[
https://issues.apache.org/jira/browse/PROTON-1003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pavel Moravec reopened PROTON-1003:
-----------------------------------
Reopening both PROTON-1000 and PROTON-1003: at least backport to 0.9 does not
fix it. Reproducer:
{code}
#!/usr/bin/python
from time import sleep
from uuid import uuid4
from proton import ConnectionException, Timeout
from proton import SSLDomain, SSLException
#from proton import Message
from proton.utils import BlockingConnection
import random
import threading
ROUTER_ADDRESS = "amqps://dispatch-router:5671"
ADDRESS = "some_destination"
HEARTBEAT = 2
TIMEOUT = 3
class ReceiverThread(threading.Thread):
def __init__(self,domain=None):
super(ReceiverThread, self).__init__()
self.domain=domain
self.running = True
def connect(self):
self.conn = BlockingConnection(ROUTER_ADDRESS, ssl_domain=self.domain,
heartbeat=HEARTBEAT)
self.recv = self.conn.create_receiver(ADDRESS, name=str(uuid4()),
dynamic=False, options=None)
def run(self):
while self.running:
self.connect()
while self.running:
try:
msg = self.recv.receive(TIMEOUT)
if (msg):
print "message received: %s" % msg
self.recv.accept()
except:
print "receiver failed to accept msg, reconnecting.."
try:
self.conn.close() # underlying TCP connection never gone
except:
print "receiver thread: failed to close connection"
pass
self.connect()
def stop(self):
self.running = False
ca_certificate='/etc/rhsm/ca/katello-default-ca.pem'
client_certificate='/etc/pki/consumer/bundle.pem'
client_key=None
domain = SSLDomain(SSLDomain.MODE_CLIENT)
domain.set_trusted_ca_db(ca_certificate)
domain.set_credentials(
client_certificate,
client_key or client_certificate, None)
domain.set_peer_authentication(SSLDomain.VERIFY_PEER)
rcv_thread = ReceiverThread(domain)
rcv_thread.start()
_in = raw_input("Press Enter to exit:")
rcv_thread.stop()
rcv_thread.join()
{code}
With SSL enabled (like above), there is an ESTABLISHED connection leak - `one
per `receiver failed to accept msg, reconnecting` log - `self.conn.close()` has
apparently no impact.
With SSL disabled (just set `ssl_domain=None`), there is a CLOSE_WAIT
connection leak - again once per `receiver failed to accept msg, reconnecting`
log.
> ssl transport layer does not define an error handler
> ----------------------------------------------------
>
> Key: PROTON-1003
> URL: https://issues.apache.org/jira/browse/PROTON-1003
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Affects Versions: 0.10
> Reporter: Gordon Sim
> Assignee: Ken Giusti
>
> When the local process times out an ssl based connection due to lack of
> heartbeats from its peer, the underlying socket is never closed. The cause of
> this appears to be that the ssl transport layer doesn't define an error
> handler, which is what is used to notify it of the locally initiated timeout.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
