client authentication with revoked cert results in server no response.
Trustin Lee
tlee at redhat.com
Wed Apr 8 02:14:06 EDT 2009
Hi Neio,
Great that you have found the cause of the problem. I have a couple
questions though.
How is the CPU consumption at the point of dead lock? Is it running
high, or is it just stuck at SSLEngine.unwrap()? If high, it means
SslHandler entered an infinite loop. If just blocked, it means
SSLEngine is not returning the control to SslHandler.
Thanks,
— Trustin Lee, http://gleamynode.net/
On Tue, Apr 7, 2009 at 9:05 AM, Neio <pinghuican at gmail.com> wrote:
>
> Hello Trustin,
>
> The sympton seems these worker thread might dead lock. (The 4 messages corresponds to 4 worker threads.)
> For some reason, all those workers are waiting some ssl handshake data from client, but the client already dropped the connection at that time.
>
> The thread dump (only show one worker thread):
> osgi> 2009-04-06 18:59:02
> Full thread dump Java HotSpot(TM) Client VM (11.0-b15 mixed mode):
>
> "New I/O server worker #1-4" prio=6 tid=0x0bd51400 nid=0x5230 runnable [0x2cb3e000..0x2cb3fb14]
> java.lang.Thread.State: RUNNABLE
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(Unknown Source)
> at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
> at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:654)
> - locked <0x036da6a8> (a java.lang.Object)
> at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:401)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:270)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.cleanup(FrameDecoder.java:320)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.channelDisconnected(FrameDecoder.java:220)
> at org.jboss.netty.handler.ssl.SslHandler.channelDisconnected(SslHandler.java:362)
> at org.jboss.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:137)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.handleUpstream(FrameDecoder.java:170)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:567)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:562)
> at org.jboss.netty.channel.Channels.fireChannelDisconnected(Channels.java:494)
> at org.jboss.netty.channel.socket.nio.NioWorker.close(NioWorker.java:509)
> at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink.handleAcceptedSocket(NioServerSocketPipelineSink.java:127)
> at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink.eventSunk(NioServerSocketPipelineSink.java:78)
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendDownstream(DefaultChannelPipe line.java:790)
> at org.jboss.netty.handler.ssl.SslHandler.closeOutboundAndChannel(SslHandler.java:776)
> at org.jboss.netty.handler.ssl.SslHandler.handleDownstream(SslHandler.java:314)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:590)
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendDownstream(DefaultChannelPipeline.java:795)
> at org.jboss.netty.channel.SimpleChannelHandler.disconnectRequested(SimpleChannelHandler.java:339)
> at org.jboss.netty.channel.SimpleChannelHandler.handleDownstream(SimpleChannelHandler.java:291)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:590)
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendDownstream(DefaultChannelPipeline.java:795)
> at org.jboss.netty.handler.codec.oneone.OneToOneEncoder.handleDownstream(OneToOneEncoder.java:66)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:590)
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendDownstream(DefaultChannelPipeline.java:795)
> at org.jboss.netty.channel.SimpleChannelHandler.disconnectRequested(SimpleChannelHandler.java:339)
> at org.jboss.netty.channel.SimpleChannelHandler.handleDownstream(SimpleChannelHandler.java:291)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:590)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:585)
> at org.jboss.netty.channel.Channels.disconnect(Channels.java:995)
> at org.jboss.netty.channel.AbstractChannel.disconnect(AbstractChannel.java:199)
> at com.acme.httpServer.HttpHandler.exceptionCaught(HttpHandler.java:207)
> at org.jboss.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:147)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:567)
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeli
> ne.java:802)
> at org.jboss.netty.handler.codec.replay.ReplayingDecoder.exceptionCaught(ReplayingDecoder.java:372)
> at org.jboss.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:147)
> at org.jboss.netty.handler.codec.replay.ReplayingDecoder.handleUpstream(ReplayingDecoder.java:317)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:567)
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeli
> ne.java:802)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.exceptionCaught(FrameDecoder.java:232)
> at org.jboss.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:147)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.handleUpstream(FrameDecoder.java:170)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:567)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:562)
> at org.jboss.netty.channel.Channels.fireExceptionCaught(Channels.java:605)
> at org.jboss.netty.channel.AbstractChannelSink.exceptionCaught(AbstractChannelSink.java:59)
> at org.jboss.netty.channel.DefaultChannelPipeline.notifyHandlerException(DefaultChannelPipeline.java:644)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:569)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:562)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:342)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:329)
> at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:296)
> at org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:251)
> at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:173)
> at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:72)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> at java.lang.Thread.run(Unknown Source)
>
>
>
>
> Hello Trustin,
>
> I am attaching a yourkit picture showing the blocked threads after I
> sent in 4 messages.
> You can see our code exceptionCaught(), and netty lib channel close(),
> and it stuck at the SSLEngineImpl code.
>
> I will see whether I can generate something else.
>
> On Fri, Apr 3, 2009 at 1:23 AM, Trustin Lee <tlee at redhat.com> wrote:
>
>> Did you find something useful in the full thread dump in client and
>> server? Your application might have been stuck somewhere. Please
>> post the full thread dump of the both side.
>>
>> If you don't think this is the case where the full thread dump reveals
>> the cause of the problem, please attach small test application that
>> reproduces the problem.
>>
>> Thanks,
>>
>> — Trustin Lee, http://gleamynode.net/
>>
>> _______________________________________________
>> netty-users mailing list
>> netty-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/netty-users
>>
>
>
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users
>
>
>
> --
> View this message in context: http://n2.nabble.com/client-authentication-with-revoked-cert-results-in-server-no-response.-tp2565884p2596253.html
> Sent from the Netty User Group mailing list archive at Nabble.com.
>
>
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users
>
More information about the netty-users
mailing list