Hi there,
In netty we support using BlockHound[1] to detect if people do blocking
operations within the EventLoop and so notify them that this should not be
done. While running our integration tests with TLS1.3 we noticed that unwrap(…)
may trigger an FileInputStream.read(…) which in theory could block for a long
time. I was assuming that such an operation should only be done after
SSLEngine.* returns NEED_TASK and so be delegated to another ThreadPool via
getTask().
Now the question(s):
* Is my assumption incorrect ?
* If my assumption is correct should we fix this ?
Here is the stack trace when such a blocking call is detected:
reactor.blockhound.BlockingOperationError: Blocking call!
java.io.FileInputStream#readBytes
at java.base/java.io.FileInputStream.readBytes(FileInputStream.java)
at java.base/java.io.FileInputStream.read(FileInputStream.java:273)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:133)
at
java.base/sun.security.provider.NativePRNG$RandomIO.readFully(NativePRNG.java:424)
at
java.base/sun.security.provider.NativePRNG$RandomIO.ensureBufferValid(NativePRNG.java:526)
at
java.base/sun.security.provider.NativePRNG$RandomIO.implNextBytes(NativePRNG.java:545)
at
java.base/sun.security.provider.NativePRNG$NonBlocking.engineNextBytes(NativePRNG.java:318)
at java.base/java.security.SecureRandom.nextBytes(SecureRandom.java:741)
at java.base/sun.security.ssl.RandomCookie.<init>(RandomCookie.java:67)
at java.base/sun.security.ssl.SessionId.<init>(SessionId.java:45)
at
java.base/sun.security.ssl.NewSessionTicket$NewSessionTicketKickstartProducer.produce(NewSessionTicket.java:225)
at
java.base/sun.security.ssl.Finished$T13FinishedConsumer.onConsumeFinished(Finished.java:1100)
at
java.base/sun.security.ssl.Finished$T13FinishedConsumer.consume(Finished.java:867)
at
java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:418)
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at
java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at
java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at
java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at
java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:634)
at
io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1380)
at
io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1275)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1322)
[1] https://github.com/reactor/BlockHound
