This is an automated email from the ASF dual-hosted git repository.
bhaisaab pushed a commit to branch debian9-systemvmtemplate
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/debian9-systemvmtemplate by
this push:
new d3f0b30 fix nio regression
d3f0b30 is described below
commit d3f0b30b0a4046ae0aefccb7643f4a907ffb47cd
Author: Rohit Yadav <[email protected]>
AuthorDate: Thu Nov 30 16:51:48 2017 +0530
fix nio regression
Signed-off-by: Rohit Yadav <[email protected]>
---
.../cloud/agent/manager/ClusteredAgentManagerImpl.java | 2 +-
utils/src/main/java/com/cloud/utils/nio/Link.java | 15 +++++++++------
utils/src/main/java/com/cloud/utils/nio/NioClient.java | 2 +-
.../src/main/java/com/cloud/utils/nio/NioConnection.java | 2 +-
4 files changed, 12 insertions(+), 9 deletions(-)
diff --git
a/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
b/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
index 2ebfeb5..0b9899e 100644
---
a/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
+++
b/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
@@ -519,7 +519,7 @@ public class ClusteredAgentManagerImpl extends
AgentManagerImpl implements Clust
sslEngine.setUseClientMode(true);
sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols()));
sslEngine.beginHandshake();
- if (!Link.doHandshake(ch1, sslEngine, true)) {
+ if (!Link.doHandshake(ch1, sslEngine)) {
ch1.close();
throw new IOException(String.format("SSL:
Handshake failed with peer management server '%s' on %s:%d ", peerName, ip,
port));
}
diff --git a/utils/src/main/java/com/cloud/utils/nio/Link.java
b/utils/src/main/java/com/cloud/utils/nio/Link.java
index 8f1b811..ee09f8c 100644
--- a/utils/src/main/java/com/cloud/utils/nio/Link.java
+++ b/utils/src/main/java/com/cloud/utils/nio/Link.java
@@ -32,6 +32,8 @@ import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.concurrent.ConcurrentLinkedQueue;
+import java.util.concurrent.Executor;
+import java.util.concurrent.Executors;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@@ -462,7 +464,7 @@ public class Link {
return buffer;
}
- public static ByteBuffer handleBufferUnderflow(final SSLEngine engine,
ByteBuffer buffer) {
+ public static ByteBuffer handleBufferUnderflow(final SSLEngine engine,
final ByteBuffer buffer) {
if (engine == null || buffer == null) {
return buffer;
}
@@ -503,7 +505,7 @@ public class Link {
s_logger.error(String.format("SSL error caught during unwrap data:
%s, for local address=%s, remote address=%s. The client may have invalid
ca-certificates.",
sslException.getMessage(),
socketChannel.getLocalAddress(), socketChannel.getRemoteAddress()));
sslEngine.closeOutbound();
- return false;
+ return true;
}
switch (result.getStatus()) {
case OK:
@@ -522,8 +524,8 @@ public class Link {
return false;
} else {
sslEngine.closeOutbound();
- break;
}
+ break;
default:
throw new IllegalStateException("Invalid SSL status: " +
result.getStatus());
}
@@ -545,7 +547,7 @@ public class Link {
s_logger.error(String.format("SSL error caught during wrap data:
%s, for local address=%s, remote address=%s.",
sslException.getMessage(),
socketChannel.getLocalAddress(), socketChannel.getRemoteAddress()));
sslEngine.closeOutbound();
- return false;
+ return true;
}
switch (result.getStatus()) {
case OK :
@@ -582,7 +584,7 @@ public class Link {
return true;
}
- public static boolean doHandshake(final SocketChannel socketChannel, final
SSLEngine sslEngine, final boolean isClient) throws IOException {
+ public static boolean doHandshake(final SocketChannel socketChannel, final
SSLEngine sslEngine) throws IOException {
if (socketChannel == null || sslEngine == null) {
return false;
}
@@ -593,6 +595,7 @@ public class Link {
ByteBuffer myNetData = ByteBuffer.allocate(netBufferSize);
ByteBuffer peerNetData = ByteBuffer.allocate(netBufferSize);
+ final Executor executor = Executors.newSingleThreadExecutor();
final long startTimeMills = System.currentTimeMillis();
HandshakeStatus handshakeStatus = sslEngine.getHandshakeStatus();
@@ -621,7 +624,7 @@ public class Link {
if (s_logger.isTraceEnabled()) {
s_logger.trace("SSL: Running delegated task!");
}
- task.run();
+ executor.execute(task);
}
break;
case FINISHED:
diff --git a/utils/src/main/java/com/cloud/utils/nio/NioClient.java
b/utils/src/main/java/com/cloud/utils/nio/NioClient.java
index 1c29b0c..d4a1e02 100644
--- a/utils/src/main/java/com/cloud/utils/nio/NioClient.java
+++ b/utils/src/main/java/com/cloud/utils/nio/NioClient.java
@@ -61,7 +61,7 @@ public class NioClient extends NioConnection {
sslEngine.setUseClientMode(true);
sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols()));
sslEngine.beginHandshake();
- if (!Link.doHandshake(_clientConnection, sslEngine, true)) {
+ if (!Link.doHandshake(_clientConnection, sslEngine)) {
s_logger.error("SSL Handshake failed while connecting to host:
" + _host + " port: " + _port);
_selector.close();
throw new IOException("SSL Handshake failed while connecting
to host: " + _host + " port: " + _port);
diff --git a/utils/src/main/java/com/cloud/utils/nio/NioConnection.java
b/utils/src/main/java/com/cloud/utils/nio/NioConnection.java
index 30000cf..9a5bf7e 100644
--- a/utils/src/main/java/com/cloud/utils/nio/NioConnection.java
+++ b/utils/src/main/java/com/cloud/utils/nio/NioConnection.java
@@ -213,7 +213,7 @@ public abstract class NioConnection implements
Callable<Boolean> {
_selector.wakeup();
try {
sslEngine.beginHandshake();
- if (!Link.doHandshake(socketChannel, sslEngine,
false)) {
+ if (!Link.doHandshake(socketChannel, sslEngine)) {
throw new IOException("SSL handshake timed out
with " + socketChannel.getRemoteAddress());
}
if (s_logger.isTraceEnabled()) {
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
