Archived
This forum has been archived. Please start a new discussion on GitHub.
IceSSL in Java cause Ice Server out of service
There a bug in Java IceSSL, which can make a ssl server out of service.
In ssl mode, request should be serialized. But sometimes the thread will be blocked in Instance.java:
line 692: engine = _context.createSSLEngine(peerAddr.getHostName(), peerAddr.getPort());
And so next requests will be delayed or even timeouted. If many ssl connections come together, the ice server will keep timeout and out of service.
At the same time, another bug in AcceptorI.java make this bug hard to realized:
line 92: return new TransceiverI(_instance, engine, fd, "", true, true, _adapterName, null);
The last parameter is null, so an null pointer exception raised in TranscerverI.java:
line 59: assert(_connectAddr != null);
line 60: s.append(IceInternal.Network.addrToString(_connectAddr));
But the original LocalException will be dismissed.
I think these 2 bugs come from the same error in AcceptorI.java, start from line 77:
77: // java.net.InetSocketAddress peerAddr = (java.net.InetSocketAddress)fd.socket().getRemoteSocketAddress(); // this line should not be here;
78: // engine = _instance.createSSLEngine(true, peerAddr);
78: engine = _instance.createSSLEngine(true, null);
79: }
80: catch(RuntimeException ex)
81: {
82: IceInternal.Network.closeSocketNoThrow(fd);
83: throw ex;
84: }
85:
86: if(_instance.networkTraceLevel() >= 1)
87: {
88: _logger.trace(_instance.networkTraceCategory(), "accepting ssl connection\n" +
89: IceInternal.Network.fdToString(fd));
90: }
91:
91+: java.net.InetSocketAddress peerAddr = (java.net.InetSocketAddress)fd.socket().getRemoteSocketAddress(); // should be here.
92: // return new TransceiverI(_instance, engine, fd, "", true, true, _adapterName, null);
92: return new TransceiverI(_instance, engine, fd, "", true, true, _adapterName, peerAddr);
That will work ok.
In ssl mode, request should be serialized. But sometimes the thread will be blocked in Instance.java:
line 692: engine = _context.createSSLEngine(peerAddr.getHostName(), peerAddr.getPort());
And so next requests will be delayed or even timeouted. If many ssl connections come together, the ice server will keep timeout and out of service.
At the same time, another bug in AcceptorI.java make this bug hard to realized:
line 92: return new TransceiverI(_instance, engine, fd, "", true, true, _adapterName, null);
The last parameter is null, so an null pointer exception raised in TranscerverI.java:
line 59: assert(_connectAddr != null);
line 60: s.append(IceInternal.Network.addrToString(_connectAddr));
But the original LocalException will be dismissed.
I think these 2 bugs come from the same error in AcceptorI.java, start from line 77:
77: // java.net.InetSocketAddress peerAddr = (java.net.InetSocketAddress)fd.socket().getRemoteSocketAddress(); // this line should not be here;
78: // engine = _instance.createSSLEngine(true, peerAddr);
78: engine = _instance.createSSLEngine(true, null);
79: }
80: catch(RuntimeException ex)
81: {
82: IceInternal.Network.closeSocketNoThrow(fd);
83: throw ex;
84: }
85:
86: if(_instance.networkTraceLevel() >= 1)
87: {
88: _logger.trace(_instance.networkTraceCategory(), "accepting ssl connection\n" +
89: IceInternal.Network.fdToString(fd));
90: }
91:
91+: java.net.InetSocketAddress peerAddr = (java.net.InetSocketAddress)fd.socket().getRemoteSocketAddress(); // should be here.
92: // return new TransceiverI(_instance, engine, fd, "", true, true, _adapterName, null);
92: return new TransceiverI(_instance, engine, fd, "", true, true, _adapterName, peerAddr);
That will work ok.
0
Comments
-
Hi,
Welcome to the forum.
Please provide the versions of Ice, operating system, and Java that you are using.
The createSSLEngine method should never block. Do you have a stack trace that shows the thread hanging in this call?
Regards,
Mark0 -
I use Ice 3.4.2, Java 6 on Linux x64.
Maybe I didnot make myself clear. In this version, on server side, createSSLEngine will called with parameter (InetAddress)peerAddr.getHostName. Then the thread will "blocked" until the DNS return a result.
If DNS is far enough, the bug will activate easily. Otherwise it is a liittle hard to show up.
But the question is, peerAddr.getHostName should not be called here, and createSSLEngine should be called with zero parameters.Hi,
Welcome to the forum.
Please provide the versions of Ice, operating system, and Java that you are using.
The createSSLEngine method should never block. Do you have a stack trace that shows the thread hanging in this call?
Regards,
Mark0 -
Thanks for the clarification, we'll fix this in the next release.
Regards,
Mark0
