Uploaded image for project: 'Maven Wagon'
  1. Maven Wagon
  2. WAGON-565

Do not skip retry on SSLException by default

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Not A Problem
    • Affects Version/s: 3.3.3
    • Fix Version/s: None
    • Component/s: wagon-http
    • Labels:
      None

      Description

      The SSL stack in Java will transform any transport error into an SSLException, so it is very bad to skip retries for this entire class of exceptions. Transport errors are probably the number one reason why retries are needed, so it defeats the purpose for any secure deployments using HTTPS.

      Caused by: javax.net.ssl.SSLProtocolException: Connection reset
      at sun.security.ssl.Alert.createSSLException (Alert.java:126)
      at sun.security.ssl.TransportContext.fatal (TransportContext.java:321)
      at sun.security.ssl.TransportContext.fatal (TransportContext.java:264)
      at sun.security.ssl.TransportContext.fatal (TransportContext.java:259)
      at sun.security.ssl.SSLSocketImpl.handleException (SSLSocketImpl.java:1314)
      at sun.security.ssl.SSLSocketImpl$AppInputStream.read (SSLSocketImpl.java:839)
      at org.apache.maven.wagon.providers.http.httpclient.impl.io.SessionInputBufferImpl.streamRead (SessionInputBufferImpl.java:137)
      at org.apache.maven.wagon.providers.http.httpclient.impl.io.SessionInputBufferImpl.fillBuffer (SessionInputBufferImpl.java:153)
      at org.apache.maven.wagon.providers.http.httpclient.impl.io.SessionInputBufferImpl.readLine (SessionInputBufferImpl.java:280)
      at org.apache.maven.wagon.providers.http.httpclient.impl.conn.DefaultHttpResponseParser.parseHead (DefaultHttpResponseParser.java:138)
      at org.apache.maven.wagon.providers.http.httpclient.impl.conn.DefaultHttpResponseParser.parseHead (DefaultHttpResponseParser.java:56)
      at org.apache.maven.wagon.providers.http.httpclient.impl.io.AbstractMessageParser.parse (AbstractMessageParser.java:259)
      at org.apache.maven.wagon.providers.http.httpclient.impl.DefaultBHttpClientConnection.receiveResponseHeader (DefaultBHttpClientConnection.java:163)
      at org.apache.maven.wagon.providers.http.httpclient.impl.conn.CPoolProxy.receiveResponseHeader (CPoolProxy.java:157)
      at org.apache.maven.wagon.providers.http.httpclient.protocol.HttpRequestExecutor.doReceiveResponse (HttpRequestExecutor.java:273)
      at org.apache.maven.wagon.providers.http.httpclient.protocol.HttpRequestExecutor.execute (HttpRequestExecutor.java:125)
      at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec.execute (MainClientExec.java:272)
      at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.ProtocolExec.execute (ProtocolExec.java:185)
      at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.RetryExec.execute (RetryExec.java:89)
      at org.apache.maven.wagon.providers.http.httpclient.impl.execchain.RedirectExec.execute (RedirectExec.java:110)
      at org.apache.maven.wagon.providers.http.httpclient.impl.client.InternalHttpClient.doExecute (InternalHttpClient.java:185)
      at org.apache.maven.wagon.providers.http.httpclient.impl.client.CloseableHttpClient.execute (CloseableHttpClient.java:83)
      at org.apache.maven.wagon.providers.http.wagon.shared.AbstractHttpClientWagon.execute (AbstractHttpClientWagon.java:958)
      at org.apache.maven.wagon.providers.http.wagon.shared.AbstractHttpClientWagon.fillInputData (AbstractHttpClientWagon.java:1117)
      at org.apache.maven.wagon.providers.http.wagon.shared.AbstractHttpClientWagon.fillInputData (AbstractHttpClientWagon.java:1094)
      at org.apache.maven.wagon.StreamWagon.getInputStream (StreamWagon.java:126)
      at org.apache.maven.wagon.StreamWagon.getIfNewer (StreamWagon.java:88)
      at org.apache.maven.wagon.StreamWagon.get (StreamWagon.java:61)
      

      I realise this is the default of the HTTP client, but changing that library is just too wide of a change in a patch, but for the maven wagon it sounds quite safe and should help many people which experience this in their deployments. The alternative is that everyone using HTTPS has to track down this issue and tweak their configs.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              rymdkapsel Martin Furmanski
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 3h
                3h
                Remaining:
                Remaining Estimate - 3h
                3h
                Logged:
                Time Spent - Not Specified
                Not Specified