kay-owolabi opened a new issue, #12100: URL: https://github.com/apache/pinot/issues/12100
## Overview This pull request introduces necessary changes to the `SSLContextHolder` and `TlsUtils` classes to address a memory leak issue in long-running JDBC clients. The memory leak is traced back to the static management of `SSL_CONTEXT`, which, while providing thread safety and initialization guarantees, does not account for scenarios involving SSL certificate rotation in long-running applications. ## Root Cause - The `SSLContextHolder` class holds a static reference to `SSL_CONTEXT`, which is set via `TlsUtils#SSL_CONTEXT_REF`. - This design ensures thread safety and at most once initialization, but it becomes problematic during SSL certificate rotations, particularly in long-running JDBC clients, leading to memory leaks. ## Proposed Solution - **Dynamic SSL Context Management**: Implement a mechanism to allow controlled updates to the `SSL_CONTEXT` reference in a thread-safe manner, especially after certificate rotations. - **Memory Leak Mitigation**: By enabling controlled updates, the solution aims to resolve the memory leak issues associated with the static SSL context in long-running connections. ## Benefits - **Resolves Memory Leaks**: Directly addresses the memory leak issues in long-running JDBC clients following SSL certificate rotations. - **Maintains Original Design Benefits**: Preserves the thread safety, initialization guarantees, and performance optimizations of the original design. - **Adaptability to Certificate Rotation**: Adds the ability to adapt to certificate rotations, enhancing operational stability in long-running applications. ## Related Issue Maybe: https://github.com/AsyncHttpClient/async-http-client/issues/1658 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
