lvfangmin commented on a change in pull request #843: ZOOKEEPER-3296:
Explicitly closing the sslsocket when it failed handshake to prevent issue
where peers cannot join quorum
URL: https://github.com/apache/zookeeper/pull/843#discussion_r264328572
##########
File path:
zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/QuorumCnxManager.java
##########
@@ -648,17 +650,16 @@ synchronized private boolean connectOne(long sid,
InetSocketAddress electionAddr
try {
LOG.debug("Opening channel to server " + sid);
if (self.isSslQuorum()) {
- SSLSocket sslSock = self.getX509Util().createSSLSocket();
- setSockOpts(sslSock);
- sslSock.connect(electionAddr, cnxTO);
- sslSock.startHandshake();
Review comment:
Yes. During exception handling in the existing code, it will check and only
close if the sock instance is not null.
Previously, we only assign the sock instance when it finished handshake,
which may leak the connection in case if failed there after connection is
created.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
