Comments (6)
I don't recall ever using an InputStream, but as you can see here, Aleph doesn't do much with it by default.
It's interesting that they fail "in quick succession". Maybe there's some delayed init that's not triggered until needed, and then if two conns both try to setup the sslcontext/trust store, they end up racing on the InputStream, and one or both fail.
It looks like that happens on the client-side. It makes a new client context for each conn, which is necessary in case the context is actually just a map of options. And if you make a call slowly, the same conn will get reused, so it's not an issue there. But too fast, and it'll spawn multiple conns, corresponding multiple sslcontexts, and try to read from an exhausted stream or in the middle of an earlier conn.
Solution is to either (1) force the stream into another format ASAP, or (2) disallow streams.
from aleph.
@KingMob My reading of the code agrees with your analysis 👍 I'll come up with a test case to reproduce it.
It looks like that happens on the client-side. It makes a new client context for each conn, which is necessary in case the context is actually just a map of options
I think this might actually not be necessary: It should be possible to lift the construction of the context to the level of the pool instead which would solve this bug as well as reduce allocation. Will give this a try!
from aleph.
Yeah, even when SslContext construction is idempotent, why do it multiple times?
from aleph.
Yeah, even when SslContext construction is idempotent, why do it multiple times?
If these instances are not thread-safe, that could be a reason. But since they are immutable, I suppose they also should be thread safe. Furthermore, I think the netty SslContext instances are based on the JDK SslContext implementations and if these weren't thread-safe it would be a widespread common problem (even though I find it hard to find explicit documentation about this).
from aleph.
@bitti Good point. Though I've never really considered, should thread safety be implicit in the definition of "idempotent"? I assumed so, but we programmers are much looser about the definition than mathematicians.
from aleph.
@bitti Good point. Though I've never really considered, should thread safety be implicit in the definition of "idempotent"? I assumed so, but we programmers are much looser about the definition than mathematicians.
I think even in the mathematical sense, you can't 'define' it like that, since thread-unsafety implies undefined behavior. So no, neither idempotency nor immutability implies thread-safety.
But I think in this case we can safely assume the JDK/netty implementations are thread-safe since otherwise it would, it make it more difficult to share connections (at least that's what I gather from the SO discussions). I gather the reason why the JDK docs don't explicitly state this is because they can't make a guarantee for the millions of potential SslContext
implementations out there.
from aleph.
Related Issues (20)
- Add write backpressure by checking Channel writability
- Add support for aggregating all inbound data before calling server Ring handler HOT 2
- Default rejected-handler will leak buffers in raw stream HTTP servers HOT 1
- Overhaul docstring formatting for consistency HOT 2
- Hide application protocol config from users with `http-versions`
- Who uses Aleph? Add your name to this, we'd like to know HOT 4
- Reconsider `:aleph/`-namespaced keywords HOT 3
- io.netty.channel.AbstractChannelHandlerContext invokeExceptionCaught HOT 2
- 0.7.0-rc1 is crashing without brotli4j dependency #3530 HOT 2
- Treat de/compression asymmetrically in H2
- Track down potential idle-handler refcount testing leak HOT 11
- Question about single server process using both non-ssl and ssl HOT 3
- Support cancellation of HTTP requests HOT 2
- HTTP client connection pool timeout doesn't free up queue HOT 4
- Drop HTTP client connection pool's acquire queue HOT 1
- CVE-2024-29025 HOT 5
- No ssl-context via `SslContext` in Aleph 0.7.0 and later HOT 11
- Proxy functionality broken in Aleph 0.7.0 and later HOT 3
- Introduce less ambiguous option for disabling certificate verification? HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aleph.