qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-5892) SSL Sender may spuriously timeout if SSL negotiation fails
Date Sun, 13 Jul 2014 10:54:04 GMT

    [ https://issues.apache.org/jira/browse/QPID-5892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14060080#comment-14060080
] 

Keith Wall commented on QPID-5892:
----------------------------------

The race condition is between the IOReceiver thread and the Main thread.

In the unlucky case, the Main thread yields (SSLSender#send) after getting a NEED_UNWRAP,
but before acquiring the sslLock.  Meanwhile the IOReceiver thread receives the "Received
fatal alert: bad_certificate" exception from the Engine and sets the sslErrorFlag.  When the
Main thread awakes, and begins to wait, but no notify will come.  The wait times out and goes
on to generate the spurious timeout, masking the (useful) true cause (bad certificate).

Checking the sslErrorFlag after acquiring the lock  should resolve this issue.

> SSL Sender may spuriously timeout if SSL negotiation fails
> ----------------------------------------------------------
>
>                 Key: QPID-5892
>                 URL: https://issues.apache.org/jira/browse/QPID-5892
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker, Java Client
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>             Fix For: 0.29
>
>
> As highlighted by the occasionally failure SSLTest.testClientCertMissingWhilstWantingAndNeeding
on  a slower CI box, there is a race condition in SSLSender code.  When the race condition
manifests the test hangs for 60s then produces a timeout exception (SSL Engine timed out),
rather than the expected (Received fatal alert: bad_certificate).
> This issue is probably longstanding.
> {noformat}
> org.apache.qpid.transport.SenderException: SSL Engine timed out waiting for a response.To
get more info,run with -Djavax.net.debug=ssl
>         at org.apache.qpid.transport.network.security.ssl.SSLSender.send(SSLSender.java:229)
>         at org.apache.qpid.transport.network.security.ssl.SSLSender.send(SSLSender.java:35)
>         at org.apache.qpid.transport.network.Disassembler.init(Disassembler.java:160)
>         at org.apache.qpid.transport.network.Disassembler.init(Disassembler.java:48)
>         at org.apache.qpid.transport.ProtocolHeader.delegate(ProtocolHeader.java:110)
>         at org.apache.qpid.transport.network.Disassembler.send(Disassembler.java:73)
>         at org.apache.qpid.transport.network.Disassembler.send(Disassembler.java:48)
>         at org.apache.qpid.transport.Connection.send(Connection.java:407)
>         at org.apache.qpid.transport.Connection.connect(Connection.java:246)
>         at org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:221)
>         at org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:620)
>         at org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:399)
>         at org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:155)
>         at org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:134)
>         at org.apache.qpid.test.utils.QpidBrokerTestCase.getConnection(QpidBrokerTestCase.java:1124)
>         at org.apache.qpid.client.ssl.SSLTest.missingClientCertWhileNeedingOrWantingTestImpl(SSLTest.java:326)
>         at org.apache.qpid.client.ssl.SSLTest.testClientCertMissingWhilstWantingAndNeeding(SSLTest.java:306)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message