hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thijs ten Hoeve (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HTTPCLIENT-1478) https calls ignore http.socket.timeout during SSL Handshake
Date Mon, 07 Jul 2014 13:38:35 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14053652#comment-14053652
] 

Thijs ten Hoeve edited comment on HTTPCLIENT-1478 at 7/7/14 1:38 PM:
---------------------------------------------------------------------

I too think this bug hasn't been completely fixed.
I have the following trace of an application that blocked indefinitely on a get request.

   java.lang.Thread.State: RUNNABLE
        at java.net.SocketInputStream.socketRead0(Native Method)
        at java.net.SocketInputStream.read(SocketInputStream.java:150)
        at java.net.SocketInputStream.read(SocketInputStream.java:121)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
        - locked <0x00000000e0a6a860> (a java.lang.Object)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
        - locked <0x00000000e0a6a870> (a java.lang.Object)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
        at org.apache.http.impl.conn.HttpClientConnectionOperator.upgrade(HttpClientConnectionOperator.java:169)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:333)
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:398)
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)


Unfortunately this scenario is very difficult te reproduce. 
However I have been able to get similar traces (that didn't block forever since the server
was responsive) in a debugger, and I think I have identified a possible cause for this.

A connection timeout is not necessarily set on the socket used in the handshake.
This socket is created here: http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/conn/ssl/SSLConnectionSocketFactory.html#234
The connection is then opened (With a connectionTimeout) on http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/conn/ssl/SSLConnectionSocketFactory.html#239.
However there is no SoTimeout set on the socket (getSoTimeout() returns 0), so the startHandshake()
call in createLayeredSocket (http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/conn/ssl/SSLConnectionSocketFactory.html#275)
might block forever.

Note that the Request passed to the execute() call in CloseableHttpClient did have a SocketTimeout
set. ((request.getConfig().getSocketTimeout() == 60000)



was (Author: tth):
I too think this bug hasn't been completely fixed.
I have the following trace of an application that blocked indefinitely on a get request.

   java.lang.Thread.State: RUNNABLE
        at java.net.SocketInputStream.socketRead0(Native Method)
        at java.net.SocketInputStream.read(SocketInputStream.java:150)
        at java.net.SocketInputStream.read(SocketInputStream.java:121)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
        - locked <0x00000000e0a6a860> (a java.lang.Object)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
        - locked <0x00000000e0a6a870> (a java.lang.Object)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
        at org.apache.http.impl.conn.HttpClientConnectionOperator.upgrade(HttpClientConnectionOperator.java:169)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:333)
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:398)
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)


Unfortunately this scenario is very difficult te reproduce. 
However I have been able to get similar traces (that didn't block forever since the server
was responsive) in a debugger, and I think I have identified a possible cause for this.

A Connectiontimeout is not necesarrily set on the socket used in the handshake.
This socket is created here: http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/conn/ssl/SSLConnectionSocketFactory.html#234
The conneciton is then opened (With a connectionTimeout) on http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/conn/ssl/SSLConnectionSocketFactory.html#239.
However there is no SoTimeout set on the socket (getSoTimeout() returns 0), so the startHandshake()
call in createLayeredSocket (http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/conn/ssl/SSLConnectionSocketFactory.html#275)
might block forever.

Note that the Request passed to the execute() call in CloseableHttpClient did have a SocketTimeout
set. ((request.getConfig().getSocketTimeout() == 60000)


> https calls ignore http.socket.timeout during SSL Handshake
> -----------------------------------------------------------
>
>                 Key: HTTPCLIENT-1478
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1478
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpConn
>    Affects Versions: 4.3 Final, 4.3.1, 4.3.2, 4.3.3
>         Environment: All
>            Reporter: Jonah Schwartz
>            Priority: Minor
>             Fix For: 4.3.4
>
>
> https calls ignore http.socket.timeout during SSL Handshake. This can result in a https
call hanging forever waiting for socket read. 
> In both SSLSocketFactory and SSLConnectionSocketFactory, sslsock.startHandshake(); is
called before socket timeout is set on the socket. This means timeout is not respected during
the SSL handshake, and the thread can hang with a stacktrace that looks like this:
> org.apache.http.impl.client.AbstractHttpClient.doExecute
> org.apache.http.impl.client.DefaultRequestDirector.execute
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect
> org.apache.http.impl.conn.ManagedClientConnectionImpl.open
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket
> sun.security.ssl.SSLSocketImpl.startHandshake
> sun.security.ssl.SSLSocketImpl.startHandshake
> sun.security.ssl.SSLSocketImpl.performInitialHandshake
> sun.security.ssl.SSLSocketImpl.readRecord
> sun.security.ssl.InputRecord.read
> sun.security.ssl.InputRecord.readV3Record
> sun.security.ssl.InputRecord.readFully
> java.net.SocketInputStream.read
> java.net.SocketInputStream.socketRead0



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message