hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Archie Cobbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1589) Connect timeout ignored during SSL connection setup
Date Tue, 16 Dec 2014 15:17:13 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14248361#comment-14248361

Archie Cobbs commented on HTTPCLIENT-1589:

OK thanks. Do you have a reference to the fix for this in 4.3.6? E.g., an existing JIRA issue
or SVN commit?


> Connect timeout ignored during SSL connection setup 
> ----------------------------------------------------
>                 Key: HTTPCLIENT-1589
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1589
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.3.5
>         Environment: httpcore-4.3.2
> httpclient-4.3.5
> Linux + Tomcat
>            Reporter: Archie Cobbs
>             Fix For: 4.3.6
> I have Apache HTTP client setup for 30 second connection timeout and 30 second read timeout.
> In rare cases, due to a firewall issue, my outgoing connections are occasionally "blackholed"
in the sense that the TCP connection remains up but absolutely zero TCP packets are received
from the peer. So from the local side it just appears that the TCP connection is idle (outside
the firewall the TCP connection may be closed, but my client can't see that inside the firewall).
> If this happens at the wrong time during SSL connection setup, the connection hangs forever,
even though it should be subject to an overall 30 second timeout.
> Here's a stack trace showing a thread that is indefinitely stuck in this scenario:
> {noformat}
> "webClientTaskExecutor-3" prio=10 tid=0x00007fab3428a800 nid=0x4196 runnable [0x00007fab1647a000]
> java.lang.Thread.State: RUNNABLE
>   at java.net.SocketInputStream.socketRead0(Native Method)
>   at java.net.SocketInputStream.read(SocketInputStream.java:152)
>   at java.net.SocketInputStream.read(SocketInputStream.java:122)
>   at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
>   at sun.security.ssl.InputRecord.read(InputRecord.java:480)
>   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
>   - locked <0x00000007a9472180> (a java.lang.Object)
>   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
>   - locked <0x00000007a9472298> (a java.lang.Object)
>   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>   at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
>   at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254)
>   at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123)
>   at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318)
>   at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
>   at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
>   at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
>   at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
>   at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
>   at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
>   at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>   ...
> {noformat}
> An obvious workaround is to configure TCP keep-alive; I have not tried this yet.
> However, the respect for the connect timeout should be bullet-proof, no matter what happens
on the network.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message