lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hoss Man (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-9604) Pooled SSL connections are not being reused with client authentication
Date Wed, 05 Oct 2016 16:55:21 GMT

    [ https://issues.apache.org/jira/browse/SOLR-9604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15549309#comment-15549309
] 

Hoss Man commented on SOLR-9604:
--------------------------------

bq. also, it's worth to remove @RandomSSL from HttpSolrClientSSLAuthConPoolTest to make it
really random. 

bq.  I think it's worth keeping the RandomizeSSL annotation on this test though, as it's only
really applicable to SSL+clientAuth situations.

Agreed, but I think I also see Mikhail's point: from a coverage standpoint, it would be nice
to have a test that helps ensure we are re-using connection pools *regardless* of whether
SSL+clientAuth is used or not (ie: as the test stands now, we only ensure they are re-used
with SSL, some future bug could break connection re-use for non-ssl connections and we'd never
know -- heck: in theory the changes in this fix for SSL connection reuse could be breaking
connection reuse for non-SSL requests, and we wouldn't know it.)

So perhaps refactor the current {{HttpSolrClientSSLAuthConPoolTest}} class into a {{HttpSolrClientConPoolTest}}
that uses the default SSL randomization, and then make {{HttpSolrClientSSLAuthConPoolTest}}
a subclass that forces {{\@RandomizeSSL(1.0)}} ?
(along with a "test the test" sanity assertion that the urls start with "https")


> Pooled SSL connections are not being reused with client authentication
> ----------------------------------------------------------------------
>
>                 Key: SOLR-9604
>                 URL: https://issues.apache.org/jira/browse/SOLR-9604
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Alan Woodward
>            Assignee: Alan Woodward
>         Attachments: SOLR-9604.patch, SOLR-9604.patch, fails with null.png
>
>
> Solr isn't setting user tokens on any of its HttpClientContext objects when requested
new http connections.  This means that when SSL + client authentication is used, HttpClient
is creating a new connection on every request, to ensure that authentication tokens aren't
shared between different users.  We end up with lots of unused open connections in the connection
pool, leading to slowness and out-of-memory errors.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message