hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "August Lilleaas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1478) https calls ignore http.socket.timeout during SSL Handshake
Date Thu, 18 Feb 2016 12:31:18 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15152242#comment-15152242
] 

August Lilleaas commented on HTTPCLIENT-1478:
---------------------------------------------

I encountered this issue on verson 4.3.4. I upgraded to 4.5.1 and the issue was fixed there.

I was able to reproduce this using a small Node.js TCP server that does nothing after the
connection is opened, but closes the connection after 5 seconds. Here is the node server:

{noformat}
var net = require("net");

var server = net.createServer({}, function (conn) {
    console.log("a connection");
    setTimeout(function () { conn.end(); }, 5000);
});

server.listen(6171);
{noformat}

Here is the code (Groovy) to reproduce the issue:

{noformat}
url = "https://localhost:6171"

res = org.apache.http.client.fluent.Request.Get(url)
            .connectTimeout(1000)
            .socketTimeout(1000)
            .execute()
            .returnResponse()

org.apache.http.util.EntityUtils.toString(res.getEntity())
{noformat}

In version 4.3.4, http:// worked fine and timed out after 1 second. With https, the request
hangs beyond 1 seconds and hangs until the Node.js server closes the TCP connection.

In version 4.5.1, the http behaviour was identical, and on https I got the following exception:

{noformat}
org.apache.http.conn.ConnectTimeoutException: Connect to localhost:6171 [localhost/127.0.0.1]
failed: Read timed out
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:143)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
    at org.apache.http.client.fluent.Request.internalExecute(Request.java:173)
    at org.apache.http.client.fluent.Request.execute(Request.java:177)
    at Script1.run(Script1.groovy:3)
{noformat}

> https calls ignore http.socket.timeout during SSL Handshake
> -----------------------------------------------------------
>
>                 Key: HTTPCLIENT-1478
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1478
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpConn
>    Affects Versions: 4.3 Final, 4.3.1, 4.3.2, 4.3.3
>         Environment: All
>            Reporter: Jonah Schwartz
>            Priority: Minor
>             Fix For: 4.3.4
>
>
> https calls ignore http.socket.timeout during SSL Handshake. This can result in a https
call hanging forever waiting for socket read. 
> In both SSLSocketFactory and SSLConnectionSocketFactory, sslsock.startHandshake(); is
called before socket timeout is set on the socket. This means timeout is not respected during
the SSL handshake, and the thread can hang with a stacktrace that looks like this:
> org.apache.http.impl.client.AbstractHttpClient.doExecute
> org.apache.http.impl.client.DefaultRequestDirector.execute
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect
> org.apache.http.impl.conn.ManagedClientConnectionImpl.open
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket
> sun.security.ssl.SSLSocketImpl.startHandshake
> sun.security.ssl.SSLSocketImpl.startHandshake
> sun.security.ssl.SSLSocketImpl.performInitialHandshake
> sun.security.ssl.SSLSocketImpl.readRecord
> sun.security.ssl.InputRecord.read
> sun.security.ssl.InputRecord.readV3Record
> sun.security.ssl.InputRecord.readFully
> java.net.SocketInputStream.read
> java.net.SocketInputStream.socketRead0



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message