Re: X509Factory.getFromCache

2016-10-19 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 10/18/16 4:19 PM, Mark Thomas wrote:
> On 18/10/2016 19:43, Rallavagu wrote:
>> Tomcat 7.0.70, JDK 1.7.0_80 $java -version java version
>> "1.7.0_80" Java(TM) SE Runtime Environment (build 1.7.0_80-b15) 
>> Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed mode)
>> 
>> There are many threads BLOCKED as below and due to this these
>> threads are very slow.
> 
> That is an outgoing TLS connection and essentially nothing to do
> with Tomcat.

+1

>> Anybody else experienced this? Am I hitting following JDK bug?
>> 
>> https://bugs.openjdk.java.net/browse/JDK-6432000
> 
> Looks possible.

Definitely possible.

However, my guess is that whatever
com.dice.api.util.service.DiceHTTPClient is is re-initializing the
SSLSocketFactory for every request.

If you have control over the code that is calling
DiceHTTPClient.getGetDeleteResponse, you might want to see if you can
create an SSLSocketFactory a single time and then re-use it for all
your outgoing connection (or as many as are appropriate -- you may
need a different trust store for each remote endpoint for example).

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYCAl7AAoJEBzwKT+lPKRY150QALwoTDIYdHf1AlLRb8+Tx+N9
Gnu6WVVpvepdsppiPoTyP/s9SBCTQasO6AqzE2peHo7i9dTe2VeaIAgaPVCq6cO1
yeCMVAQ865cVzkThw4HQRwXJF6mcDOVatUtPtS8xm0HXUwjVZT/9COM5aF/BXMT4
9I5N2JSj571tuGriKqTq7Lgm1/DHQLXQENhFiuYhweiYgnkOT287dJcyQiBNAwGM
yawUWBCQ2bbg46eXrj5/eOy92rFTL42SkJn+FHHQCESFxQ9ODY8wJN3EwRg449ZV
8nNrEXEmQ5qtokgFM5NEUvLMw6fj+kjLH/SUenyICNkIWph67w1RkHvDiUxlxLj7
SLvJ7NYl9ep0gYxO/aD+GQUKT0TmhjbTzcjKuENquHf0x12q1fvDCS0lO2YwhjOF
R8/89ZcNl1h0j+FlMDWpcSuLGtFOI6NK1xfdl5XW3uXRQEEbBZDHWOX5esBcxOM2
jfHJ1Ge4Cug+vRLnTAYD0b1UTUN/h5ySR6Bv63GTro645B9Flj4dRx2XHR5REHRB
ZIRPtBfQlkQ77gEEfZrbqLvIbgYpyjlwSZ58j2GYy0qGpmleunhExUoGzSBDQpBE
PoHHNa+lzHVGKqLaACjIc9rnZle/4FhY2VWEsmgue78eJuNSK6URzZ16Q+aFD5ET
N3h561PCVQSqeEb3H5pN
=m4/h
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: X509Factory.getFromCache

2016-10-18 Thread Mark Thomas 
On 18/10/2016 19:43, Rallavagu wrote:
> Tomcat 7.0.70, JDK 1.7.0_80
> $java -version
> java version "1.7.0_80"
> Java(TM) SE Runtime Environment (build 1.7.0_80-b15)
> Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed mode)
> 
> There are many threads BLOCKED as below and due to this these threads
> are very slow.

That is an outgoing TLS connection and essentially nothing to do with
Tomcat.

> Anybody else experienced this? Am I hitting following JDK
> bug?
> 
> https://bugs.openjdk.java.net/browse/JDK-6432000

Looks possible.

Mark


> 
> "http-bio-28080-exec-1155" daemon prio=10 tid=0x7feca808e000
> nid=0x5a31 waiting for monitor entry [0x7feba3cf8000]
>java.lang.Thread.State: BLOCKED (on object monitor)
> at
> sun.security.provider.X509Factory.getFromCache(X509Factory.java:215)
> - waiting to lock <0x0006a00be6a8> (a java.lang.Class for
> sun.security.provider.X509Factory)
> at
> sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:94)
> 
> at
> java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
> 
> at
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:747)
> - locked <0x0006dd58da90> (a java.util.Hashtable)
> at
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> at java.security.KeyStore.load(KeyStore.java:1226)
> at
> sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:221)
> 
> at
> sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:51)
> 
> at
> javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250)
> at
> sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:79)
> at javax.net.ssl.SSLContext.init(SSLContext.java:283)
> at
> org.apache.http.ssl.SSLContexts.createDefault(SSLContexts.java:55)
> at
> org.apache.http.conn.ssl.SSLConnectionSocketFactory.getSocketFactory(SSLConnectionSocketFactory.java:172)
> 
> at
> org.apache.http.impl.conn.BasicHttpClientConnectionManager.getDefaultRegistry(BasicHttpClientConnectionManager.java:117)
> 
> at
> org.apache.http.impl.conn.BasicHttpClientConnectionManager.(BasicHttpClientConnectionManager.java:161)
> 
> at
> com.dice.api.util.service.DiceHTTPClient.getGetDeleteResponse(DiceHTTPClient.java:162)
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

X509Factory.getFromCache

2016-10-18 Thread Rallavagu 

Tomcat 7.0.70, JDK 1.7.0_80
$java -version
java version "1.7.0_80"
Java(TM) SE Runtime Environment (build 1.7.0_80-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed mode)

There are many threads BLOCKED as below and due to this these threads 
are very slow. Anybody else experienced this? Am I hitting following JDK 
bug?


https://bugs.openjdk.java.net/browse/JDK-6432000

"http-bio-28080-exec-1155" daemon prio=10 tid=0x7feca808e000 
nid=0x5a31 waiting for monitor entry [0x7feba3cf8000]

   java.lang.Thread.State: BLOCKED (on object monitor)
at 
sun.security.provider.X509Factory.getFromCache(X509Factory.java:215)
- waiting to lock <0x0006a00be6a8> (a java.lang.Class for 
sun.security.provider.X509Factory)
at 
sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:94)
at 
java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at 
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:747)

- locked <0x0006dd58da90> (a java.util.Hashtable)
at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)

at java.security.KeyStore.load(KeyStore.java:1226)
at 
sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:221)
at 
sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:51)
at 
javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250)
at 
sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:79)

at javax.net.ssl.SSLContext.init(SSLContext.java:283)
at 
org.apache.http.ssl.SSLContexts.createDefault(SSLContexts.java:55)
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.getSocketFactory(SSLConnectionSocketFactory.java:172)
at 
org.apache.http.impl.conn.BasicHttpClientConnectionManager.getDefaultRegistry(BasicHttpClientConnectionManager.java:117)
at 
org.apache.http.impl.conn.BasicHttpClientConnectionManager.(BasicHttpClientConnectionManager.java:161)
at 
com.dice.api.util.service.DiceHTTPClient.getGetDeleteResponse(DiceHTTPClient.java:162)


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org