[
https://issues.apache.org/jira/browse/CXF-5063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aymeric Levaux reopened CXF-5063:
---------------------------------
Hi Daniel,
The fix is not working, the getKeyManagersWithCertAlias method has been changed
to return the wrapped KeyManager instead of modifying the TLSClientParameters
but the returned KeyManagers are never used in getSSLContext.
Other questions:
* Is the hashCode check in getSSLContext required? Are there cases where the
TLSClientParameters would change after the first connection has been
established? I saw that there is no such mechanism in the
HttpsURLConnectionFactory.
* Should I create a separate issue for the generated catch blocks that are
swallowing exceptions?
Thanks,
Aymeric
> When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch
> of requests
> ----------------------------------------------------------------------------------------
>
> Key: CXF-5063
> URL: https://issues.apache.org/jira/browse/CXF-5063
> Project: CXF
> Issue Type: Bug
> Components: Transports
> Affects Versions: 2.7.5
> Reporter: Aymeric Levaux
> Assignee: Daniel Kulp
> Priority: Critical
> Fix For: 2.7.6
>
>
> When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch
> of requests.
> *Root cause:*
> For each request, when AsyncHTTPConduit.getSSLContext() is called, the
> KeyManagers are wrapped by an AliasedX509ExtendedKeyManager. After some time,
> the KeyManagers are wrapped thousands of times. Then, at the moment a new
> connection needs to be established, a StackOverflowError is thrown when
> AliasedX509ExtendedKeyManager.getPrivateKey() is called. This causes the I/O
> dispatchers of the HttpAsynClient to all go down one after the other. When
> all the I/O dispatchers are down all requests done on the HttpAsyncClient are
> timing out.
> In AsyncHTTPConduit.getSSLContext() the hash code of the TlsClientParameters
> is checked to decide whether or not a new SSLContext should be created. This
> is not working in this context as the wrapping of the KeyManagers has an
> influence on the tlsClientParameters hash code.
> Additionally (not directly linked to the issue), the hash code should never
> be used as an identifier. Two different TlsClientParameters might have the
> same hash code, in such a case the cached SSLContext won't be refreshed.
> *Other points:*
> * The AsyncHTTPConduit is containing a few auto generated catch blocks (with
> e.printStackTrace(); ).
> * When the I/O dispatchers are going down (quite an important issue), the
> error is logged on the System.err and nothing is logged on the Logger.
> * In the CXF documentation nothing is mentioned on the fact the
> HttpAsyncClient is still in beta.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
