[
https://issues.apache.org/jira/browse/GEODE-8681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227105#comment-17227105
]
ASF GitHub Bot commented on GEODE-8681:
---------------------------------------
echobravopapa opened a new pull request #5714:
URL: https://github.com/apache/geode/pull/5714
…ng with TLS enabled (#5699)
A socket-read could pick up more than one message and a single unwrap()
could decrypt multiple messages.
Normally the engine isn't closed and it reports normal
status from an unwrap() operation, and Connection.processInputBuffer
picks up each message, one by one, from the buffer and dispatches them.
But if the SSLEngine is closed we were ignoring any already-decrypted
data sitting in the unwrapped buffer and instead we were throwing an
SSLException.
(cherry picked from commit 7da8f9b516ac1e2525a1dfc922af7bfb8995f2c6)
Thank you for submitting a contribution to Apache Geode.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced in
the commit message?
- [ ] Has your PR been rebased against the latest commit within the target
branch (typically `develop`)?
- [ ] Is your initial contribution a single, squashed commit?
- [ ] Does `gradlew build` run cleanly?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
### Note:
Please ensure that once the PR is submitted, check Concourse for build
issues and
submit an update to your PR as soon as possible. If you need help, please
send an
email to d...@geode.apache.org.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> peer-to-peer message loss due to sending connection closing with TLS enabled
> ----------------------------------------------------------------------------
>
> Key: GEODE-8681
> URL: https://issues.apache.org/jira/browse/GEODE-8681
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
> Affects Versions: 1.10.0, 1.11.0, 1.12.0, 1.13.0
> Reporter: Bruce J Schuchardt
> Assignee: Bruce J Schuchardt
> Priority: Major
> Labels: pull-request-available, release-blocker
>
> We have observed message loss when TLS is enabled and a distributed lock is
> released right after sending a message that doesn't require acknowledgement
> if the sending socket is immediately closed. The closing of sockets
> immediately after sending a message is frequently seen in function execution
> threads or server-side application threads that use this pattern:
> {code:java}
> try {
> DistributedSystem.setThreadsSocketPolicy(false);
> acquireDistributedLock(lockName);
> (perform one or more cache operations)
> } finally {
> distLockService.unlock(lockName);
> DistributedSystem.releaseThreadsSockets(); // closes the socket
> }
> {code}
> The fault seems to be in NioSSLEngine.unwrap(), which throws an
> SSLException() if it finds the SSLEngine is closed even though there is valid
> data in its decrypt buffer. It shouldn't throw an exception in that case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
