Author: remy.maucherat(a)jboss.com
Date: 2012-12-06 13:21:07 -0500 (Thu, 06 Dec 2012)
New Revision: 2135
Modified:
branches/7.0.x/java/org/apache/tomcat/util/net/AprEndpoint.java
branches/7.0.x/java/org/apache/tomcat/util/net/JIoEndpoint.java
branches/7.0.x/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
branches/7.2.x/src/main/java/org/apache/tomcat/util/net/AbstractEndpoint.java
branches/7.2.x/src/main/java/org/apache/tomcat/util/net/AprEndpoint.java
branches/7.2.x/src/main/java/org/apache/tomcat/util/net/JIoEndpoint.java
branches/7.2.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
branches/7.2.x/src/main/java/org/jboss/web/CoyoteMessages.java
branches/7.2.x/webapps/docs/changelog.xml
Log:
- Tweak unlock accept with a timeout.
- Port patch: fix java.io handshake with Java 7.
Modified: branches/7.0.x/java/org/apache/tomcat/util/net/AprEndpoint.java
===================================================================
--- branches/7.0.x/java/org/apache/tomcat/util/net/AprEndpoint.java 2012-11-27 12:53:37
UTC (rev 2134)
+++ branches/7.0.x/java/org/apache/tomcat/util/net/AprEndpoint.java 2012-12-06 18:21:07
UTC (rev 2135)
@@ -23,6 +23,7 @@
package
org.apache.tomcat.util.net;
import java.net.InetAddress;
+import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.concurrent.Executor;
@@ -799,19 +800,21 @@
*/
protected void unlockAccept() {
java.net.Socket s = null;
+ InetSocketAddress saddr = null;
try {
// Need to create a connection to unlock the accept();
if (address == null) {
- s = new java.net.Socket("localhost", port);
+ saddr = new InetSocketAddress("localhost", port);
} else {
- s = new java.net.Socket(address, port);
- // setting soLinger to a small value will help shutdown the
- // connection quicker
- s.setSoLinger(true, 0);
+ saddr = new InetSocketAddress(address, port);
}
+ s = new java.net.Socket();
+ s.setSoLinger(true, 0);
+ s.connect(saddr, 2000);
// If deferAccept is enabled, send at least one byte
if (deferAccept) {
s.getOutputStream().write(" ".getBytes());
+ s.getOutputStream().flush();
}
} catch (Exception e) {
// Ignore
Modified: branches/7.0.x/java/org/apache/tomcat/util/net/JIoEndpoint.java
===================================================================
--- branches/7.0.x/java/org/apache/tomcat/util/net/JIoEndpoint.java 2012-11-27 12:53:37
UTC (rev 2134)
+++ branches/7.0.x/java/org/apache/tomcat/util/net/JIoEndpoint.java 2012-12-06 18:21:07
UTC (rev 2135)
@@ -26,6 +26,7 @@
import java.net.BindException;
import java.net.Inet6Address;
import java.net.InetAddress;
+import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.concurrent.Executor;
@@ -1072,21 +1073,20 @@
* Unlock the accept by using a local connection.
*/
protected void unlockAccept() {
- Socket s = null;
+ java.net.Socket s = null;
+ InetSocketAddress saddr = null;
try {
// Need to create a connection to unlock the accept();
if (address == null) {
- s = new Socket("localhost", port);
+ saddr = new InetSocketAddress("localhost", port);
} else {
- s = new Socket(address, port);
- // setting soLinger to a small value will help shutdown the
- // connection quicker
- s.setSoLinger(true, 0);
+ saddr = new InetSocketAddress(address, port);
}
+ s = new java.net.Socket();
+ s.setSoLinger(true, 0);
+ s.connect(saddr, 2000);
} catch (Exception e) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("endpoint.debug.unlock", "" +
port), e);
- }
+ // Ignore
} finally {
if (s != null) {
try {
Modified: branches/7.0.x/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
===================================================================
--- branches/7.0.x/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2012-11-27
12:53:37 UTC (rev 2134)
+++ branches/7.0.x/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2012-12-06
18:21:07 UTC (rev 2135)
@@ -161,7 +161,7 @@
InputStream in = ssl.getInputStream();
int oldTimeout = ssl.getSoTimeout();
ssl.setSoTimeout(1000);
- byte[] b = new byte[0];
+ byte[] b = new byte[1];
listener.reset();
ssl.startHandshake();
int maxTries = 60; // 60 * 1000 = example 1 minute time out
@@ -169,7 +169,13 @@
if(log.isTraceEnabled())
log.trace("Reading for try #" +i);
try {
- int x = in.read(b);
+ int read = in.read(b);
+ if (read > 0) {
+ // Shouldn't happen as all input should have been swallowed
+ // before trying to do the handshake. If it does, something
+ // went wrong so lets bomb out now.
+ throw new SSLException("Unecpected data during
handshake");
+ }
} catch(SSLException sslex) {
log.info("SSL Error getting client Certs",sslex);
throw sslex;
Modified: branches/7.2.x/src/main/java/org/apache/tomcat/util/net/AbstractEndpoint.java
===================================================================
---
branches/7.2.x/src/main/java/org/apache/tomcat/util/net/AbstractEndpoint.java 2012-11-27
12:53:37 UTC (rev 2134)
+++
branches/7.2.x/src/main/java/org/apache/tomcat/util/net/AbstractEndpoint.java 2012-12-06
18:21:07 UTC (rev 2135)
@@ -19,6 +19,7 @@
package
org.apache.tomcat.util.net;
import java.net.InetAddress;
+import java.net.InetSocketAddress;
import java.util.concurrent.Executor;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.atomic.AtomicInteger;
@@ -286,16 +287,17 @@
*/
protected void unlockAccept() {
java.net.Socket s = null;
+ InetSocketAddress saddr = null;
try {
- // Need to create a connection to unlock the accept();
- if (address == null) {
- s = new java.net.Socket("localhost", port);
- } else {
- s = new java.net.Socket(address, port);
- // setting soLinger to a small value will help shutdown the
- // connection quicker
- s.setSoLinger(true, 0);
- }
+ // Need to create a connection to unlock the accept();
+ if (address == null) {
+ saddr = new InetSocketAddress("localhost", port);
+ } else {
+ saddr = new InetSocketAddress(address, port);
+ }
+ s = new java.net.Socket();
+ s.setSoLinger(true, 0);
+ s.connect(saddr, 2000);
// If deferAccept is enabled, send at least one byte
if (deferAccept) {
s.getOutputStream().write(" ".getBytes());
Modified: branches/7.2.x/src/main/java/org/apache/tomcat/util/net/AprEndpoint.java
===================================================================
--- branches/7.2.x/src/main/java/org/apache/tomcat/util/net/AprEndpoint.java 2012-11-27
12:53:37 UTC (rev 2134)
+++ branches/7.2.x/src/main/java/org/apache/tomcat/util/net/AprEndpoint.java 2012-12-06
18:21:07 UTC (rev 2135)
@@ -21,6 +21,7 @@
import static org.jboss.web.CoyoteMessages.MESSAGES;
import java.net.InetAddress;
+import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.concurrent.Executor;
@@ -782,24 +783,23 @@
}
- /**
- * Unlock the server socket accept using a bogus connection.
- */
protected void unlockAccept() {
java.net.Socket s = null;
+ InetSocketAddress saddr = null;
try {
// Need to create a connection to unlock the accept();
if (address == null) {
- s = new java.net.Socket("localhost", port);
+ saddr = new InetSocketAddress("localhost", port);
} else {
- s = new java.net.Socket(address, port);
- // setting soLinger to a small value will help shutdown the
- // connection quicker
- s.setSoLinger(true, 0);
+ saddr = new InetSocketAddress(address, port);
}
+ s = new java.net.Socket();
+ s.setSoLinger(true, 0);
+ s.connect(saddr, 2000);
// If deferAccept is enabled, send at least one byte
if (deferAccept) {
s.getOutputStream().write(" ".getBytes());
+ s.getOutputStream().flush();
}
} catch (Exception e) {
// Ignore
Modified: branches/7.2.x/src/main/java/org/apache/tomcat/util/net/JIoEndpoint.java
===================================================================
--- branches/7.2.x/src/main/java/org/apache/tomcat/util/net/JIoEndpoint.java 2012-11-27
12:53:37 UTC (rev 2134)
+++ branches/7.2.x/src/main/java/org/apache/tomcat/util/net/JIoEndpoint.java 2012-12-06
18:21:07 UTC (rev 2135)
@@ -22,6 +22,7 @@
import java.net.BindException;
import java.net.Inet6Address;
import java.net.InetAddress;
+import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.concurrent.Executor;
@@ -1056,21 +1057,19 @@
}
- /**
- * Unlock the accept by using a local connection.
- */
protected void unlockAccept() {
- Socket s = null;
+ java.net.Socket s = null;
+ InetSocketAddress saddr = null;
try {
// Need to create a connection to unlock the accept();
if (address == null) {
- s = new Socket("localhost", port);
+ saddr = new InetSocketAddress("localhost", port);
} else {
- s = new Socket(address, port);
- // setting soLinger to a small value will help shutdown the
- // connection quicker
- s.setSoLinger(true, 0);
+ saddr = new InetSocketAddress(address, port);
}
+ s = new java.net.Socket();
+ s.setSoLinger(true, 0);
+ s.connect(saddr, 2000);
} catch (Exception e) {
// Ignore
} finally {
Modified: branches/7.2.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
===================================================================
---
branches/7.2.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2012-11-27
12:53:37 UTC (rev 2134)
+++
branches/7.2.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2012-12-06
18:21:07 UTC (rev 2135)
@@ -161,15 +161,19 @@
InputStream in = ssl.getInputStream();
int oldTimeout = ssl.getSoTimeout();
ssl.setSoTimeout(1000);
- byte[] b = new byte[0];
+ byte[] b = new byte[1];
listener.reset();
ssl.startHandshake();
int maxTries = 60; // 60 * 1000 = example 1 minute time out
for (int i = 0; i < maxTries; i++) {
- if(CoyoteLogger.UTIL_LOGGER.isTraceEnabled())
- CoyoteLogger.UTIL_LOGGER.trace("Reading for try #" +i);
try {
- int x = in.read(b);
+ int read = in.read(b);
+ if (read > 0) {
+ // Shouldn't happen as all input should have been swallowed
+ // before trying to do the handshake. If it does, something
+ // went wrong so lets bomb out now.
+ throw new SSLException(MESSAGES.sslHandshakeData());
+ }
} catch(SSLException sslex) {
CoyoteLogger.UTIL_LOGGER.trace("SSL Error getting client
Certs",sslex);
throw sslex;
Modified: branches/7.2.x/src/main/java/org/jboss/web/CoyoteMessages.java
===================================================================
--- branches/7.2.x/src/main/java/org/jboss/web/CoyoteMessages.java 2012-11-27 12:53:37 UTC
(rev 2134)
+++ branches/7.2.x/src/main/java/org/jboss/web/CoyoteMessages.java 2012-12-06 18:21:07 UTC
(rev 2135)
@@ -274,4 +274,7 @@
@Message(id = 2078, value = "No context found: %s")
IllegalStateException mapperContextNotFound(String contextPath);
+ @Message(id = 2079, value = "Unexpected data read during handshake")
+ String sslHandshakeData();
+
}
Modified: branches/7.2.x/webapps/docs/changelog.xml
===================================================================
--- branches/7.2.x/webapps/docs/changelog.xml 2012-11-27 12:53:37 UTC (rev 2134)
+++ branches/7.2.x/webapps/docs/changelog.xml 2012-12-06 18:21:07 UTC (rev 2135)
@@ -32,6 +32,12 @@
<fix>
Fix NIO2 client certificate renegociation. (remm)
</fix>
+ <fix>
+ Fix java.io client certificate renegociation on Java 7. (markt)
+ </fix>
+ <fix>
+ Add short unlock accept timeout. (markt)
+ </fix>
</changelog>
</subsection>
</section>