Marcel Meulemans created AMQ-6010:
-------------------------------------
Summary: AMQP SSL Transport "leaking" currentTransportCounts
Key: AMQ-6010
URL: https://issues.apache.org/jira/browse/AMQ-6010
Project: ActiveMQ
Issue Type: Bug
Components: AMQP
Affects Versions: 5.12.0, 5.11.1
Reporter: Marcel Meulemans
When using the AMQP SSL transport the currentTransportCount (variable that
tracks connection count in TcpTransportServer.java) can "leak" when the SSL
connection is aborted during handshake. In this case the TcpTransportServer
class the currentTransportCount is incremented in handleSocket but never
decremented in stopped. This eventually leads to
ExceededMaximumConnectionsException being thrown from handleSocket. The SSL
connection is aborted during handshake if needClientAuth is configured on the
transport and a client with an invalid certificate tries to connect.
*Reproduction*
1. Enable the AMQP SSL transport: {{<transportConnector name="amqp+ssl"
uri="amqp+ssl://0.0.0.0:5671?needClientAuth=true&maximumConnections=10"/>}}
2. Try to connect with no/invalid client certificate: {{openssl s_client
-connect localhost:5671}}
3. After 10 attempts ActiveMQ logs will start showing
ExceededMaximumConnectionsException exceptions.
*Bug*
During the SSL handshake phase the protocol converter in the AMQP transport is
set to the AMQPProtocolDiscriminator which silently swallows exceptions:
{code:java}
public void onAMQPException(IOException error) {
}
{code}
Which in turn cause the normal stop sequence (via asyncStop) to be skipped.
*Fix*
Change the AMQPProtocolDiscriminator to handle the error instead of swallow it:
{code:java}
public void onAMQPException(IOException error) {
transport.sendToActiveMQ(error);
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
