad_certificate).
> This issue is probably longstanding.
> {noformat}
> org.apache.qpid.transport.SenderException: SSL Engine timed out waiting for a response.To get more info,run with -Djavax.net.debug=ssl
> at org.apache.qpid.transport.network.security.ssl.SSLSender.send(SSLSender.java:229)
> at org.apache.qpid.transport.network.security.ssl.SSLSender.send(SSLSender.java:35)
> at org.apache.qpid.transport.network.Disassembler.init(Disassembler.java:160)
> at org.apache.qpid.transport.network.Disassembler.init(Disassembler.java:48)
> at org.apache.qpid.transport.ProtocolHeader.delegate(ProtocolHeader.java:110)
> at org.apache.qpid.transport.network.Disassembler.send(Disassembler.java:73)
> at org.apache.qpid.transport.network.Disassembler.send(Disassembler.java:48)
> at org.apache.qpid.transport.Connection.send(Connection.java:407)
> at org.apache.qpid.transport.Connection.connect(Connection.java:246)
> at org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:221)
> at org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:620)
> at org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:399)
> at org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:155)
> at org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:134)
> at org.apache.qpid.test.utils.QpidBrokerTestCase.getConnection(QpidBrokerTestCase.java:1124)
> at org.apache.qpid.client.ssl.SSLTest.missingClientCertWhileNeedingOrWantingTestImpl(SSLTest.java:326)
> at org.apache.qpid.client.ssl.SSLTest.testClientCertMissingWhilstWantingAndNeeding(SSLTest.java:306)
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org