[jira] [Commented] (GEODE-8681) peer-to-peer message loss due to sending connection closing with TLS enabled

Fri, 06 Nov 2020 08:25:15 -0800 


    [ 
https://issues.apache.org/jira/browse/GEODE-8681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17227480#comment-17227480
 ] 

ASF subversion and git services commented on GEODE-8681:
--------------------------------------------------------

Commit 7f8f8827b6a00ab883c322775fe9e60f4826a057 in geode's branch 
refs/heads/support/1.12 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=7f8f882 ]

GEODE-8681: peer-to-peer message loss due to sending connection closing with 
TLS enabled (#5699)

A socket-read could pick up more than one message and a single unwrap()
could decrypt multiple messages.
Normally the engine isn't closed and it reports normal
status from an unwrap() operation, and Connection.processInputBuffer
picks up each message, one by one, from the buffer and dispatches them.
But if the SSLEngine is closed we were ignoring any already-decrypted
data sitting in the unwrapped buffer and instead we were throwing an 
SSLException.

(cherry picked from commit 7da8f9b516ac1e2525a1dfc922af7bfb8995f2c6)


> peer-to-peer message loss due to sending connection closing with TLS enabled
> ----------------------------------------------------------------------------
>
>                 Key: GEODE-8681
>                 URL: https://issues.apache.org/jira/browse/GEODE-8681
>             Project: Geode
>          Issue Type: Bug
>          Components: membership, messaging
>    Affects Versions: 1.10.0, 1.11.0, 1.12.0, 1.13.0
>            Reporter: Bruce J Schuchardt
>            Assignee: Bruce J Schuchardt
>            Priority: Major
>              Labels: pull-request-available, release-blocker
>
> We have observed message loss when TLS is enabled and a distributed lock is 
> released right after sending a message that doesn't require acknowledgement 
> if the sending socket is immediately closed. The closing of sockets 
> immediately after sending a message is frequently seen in function execution 
> threads or server-side application threads that use this pattern:
> {code:java}
>  try {
>     DistributedSystem.setThreadsSocketPolicy(false);
>     acquireDistributedLock(lockName);
>     (perform one or more cache operations)
>   } finally {
>     distLockService.unlock(lockName);
>     DistributedSystem.releaseThreadsSockets(); // closes the socket
>   }
> {code}
> The fault seems to be in NioSSLEngine.unwrap(), which throws an 
> SSLException() if it finds the SSLEngine is closed even though there is valid 
> data in its decrypt buffer.  It shouldn't throw an exception in that case.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to