Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 4.3 Final, 4.3.1, 4.3.2, 4.3.3
-
Fix Version/s: 4.3.4
-
Component/s: HttpClient (classic)
-
Labels:None
-
Environment:All
Description
https calls ignore http.socket.timeout during SSL Handshake. This can result in a https call hanging forever waiting for socket read.
In both SSLSocketFactory and SSLConnectionSocketFactory, sslsock.startHandshake(); is called before socket timeout is set on the socket. This means timeout is not respected during the SSL handshake, and the thread can hang with a stacktrace that looks like this:
org.apache.http.impl.client.AbstractHttpClient.doExecute
org.apache.http.impl.client.DefaultRequestDirector.execute
org.apache.http.impl.client.DefaultRequestDirector.tryConnect
org.apache.http.impl.conn.ManagedClientConnectionImpl.open
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket
sun.security.ssl.SSLSocketImpl.startHandshake
sun.security.ssl.SSLSocketImpl.startHandshake
sun.security.ssl.SSLSocketImpl.performInitialHandshake
sun.security.ssl.SSLSocketImpl.readRecord
sun.security.ssl.InputRecord.read
sun.security.ssl.InputRecord.readV3Record
sun.security.ssl.InputRecord.readFully
java.net.SocketInputStream.read
java.net.SocketInputStream.socketRead0
Attachments
Issue Links
- is related to
-
DOXIA-576 Upgrade Http Components to 4.4.5
-
- Open
-