[ https://issues.apache.org/jira/browse/PROTON-1003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pavel Moravec reopened PROTON-1003: ----------------------------------- Reopening both PROTON-1000 and PROTON-1003: at least backport to 0.9 does not fix it. Reproducer: {code} #!/usr/bin/python from time import sleep from uuid import uuid4 from proton import ConnectionException, Timeout from proton import SSLDomain, SSLException #from proton import Message from proton.utils import BlockingConnection import random import threading ROUTER_ADDRESS = "amqps://dispatch-router:5671" ADDRESS = "some_destination" HEARTBEAT = 2 TIMEOUT = 3 class ReceiverThread(threading.Thread): def __init__(self,domain=None): super(ReceiverThread, self).__init__() self.domain=domain self.running = True def connect(self): self.conn = BlockingConnection(ROUTER_ADDRESS, ssl_domain=self.domain, heartbeat=HEARTBEAT) self.recv = self.conn.create_receiver(ADDRESS, name=str(uuid4()), dynamic=False, options=None) def run(self): while self.running: self.connect() while self.running: try: msg = self.recv.receive(TIMEOUT) if (msg): print "message received: %s" % msg self.recv.accept() except: print "receiver failed to accept msg, reconnecting.." try: self.conn.close() # underlying TCP connection never gone except: print "receiver thread: failed to close connection" pass self.connect() def stop(self): self.running = False ca_certificate='/etc/rhsm/ca/katello-default-ca.pem' client_certificate='/etc/pki/consumer/bundle.pem' client_key=None domain = SSLDomain(SSLDomain.MODE_CLIENT) domain.set_trusted_ca_db(ca_certificate) domain.set_credentials( client_certificate, client_key or client_certificate, None) domain.set_peer_authentication(SSLDomain.VERIFY_PEER) rcv_thread = ReceiverThread(domain) rcv_thread.start() _in = raw_input("Press Enter to exit:") rcv_thread.stop() rcv_thread.join() {code} With SSL enabled (like above), there is an ESTABLISHED connection leak - `one per `receiver failed to accept msg, reconnecting` log - `self.conn.close()` has apparently no impact. With SSL disabled (just set `ssl_domain=None`), there is a CLOSE_WAIT connection leak - again once per `receiver failed to accept msg, reconnecting` log. > ssl transport layer does not define an error handler > ---------------------------------------------------- > > Key: PROTON-1003 > URL: https://issues.apache.org/jira/browse/PROTON-1003 > Project: Qpid Proton > Issue Type: Bug > Components: proton-c > Affects Versions: 0.10 > Reporter: Gordon Sim > Assignee: Ken Giusti > > When the local process times out an ssl based connection due to lack of > heartbeats from its peer, the underlying socket is never closed. The cause of > this appears to be that the ssl transport layer doesn't define an error > handler, which is what is used to notify it of the locally initiated timeout. -- This message was sent by Atlassian JIRA (v6.3.4#6332)