[jira] [Commented] (AMQ-6010) AMQP SSL Transport "leaking" currentTransportCounts

Tue, 13 Oct 2015 13:56:29 -0700 

    [ 
https://issues.apache.org/jira/browse/AMQ-6010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14955660#comment-14955660
 ] 

Timothy Bish commented on AMQ-6010:
-----------------------------------

You should take a shot at creating a unit test to reproduce and supply a patch 
to fix if you feel so inclined.  

> AMQP SSL Transport "leaking" currentTransportCounts
> ---------------------------------------------------
>
>                 Key: AMQ-6010
>                 URL: https://issues.apache.org/jira/browse/AMQ-6010
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: AMQP
>    Affects Versions: 5.11.1, 5.12.0
>            Reporter: Marcel Meulemans
>
> When using the AMQP SSL transport the currentTransportCount (variable that 
> tracks connection count in TcpTransportServer.java) can "leak" when the SSL 
> connection is aborted during handshake. In this case the TcpTransportServer 
> class the currentTransportCount is incremented in handleSocket but never 
> decremented in stopped. This eventually leads to 
> ExceededMaximumConnectionsException being thrown from handleSocket. The SSL 
> connection is aborted during handshake if needClientAuth is configured on the 
> transport and a client with an invalid certificate tries to connect.
> *Reproduction*
> 1. Enable the AMQP SSL transport: {{<transportConnector name="amqp+ssl" 
> uri="amqp+ssl://0.0.0.0:5671?needClientAuth=true&amp;maximumConnections=10"/>}}
> 2. Try to connect with no/invalid client certificate: {{openssl s_client 
> -connect localhost:5671}}
> 3. After 10 attempts ActiveMQ logs will start showing 
> ExceededMaximumConnectionsException exceptions.
> *Bug*
> During the SSL handshake phase the protocol converter in the AMQP transport 
> is set to the AMQPProtocolDiscriminator which silently swallows exceptions:
> {code:java}
> public void onAMQPException(IOException error) {
> }
> {code}
> Which in turn cause the normal stop sequence (via asyncStop) to be skipped.
> *Fix*
> Change the AMQPProtocolDiscriminator to handle the error instead of swallow 
> it:
> {code:java}
> public void onAMQPException(IOException error) {
>     transport.sendToActiveMQ(error);
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to