[
https://issues.apache.org/jira/browse/GEODE-7157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16967769#comment-16967769
]
ASF subversion and git services commented on GEODE-7157:
--------------------------------------------------------
Commit 9a6036b7cb266e43b5e583b443003a56f90eaca3 in geode's branch
refs/heads/develop from mhansonp
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=9a6036b ]
Revert "GEODE-7157: SSLConfigurationFactory thread-safe"
This reverts commit 649acd2d5c8711e40c160fc64bb7b55afddc12f3.
> SSLConfigurationFactory and SSLConfig are NOT Thread-safe!
> ----------------------------------------------------------
>
> Key: GEODE-7157
> URL: https://issues.apache.org/jira/browse/GEODE-7157
> Project: Geode
> Issue Type: Bug
> Components: configuration, core, security
> Reporter: John Blum
> Assignee: Alberto Gomez
> Priority: Critical
> Labels: affects-spring
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> {{SSLConfig}} is a "_shared_" object (if you carefully analyze the
> {{SSLConfigurationFactory}} class) and needs to be Thread-safe!!
> {{SSLConfigurationFactory}} does NOT properly guard all access points to the
> (once again) "_shared_" {{registeredSSLConfig}} {{Map}} instance.
> Furthermore, this class also uses an non-Thread-safe {{Map}} implementation
> for {{registeredSSLConfig}}, i.e. {{HashMap}}, to "cache" {{SSLConfig}}
> objects, which is "safe" iff "_all_" access to this "shared"
> {{registeredSSLConfig}} {{Map}} instance is "{{synchronized}}", which it
> isn't (!!) ... e.g. {{SSLConfigurationFactory.close()}}, which subsequently
> calls {{clearSSLConfigForAllComponents()}}, which "_clears_" the
> {{registeredSSLConfig}} {{Map}}. Because it is not properly protected, it is
> possible to see stale state, especially between tests!!!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
