cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <>
Subject [jira] [Resolved] (CXF-5063) When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests
Date Fri, 14 Jun 2013 02:51:20 GMT


Daniel Kulp resolved CXF-5063.

    Resolution: Fixed

Thanks for checking/testing.

The HttpsURLCOnnectionFactory does do the hashcode thing in the decorateWithTLS method.  
It's a rare case that the client params will change after the first connection, but it is
allowed by the API's and such so we try to make a decent effort to detect it and reset.  The
hashcode isn't 100% reliable, but generally OK for such a rare occurance.

Please create separate issues for other problems and patches would be appreciated.   
> When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests
> ----------------------------------------------------------------------------------------
>                 Key: CXF-5063
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 2.7.5
>            Reporter: Aymeric Levaux
>            Assignee: Daniel Kulp
>            Priority: Critical
>             Fix For: 2.7.6
> When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests.

> *Root cause:*
> For each request, when AsyncHTTPConduit.getSSLContext() is called,  the KeyManagers are
wrapped by an AliasedX509ExtendedKeyManager. After some time, the KeyManagers are wrapped
thousands of times. Then, at the moment a new connection needs to be established, a StackOverflowError
is thrown when AliasedX509ExtendedKeyManager.getPrivateKey() is called. This causes the I/O
dispatchers of the HttpAsynClient to all go down one after the other. When all the I/O dispatchers
are down all requests done on the HttpAsyncClient are timing out.
> In AsyncHTTPConduit.getSSLContext() the hash code of the TlsClientParameters is checked
to decide whether or not a new SSLContext should be created. This is not working in this context
as the wrapping of the KeyManagers has an influence on the tlsClientParameters hash code.

> Additionally (not directly linked to the issue), the hash code should never be used as
an identifier. Two different TlsClientParameters might have the same hash code, in such a
case the cached SSLContext won't be refreshed.
> *Other points:*
> * The AsyncHTTPConduit is containing a few auto generated catch blocks (with e.printStackTrace();
> * When the I/O dispatchers are going down (quite an important issue), the error is logged
on the System.err and nothing is logged on the Logger.
> * In the CXF documentation nothing is mentioned on the fact the HttpAsyncClient is still
in beta.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message