[jboss-jira] [JBoss JIRA] (WFCORE-997) Security realm using ldaps hangs forever during SSL handshake, when ldap server is killed
Darran Lofthouse (JIRA)
issues at jboss.org
Wed Oct 7 13:14:00 EDT 2015
[ https://issues.jboss.org/browse/WFCORE-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13116127#comment-13116127 ]
Darran Lofthouse commented on WFCORE-997:
-----------------------------------------
The fix within the pull request means that the standard LDAP properties can be used to specify the timeout establishing the connection to the LDAP server.
> Security realm using ldaps hangs forever during SSL handshake, when ldap server is killed
> -----------------------------------------------------------------------------------------
>
> Key: WFCORE-997
> URL: https://issues.jboss.org/browse/WFCORE-997
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 2.0.0.CR3
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Fix For: 2.0.0.CR7
>
> Attachments: DeadListener.java, SecurityRealmLDAPSHandshakeHangs.pcap, StackTraceConnectTimeoutInLDAPSConnection.txt, StackTraceFromThreadDump.txt
>
>
> During failover testing we hit the problem of stuck thread. When ldap server is killed in particular time of ssl handshake EAP hangs and waits forever on response, which will never come. Causing thread to block forever. Same problem can be seen in LdapLoginModule using ldaps without specifying com.sun.jndi.ldap.connect.timeout value.
> Possible solution is to add option to declare com.sun.jndi.ldap.connect.timeout for security realm and provide some default non-empty value, e.g. 15 seconds.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list