[
https://issues.apache.org/jira/browse/HTTPCLIENT-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475830#comment-17475830
]
Andrei Vasilev commented on HTTPCLIENT-2193:
--------------------------------------------
[~olegk] I finally figured it out. Went on a deep dive with the debugger for a
few hours and slowly chipped away at it.
The issue was SSL buffer overflow, which was caused by a bug in the HTTP core
code, specifically the SSLIOSession class on line 591. The wrong buffer method
is being called.
Surprisingly, it was already fixed two months ago, the fix just hasn't been
pushed out yet! Here is the
[commit|https://github.com/apache/httpcomponents-core/commit/1e4bd7b4640c1250e0f7bdceee5fc9d47e30b4b2#diff-03659c0ef56978ac3553c138d139a3eee79e1619e71ee3a52b7674961db41245]
with the fix in it.
So the latest http client code still has the bug in it. I know its hard to
disclose when releases will happen, but any idea when that will get pushed out?
If not, what do you think our best bet is for now. I suppose the only option is
to build from source yes?
Thanks again for helping me out!
> HttpClient Hangs Indefinitely When Using Conscrypt
> --------------------------------------------------
>
> Key: HTTPCLIENT-2193
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2193
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (async)
> Affects Versions: 5.1.2, 5.2-alpha1
> Reporter: Andrei Vasilev
> Priority: Minor
> Attachments: Main.java, amazon(FAILURE).log, build.gradle,
> google(SUCCESS).log, log4j2.xml, netflix(FAILURE).log, yahoo(SUCCESS).log
>
>
> When using an alternative security provider such as Conscrypt, requests will
> fail the majority of the time, hanging indefinitely at various points during
> the request / response process.
> All requests appear to successfully CONNECT, but retrieving data is very
> intermittent. Either the entity is not streamed at all, partially streamed,
> or fully streamed but the client then hangs forever. I let it run for 3
> hours, and even then the client didn't shutdown.
> As you can see in the logs I have attached, requests to some major websites
> will fail at different steps. I have also attached a minimally re-produceable
> example program. I tested this with OkHttp client and all requests work just
> fine using Conscrypt. Not sure what's going on.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
