[jira] [Closed] (WAGON-565) Do not skip retry on SSLException by default

Tue, 22 Oct 2019 07:29:32 -0700 


     [ 
https://issues.apache.org/jira/browse/WAGON-565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Osipov closed WAGON-565.
--------------------------------
    Fix Version/s:     (was: waiting-for-feedback)
       Resolution: Not A Problem

This has been fixed in Java 11+ now. No more wrapping.

> Do not skip retry on SSLException by default
> --------------------------------------------
>
>                 Key: WAGON-565
>                 URL: https://issues.apache.org/jira/browse/WAGON-565
>             Project: Maven Wagon
>          Issue Type: Bug
>          Components: wagon-http
>    Affects Versions: 3.3.3
>            Reporter: Martin Furmanski
>            Priority: Minor
>   Original Estimate: 3h
>  Remaining Estimate: 3h
>
> The SSL stack in Java will transform any transport error into an 
> SSLException, so it is very bad to skip retries for this entire class of 
> exceptions. Transport errors are probably the number one reason why retries 
> are needed, so it defeats the purpose for any secure deployments using HTTPS.
> {code:java}
> Caused by: javax.net.ssl.SSLProtocolException: Connection reset
> at sun.security.ssl.Alert.createSSLException (Alert.java:126)
> at sun.security.ssl.TransportContext.fatal (TransportContext.java:321)
> at sun.security.ssl.TransportContext.fatal (TransportContext.java:264)
> at sun.security.ssl.TransportContext.fatal (TransportContext.java:259)
> at sun.security.ssl.SSLSocketImpl.handleException (SSLSocketImpl.java:1314)
> at sun.security.ssl.SSLSocketImpl$AppInputStream.read (SSLSocketImpl.java:839)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.io.SessionInputBufferImpl.streamRead
>  (SessionInputBufferImpl.java:137)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.io.SessionInputBufferImpl.fillBuffer
>  (SessionInputBufferImpl.java:153)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.io.SessionInputBufferImpl.readLine
>  (SessionInputBufferImpl.java:280)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.conn.DefaultHttpResponseParser.parseHead
>  (DefaultHttpResponseParser.java:138)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.conn.DefaultHttpResponseParser.parseHead
>  (DefaultHttpResponseParser.java:56)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.io.AbstractMessageParser.parse
>  (AbstractMessageParser.java:259)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.DefaultBHttpClientConnection.receiveResponseHeader
>  (DefaultBHttpClientConnection.java:163)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.conn.CPoolProxy.receiveResponseHeader
>  (CPoolProxy.java:157)
> at 
> org.apache.maven.wagon.providers.http.httpclient.protocol.HttpRequestExecutor.doReceiveResponse
>  (HttpRequestExecutor.java:273)
> at 
> org.apache.maven.wagon.providers.http.httpclient.protocol.HttpRequestExecutor.execute
>  (HttpRequestExecutor.java:125)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec.execute
>  (MainClientExec.java:272)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.execchain.ProtocolExec.execute
>  (ProtocolExec.java:185)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.execchain.RetryExec.execute
>  (RetryExec.java:89)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.execchain.RedirectExec.execute
>  (RedirectExec.java:110)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.client.InternalHttpClient.doExecute
>  (InternalHttpClient.java:185)
> at 
> org.apache.maven.wagon.providers.http.httpclient.impl.client.CloseableHttpClient.execute
>  (CloseableHttpClient.java:83)
> at 
> org.apache.maven.wagon.providers.http.wagon.shared.AbstractHttpClientWagon.execute
>  (AbstractHttpClientWagon.java:958)
> at 
> org.apache.maven.wagon.providers.http.wagon.shared.AbstractHttpClientWagon.fillInputData
>  (AbstractHttpClientWagon.java:1117)
> at 
> org.apache.maven.wagon.providers.http.wagon.shared.AbstractHttpClientWagon.fillInputData
>  (AbstractHttpClientWagon.java:1094)
> at org.apache.maven.wagon.StreamWagon.getInputStream (StreamWagon.java:126)
> at org.apache.maven.wagon.StreamWagon.getIfNewer (StreamWagon.java:88)
> at org.apache.maven.wagon.StreamWagon.get (StreamWagon.java:61)
> {code}
> I realise this is the default of the HTTP client, but changing that library 
> is just too wide of a change in a patch, but for the maven wagon it sounds 
> quite safe and should help many people which experience this in their 
> deployments. The alternative is that everyone using HTTPS has to track down 
> this issue and tweak their configs.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to