John Blum created GEODE-7157:
--------------------------------
Summary: SSLConnectionFactory and SSLConfig are NOT Thread-safe
Key: GEODE-7157
URL: https://issues.apache.org/jira/browse/GEODE-7157
Project: Geode
Issue Type: Bug
Components: configuration, core, security
Reporter: John Blum
{{SSLConfig}} is a "_shared_" object (if you carefully analyze the
{{SSLConfigurationFactory}} class) and needs to be Thread-safe!!
{{SSLConfigurationFactory}} does NOT properly guard all access points to the
(once again) "_shared_" {{registeredSSLConfig}} {{Map}} instance. Furthermore,
this class also uses an non-Thread-safe {{Map}} implementation for
{{registeredSSLConfig}}, i.e. {{HashMap}}, to "cache" {{SSLConfig}} objects,
which is "safe" iff "_all_" access to this "shared" {{registeredSSLConfig}}
{{Map}} instance is "{{synchronized}}", which it isn't (!!) ... e.g.
{{SSLConfigurationFactory.close()}}, which subsequently calls
{{clearSSLConfigForAllComponents()}}, which "_clears_" the
{{registeredSSLConfig}} {{Map}}. Because it is not properly protected, it is
possible to see stale state, especially between tests!!!
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
