activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-6010) AMQP SSL Transport "leaking" currentTransportCounts
Date Wed, 14 Oct 2015 15:41:05 GMT

    [ https://issues.apache.org/jira/browse/AMQ-6010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957103#comment-14957103
] 

ASF subversion and git services commented on AMQ-6010:
------------------------------------------------------

Commit 95a9a8035145bea04126e924a38ba133a2d6f7e4 in activemq's branch refs/heads/activemq-5.12.x
from [~tabish121]
[ https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=95a9a80 ]

https://issues.apache.org/jira/browse/AMQ-6010

Fix for failed SSL connections not releasing the connection count in the
transport which leads to connections being rejected as having eceeded
the maximum configured connections.
(cherry picked from commit 80b526be7df3471876eceaa2c610747ca7fb89da)


> AMQP SSL Transport "leaking" currentTransportCounts
> ---------------------------------------------------
>
>                 Key: AMQ-6010
>                 URL: https://issues.apache.org/jira/browse/AMQ-6010
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: AMQP
>    Affects Versions: 5.11.1, 5.12.0
>            Reporter: Marcel Meulemans
>
> When using the AMQP SSL transport the currentTransportCount (variable that tracks connection
count in TcpTransportServer.java) can "leak" when the SSL connection is aborted during handshake.
In this case the TcpTransportServer class the currentTransportCount is incremented in handleSocket
but never decremented in stopped. This eventually leads to ExceededMaximumConnectionsException
being thrown from handleSocket. The SSL connection is aborted during handshake if needClientAuth
is configured on the transport and a client with an invalid certificate tries to connect.
> *Reproduction*
> 1. Enable the AMQP SSL transport: {{<transportConnector name="amqp+ssl" uri="amqp+ssl://0.0.0.0:5671?needClientAuth=true&amp;maximumConnections=10"/>}}
> 2. Try to connect with no/invalid client certificate: {{openssl s_client -connect localhost:5671}}
> 3. After 10 attempts ActiveMQ logs will start showing ExceededMaximumConnectionsException
exceptions.
> *Bug*
> During the SSL handshake phase the protocol converter in the AMQP transport is set to
the AMQPProtocolDiscriminator which silently swallows exceptions:
> {code:java}
> public void onAMQPException(IOException error) {
> }
> {code}
> Which in turn cause the normal stop sequence (via asyncStop) to be skipped.
> *Fix*
> Change the AMQPProtocolDiscriminator to handle the error instead of swallow it:
> {code:java}
> public void onAMQPException(IOException error) {
>     transport.sendToActiveMQ(error);
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message