[
https://issues.apache.org/jira/browse/QPID-5892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14060080#comment-14060080
]
Keith Wall commented on QPID-5892:
----------------------------------
The race condition is between the IOReceiver thread and the Main thread.
In the unlucky case, the Main thread yields (SSLSender#send) after getting a
NEED_UNWRAP, but before acquiring the sslLock. Meanwhile the IOReceiver thread
receives the "Received fatal alert: bad_certificate" exception from the Engine
and sets the sslErrorFlag. When the Main thread awakes, and begins to wait,
but no notify will come. The wait times out and goes on to generate the
spurious timeout, masking the (useful) true cause (bad certificate).
Checking the sslErrorFlag after acquiring the lock should resolve this issue.
> SSL Sender may spuriously timeout if SSL negotiation fails
> ----------------------------------------------------------
>
> Key: QPID-5892
> URL: https://issues.apache.org/jira/browse/QPID-5892
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker, Java Client
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: 0.29
>
>
> As highlighted by the occasionally failure
> SSLTest.testClientCertMissingWhilstWantingAndNeeding on a slower CI box,
> there is a race condition in SSLSender code. When the race condition
> manifests the test hangs for 60s then produces a timeout exception (SSL
> Engine timed out), rather than the expected (Received fatal alert:
> bad_certificate).
> This issue is probably longstanding.
> {noformat}
> org.apache.qpid.transport.SenderException: SSL Engine timed out waiting for a
> response.To get more info,run with -Djavax.net.debug=ssl
> at
> org.apache.qpid.transport.network.security.ssl.SSLSender.send(SSLSender.java:229)
> at
> org.apache.qpid.transport.network.security.ssl.SSLSender.send(SSLSender.java:35)
> at
> org.apache.qpid.transport.network.Disassembler.init(Disassembler.java:160)
> at
> org.apache.qpid.transport.network.Disassembler.init(Disassembler.java:48)
> at
> org.apache.qpid.transport.ProtocolHeader.delegate(ProtocolHeader.java:110)
> at
> org.apache.qpid.transport.network.Disassembler.send(Disassembler.java:73)
> at
> org.apache.qpid.transport.network.Disassembler.send(Disassembler.java:48)
> at org.apache.qpid.transport.Connection.send(Connection.java:407)
> at org.apache.qpid.transport.Connection.connect(Connection.java:246)
> at
> org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:221)
> at
> org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:620)
> at org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:399)
> at
> org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:155)
> at
> org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:134)
> at
> org.apache.qpid.test.utils.QpidBrokerTestCase.getConnection(QpidBrokerTestCase.java:1124)
> at
> org.apache.qpid.client.ssl.SSLTest.missingClientCertWhileNeedingOrWantingTestImpl(SSLTest.java:326)
> at
> org.apache.qpid.client.ssl.SSLTest.testClientCertMissingWhilstWantingAndNeeding(SSLTest.java:306)
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
