cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-5063) When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests
Date Fri, 14 Jun 2013 02:51:20 GMT

     [ https://issues.apache.org/jira/browse/CXF-5063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daniel Kulp resolved CXF-5063.
------------------------------

    Resolution: Fixed

Thanks for checking/testing.

The HttpsURLCOnnectionFactory does do the hashcode thing in the decorateWithTLS method.  
It's a rare case that the client params will change after the first connection, but it is
allowed by the API's and such so we try to make a decent effort to detect it and reset.  The
hashcode isn't 100% reliable, but generally OK for such a rare occurance.

Please create separate issues for other problems and patches would be appreciated.   
                
> When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests
> ----------------------------------------------------------------------------------------
>
>                 Key: CXF-5063
>                 URL: https://issues.apache.org/jira/browse/CXF-5063
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 2.7.5
>            Reporter: Aymeric Levaux
>            Assignee: Daniel Kulp
>            Priority: Critical
>             Fix For: 2.7.6
>
>
> When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests.

> *Root cause:*
> For each request, when AsyncHTTPConduit.getSSLContext() is called,  the KeyManagers are
wrapped by an AliasedX509ExtendedKeyManager. After some time, the KeyManagers are wrapped
thousands of times. Then, at the moment a new connection needs to be established, a StackOverflowError
is thrown when AliasedX509ExtendedKeyManager.getPrivateKey() is called. This causes the I/O
dispatchers of the HttpAsynClient to all go down one after the other. When all the I/O dispatchers
are down all requests done on the HttpAsyncClient are timing out.
> In AsyncHTTPConduit.getSSLContext() the hash code of the TlsClientParameters is checked
to decide whether or not a new SSLContext should be created. This is not working in this context
as the wrapping of the KeyManagers has an influence on the tlsClientParameters hash code.

> Additionally (not directly linked to the issue), the hash code should never be used as
an identifier. Two different TlsClientParameters might have the same hash code, in such a
case the cached SSLContext won't be refreshed.
> *Other points:*
> * The AsyncHTTPConduit is containing a few auto generated catch blocks (with e.printStackTrace();
).
> * When the I/O dispatchers are going down (quite an important issue), the error is logged
on the System.err and nothing is logged on the Logger.
> * In the CXF documentation nothing is mentioned on the fact the HttpAsyncClient is still
in beta.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message