[jira] [Commented] (AMQ-6010) AMQP SSL Transport "leaking" currentTransportCounts

Wed, 14 Oct 2015 08:41:43 -0700 

    [ 
https://issues.apache.org/jira/browse/AMQ-6010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957104#comment-14957104
 ] 

ASF subversion and git services commented on AMQ-6010:
------------------------------------------------------

Commit 80b526be7df3471876eceaa2c610747ca7fb89da in activemq's branch 
refs/heads/master from [~tabish121]
[ https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=80b526b ]

https://issues.apache.org/jira/browse/AMQ-6010

Fix for failed SSL connections not releasing the connection count in the
transport which leads to connections being rejected as having eceeded
the maximum configured connections.

> AMQP SSL Transport "leaking" currentTransportCounts
> ---------------------------------------------------
>
>                 Key: AMQ-6010
>                 URL: https://issues.apache.org/jira/browse/AMQ-6010
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: AMQP
>    Affects Versions: 5.11.1, 5.12.0
>            Reporter: Marcel Meulemans
>
> When using the AMQP SSL transport the currentTransportCount (variable that 
> tracks connection count in TcpTransportServer.java) can "leak" when the SSL 
> connection is aborted during handshake. In this case the TcpTransportServer 
> class the currentTransportCount is incremented in handleSocket but never 
> decremented in stopped. This eventually leads to 
> ExceededMaximumConnectionsException being thrown from handleSocket. The SSL 
> connection is aborted during handshake if needClientAuth is configured on the 
> transport and a client with an invalid certificate tries to connect.
> *Reproduction*
> 1. Enable the AMQP SSL transport: {{<transportConnector name="amqp+ssl" 
> uri="amqp+ssl://0.0.0.0:5671?needClientAuth=true&amp;maximumConnections=10"/>}}
> 2. Try to connect with no/invalid client certificate: {{openssl s_client 
> -connect localhost:5671}}
> 3. After 10 attempts ActiveMQ logs will start showing 
> ExceededMaximumConnectionsException exceptions.
> *Bug*
> During the SSL handshake phase the protocol converter in the AMQP transport 
> is set to the AMQPProtocolDiscriminator which silently swallows exceptions:
> {code:java}
> public void onAMQPException(IOException error) {
> }
> {code}
> Which in turn cause the normal stop sequence (via asyncStop) to be skipped.
> *Fix*
> Change the AMQPProtocolDiscriminator to handle the error instead of swallow 
> it:
> {code:java}
> public void onAMQPException(IOException error) {
>     transport.sendToActiveMQ(error);
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to