Re: Sending http request to https endpoint logs SEVERE in tomcat 9.0.24

Thu, 29 Aug 2019 02:14:29 -0700 

On Thu, Aug 29, 2019 at 11:02 AM Mark Thomas <ma...@apache.org> wrote:

> On August 29, 2019 8:21:05 AM UTC, Senthalan Kanagalingam
> <sentha...@wso2.com.INVALID> wrote:
> >Hi all,
> >
> >When sending an http request to https endpoint logs the following
> >SEVERE in
> >tomcat 9.0.24,
> >
> >29-Aug-2019 13:34:40.088 SEVERE [https-jsse-nio-8443-exec-10]
> >org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error
> >reading
> >request, ignored
> >java.lang.NullPointerException
> >at
> >org.apache.tomcat.util.net
> .NioEndpoint$NioSocketWrapper.getSslSupport(NioEndpoint.java:1392)
> >at
>
> >org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
> >at
> >org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1593)
> >at
> >org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
> >at
>
> >java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >at
>
> >java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >at org.apache.tomcat.util.threads.TaskThre
> >
> >Here is my connector configuration,
> >    <Connector port="8443"
> >protocol="org.apache.coyote.http11.Http11NioProtocol"
> >               maxThreads="150" SSLEnabled="true">
> >        <SSLHostConfig>
> >            <Certificate certificateKeystoreFile="conf/wso2carbon.jks"
> >certificateKeystorePassword="wso2carbon"
> >                         type="RSA" />
> >        </SSLHostConfig>
> >    </Connector>
> >
> >When analysing the tomcats code, I have figured out this occurred after
> >an
> >improvement done to "Include failed TLS handshakes in the access
> >log"[1].
> >But I could able to find out which causes the SSL engine to be null.
> >
> >Is something wrong with my setup? if not can we fix this SEVERE level
> >log
> >as someone can flood our logs by sending the HTTP request to the
> >endpoints?
> >
> >[1] -
> >
> https://github.com/apache/tomcat/commit/acf6076d7118571ebc881984b96792f861b72bb2
> >
> >Thanks and regards,
> >Senthalan
>
> That will be a bug. Almost certainly my fault. Sorry. Please open a
> bugzilla issue and it will get fixed for the next release.
>

I can confirm the issue (also for NIO2). APR works as intended.
Conceptually I find it weird to process a socket that it concurrently
closed:
                 } else if (handshake == -1 ) {
+                    getHandler().process(socketWrapper,
SocketEvent.CONNECT_FAIL);
                     socketWrapper.close();
                 }

Rémy

Reply via email to