[jira] [Commented] (HTTPCORE-658) Closing a connection triggers a javax.net.debug error to be logged

Tue, 12 Jan 2021 11:00:05 -0800 


    [ 
https://issues.apache.org/jira/browse/HTTPCORE-658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17263603#comment-17263603
 ] 

Oleg Kalnichevski commented on HTTPCORE-658:
--------------------------------------------

[~ydylla] I am somewhat conflicted about this change because I am still seeing 
similar warning with Adopt JDK 1.8.0.265. 
{noformat}
javax.net.ssl|FINE|0F|HTTP-worker-1|2021-01-12 19:47:32.424 
CET|Logger.java:765|duplex close of SSLSocket
javax.net.ssl|FINE|0F|HTTP-worker-1|2021-01-12 19:47:32.426 
CET|Logger.java:765|close the underlying socket
javax.net.ssl|FINE|0F|HTTP-worker-1|2021-01-12 19:47:32.426 
CET|Logger.java:765|close the SSL connection (initiative)
javax.net.ssl|FINE|0F|HTTP-worker-1|2021-01-12 19:47:32.426 
CET|Logger.java:765|close inbound of SSLSocket
javax.net.ssl|WARNING|0F|HTTP-worker-1|2021-01-12 19:47:32.428 
CET|Logger.java:765|SSLSocket duplex close failed (
"throwable" : {
  java.net.SocketException: Socket is closed
        at java.net.Socket.shutdownInput(Socket.java:1539)
        at 
sun.security.ssl.BaseSSLSocketImpl.shutdownInput(BaseSSLSocketImpl.java:216)
        at sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:643)
        at 
sun.security.ssl.SSLSocketImpl.bruteForceCloseInput(SSLSocketImpl.java:598)
        at 
sun.security.ssl.SSLSocketImpl.duplexCloseOutput(SSLSocketImpl.java:558)
        at sun.security.ssl.SSLSocketImpl.close(SSLSocketImpl.java:471)
        at 
org.apache.hc.core5.http.impl.io.BHttpConnectionBase.close(BHttpConnectionBase.java:255)
        at 
org.apache.hc.core5.http.impl.io.DefaultBHttpServerConnection.close(DefaultBHttpServerConnection.java:59)
        at 
org.apache.hc.core5.http.impl.io.HttpService$1.submitResponse(HttpService.java:234)
        at 
org.apache.hc.core5.http.io.support.HttpServerFilterChainRequestHandler$1.submitResponse(HttpServerFilterChainRequestHandler.java:68)
        at 
org.apache.hc.core5.testing.classic.ClassicServerAndRequesterTest$1$1$1.submitResponse(ClassicServerAndRequesterTest.java:126)
        at 
org.apache.hc.core5.http.io.support.TerminalServerFilter.handle(TerminalServerFilter.java:79)
        at 
org.apache.hc.core5.http.io.support.HttpServerFilterChainElement.handle(HttpServerFilterChainElement.java:68)
        at 
org.apache.hc.core5.http.io.support.HttpServerFilterChainElement$1.proceed(HttpServerFilterChainElement.java:59)
        at 
org.apache.hc.core5.testing.classic.ClassicServerAndRequesterTest$1$1.handle(ClassicServerAndRequesterTest.java:112)
        at 
org.apache.hc.core5.http.io.support.HttpServerFilterChainElement.handle(HttpServerFilterChainElement.java:68)
        at 
org.apache.hc.core5.http.io.support.HttpServerFilterChainElement$1.proceed(HttpServerFilterChainElement.java:59)
        at 
org.apache.hc.core5.http.io.support.HttpServerExpectationFilter.handle(HttpServerExpectationFilter.java:100)
        at 
org.apache.hc.core5.http.io.support.HttpServerFilterChainElement.handle(HttpServerFilterChainElement.java:68)
        at 
org.apache.hc.core5.http.io.support.HttpServerFilterChainRequestHandler.handle(HttpServerFilterChainRequestHandler.java:59)
        at 
org.apache.hc.core5.http.impl.io.HttpService.handleRequest(HttpService.java:190)
        at org.apache.hc.core5.http.impl.bootstrap.Worker.run(Worker.java:62)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)}

)
javax.net.ssl|FINE|01|main|2021-01-12 19:47:32.429 CET|Logger.java:765|duplex 
close of SSLSocket
javax.net.ssl|FINE|01|main|2021-01-12 19:47:32.429 CET|Logger.java:765|close 
the underlying socket
javax.net.ssl|FINE|01|main|2021-01-12 19:47:32.430 CET|Logger.java:765|close 
the SSL connection (initiative)
javax.net.ssl|FINE|01|main|2021-01-12 19:47:32.430 CET|Logger.java:765|close 
inbound of SSLSocket
{noformat}

However Adopt JDK 11.0.8 does seem to be able to close out connections cleanly 

What I think I will do is committing the change to HttpCore 5.1.x and 5.2.x 
while leaving HttpCore 4.4.x and 5.0.x as it.

Oleg

> Closing a connection triggers a javax.net.debug error to be logged
> ------------------------------------------------------------------
>
>                 Key: HTTPCORE-658
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-658
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore
>    Affects Versions: 4.4.13
>            Reporter: Yannick Dylla
>            Priority: Minor
>         Attachments: tls-close-bug.zip
>
>
> Hi,
>  I noticed that on each SSL/TLS Connection closing the following Exception is 
> logged when {{-Djavax.net.debug=ssl}} is enabled:
> {noformat}
> javax.net.ssl|ERROR|01|main|2021-01-11 11:38:11.259 
> CET|TransportContext.java:318|Fatal (INTERNAL_ERROR): closing inbound before 
> receiving peer's close_notify (
> "throwable" : {
>   javax.net.ssl.SSLException: closing inbound before receiving peer's 
> close_notify
>         at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
>         at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
>         at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:313)
>         at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269)
>         at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:260)
>         at 
> java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:737)
>         at 
> java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:716)
>         at 
> org.apache.http.impl.BHttpConnectionBase.close(BHttpConnectionBase.java:325)
>         at 
> org.apache.http.impl.conn.LoggingManagedHttpClientConnection.close(LoggingManagedHttpClientConnection.java:81)
>         at 
> org.apache.http.impl.conn.CPoolEntry.closeConnection(CPoolEntry.java:70)
>         at org.apache.http.impl.conn.CPoolEntry.close(CPoolEntry.java:96)
>         at 
> org.apache.http.pool.AbstractConnPool.shutdown(AbstractConnPool.java:149)
>         at 
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager.shutdown(PoolingHttpClientConnectionManager.java:430)
>         at 
> org.apache.http.impl.client.HttpClientBuilder$2.close(HttpClientBuilder.java:1244)
>         at 
> org.apache.http.impl.client.InternalHttpClient.close(InternalHttpClient.java:201)
>         at TLSCloseBug.main(TLSCloseBug.java:83)}
> )
> {noformat}
> I tracked down the Problem to the BHttpConnectionBase.close code, where 
> socket.shutdownOutput and socket.shutdownInput are called before 
> socket.close().
>  Why is that? The code is pretty old so maybe it was required at some point.
>  But for the JDK 11 SSLSocketImpl this triggers the error to be logged.
>  In general, I think it would be better to remove the shutdownOutput and 
> shutdownInput calls and only rely on the {{Closeable}} contract to clean up 
> the socket.
>  For the JDK 11 SSLSocketImpl this would fix the Problem.
> I also wrote a small example app to trigger the error: [^tls-close-bug.zip]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to