JDK-8215102 (Follow-up)
Dennis Gesker
dennis at gesker.com
Tue Jan 22 14:22:52 UTC 2019
Thank you for the test exception, Jaikiran! I just got to the office and
was about to do the same thing.
I didn't think It was a WildFly issue. WildFly was just where I first
noticed the warning.
Again, thank you, Sir.
--drg
On Tue, Jan 22, 2019 at 5:44 AM Jaikiran Pai <jai.forums2013 at gmail.com>
wrote:
> FWIW - I don't think this is related to WildFly server. So I decided to
> try and reproduce this in a trivial standalone program and I was able to
> reproduce this. Here's the code to reproduce this issue:
>
>
> import java.sql.*;
>
> public class ConnectionCloseTest {
>
> public static void main(final String[] args) throws Exception {
> final String url = "jdbc:mysql://localhost/?requireSSL=true";
> final String user = "youruser"; // set the right user
> final String pass = "yourpassword"; // set the right password
> Class.forName("com.mysql.jdbc.Driver");
> final Connection conn = DriverManager.getConnection(url, user,
> pass);
> System.out.println("Got connection");
> conn.close();
> System.out.println("Closed connection");
> }
>
> }
>
> It's important to start the MySQL server with ssl enabled. For that I just
> had to set:
>
> [mysqld]
> ssl=1
>
> in my MySQL server configuration. On the client side you will need the
> mysql JDBC driver jar in the classpath. The one I used for this test was
> mysql-connector-java-5.1.43.jar.
>
> Running this with Java 8 doesn't throw any exceptions or WARN logs.
> However, running it against Java 11 and even Java 12 latest EA build,
> throws an exception, which gets logged as a WARN by the driver (and things
> move on) on connection close:
>
>
> WARN: Caught while disconnecting...
>
> EXCEPTION STACK TRACE:
>
>
>
> ** BEGIN NESTED EXCEPTION **
>
> javax.net.ssl.SSLException
> MESSAGE: closing inbound before receiving peer's close_notify
>
> STACKTRACE:
>
> javax.net.ssl.SSLException: closing inbound before receiving peer's
> close_notify
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:254)
> at
> java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:650)
> at
> java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:629)
> at com.mysql.jdbc.MysqlIO.quit(MysqlIO.java:2246)
> at com.mysql.jdbc.ConnectionImpl.realClose(ConnectionImpl.java:4234)
> at com.mysql.jdbc.ConnectionImpl.close(ConnectionImpl.java:1472)
> at ConnectionCloseTest.main(ConnectionCloseTest.java:13)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:567)
> at
> jdk.compiler/com.sun.tools.javac.launcher.Main.execute(Main.java:415)
> at jdk.compiler/com.sun.tools.javac.launcher.Main.run(Main.java:192)
> at jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:132)
>
>
> ** END NESTED EXCEPTION **
>
> -Jaikiran
>
>
> On 22/01/19 7:43 AM, Dennis Gesker wrote:
>
> Hi Severing:
>
> I'll post the generic error when I get to the office. It seems to throw
> the complaints when it closes a connection.
>
> Here is the thing...
>
> 1. I'm glad this found its way to you (being Red Hat guy) as we first
> noticed it in WildFly 15.0.1. (But, wasn't looking for it before as we
> only need it for a few XA migration transactions.)
>
> 2. It MIGHT be the driver as we use PostgreSQL driver mostly -- in the
> same container -- and no errors there on WildFly 15.0.1 and JDK 11.
>
> 3. I will also try to fall back to JDK 8 and see if it continues in
> WildFly 15.0.1.
>
> 4. The error occurs -- it would seem -- as the pool closes idle
> connections.
>
> 5. I'll post the pool/data source config in WildFly as well -- it seems
> correct and seems to work OK in my application.
>
> Oh, yeah...
>
> And, I found the form to be a contributor (not comitter) and will fill
> that out tomorrow as well and submit it to you directly.
>
> --drg
>
> On Mon, Jan 21, 2019, 09:23 Severin Gehwolf <sgehwolf at redhat.com wrote:
>
>> On Mon, 2019-01-21 at 07:57 -0700, Dennis Gesker wrote:
>> >
>> > Pasted:
>> >
>> > https://paste.fedoraproject.org/paste/vEvp9RwN2rVvIKGiC0IvEQ
>> <https://mailtrack.io/trace/link/11b29b5ee0001da18d81231a7716414eb9fb8cf6?url=https%3A%2F%2Fpaste.fedoraproject.org%2Fpaste%2FvEvp9RwN2rVvIKGiC0IvEQ&userId=3240016&signature=15582aac23a1d344>
>>
>> Is this the full trace? I don't see any exceptions happening in the
>> log. Am I missing something?
>>
>> Thanks,
>> Severin
>>
>> > On Mon, Jan 21, 2019 at 2:10 AM Severin Gehwolf <sgehwolf at redhat.com>
>> > wrote:
>> > > Hi Dennis,
>> > >
>> > > On Sat, 2019-01-19 at 12:08 -0700, Dennis Gesker wrote:
>> > > > Hi Severin:
>> > > >
>> > > > A link to the txt file via Google Drive his here.
>> > >
>> > > "Sorry, the file you have requested does not exist."
>> > >
>> > > Could you please upload it somewhere less restricted? Maybe
>> > > https://paste.fedoraproject.org/
>> <https://mailtrack.io/trace/link/70123ad1da54dd30f90d4c9440498fb67a9dad69?url=https%3A%2F%2Fpaste.fedoraproject.org%2F&userId=3240016&signature=5db291affc051142>
>> or something similar?
>> > >
>> > > I guess if you include me directly, a file attachment would work
>> > > too...
>> > > It's the mailing lists which strip attachments.
>> > >
>> > > > I appreciate you and Alan taking a look. Especially, information
>> > > > submitted from someone who is not a part of openjdk project.
>> > > > I do hope the debug info helps. Let me know anything else you
>> > > need
>> > > > and I will do my best to provide it.
>> > >
>> > > Sure. I'll be mostly doing the intermediary work: getting the info
>> > > added to the bug, though.
>> > >
>> > > > And, should your team decide to open a new ticket or reopen this
>> > > > original ticket in the JIRA could you add me to the ticket?
>> > >
>> > > You'd have to become OpenJDK author for this[1]. It's not terribly
>> > > difficult, but it's somewhat of an entry barrier I understand.
>> > >
>> > > > BTW, (off topic), would your recommend submitting a contributor
>> > > > application to the openjdk project so bug reports can be
>> > > submitted
>> > > > directly?
>> > >
>> > > If you intend to submit the occasional bug report and fix it's
>> > > easier
>> > > for you long-term to attempt to become OpenJDK author (which
>> > > requires
>> > > signing the OCA[2]).
>> > >
>> > > > The dev group at my company is VERY small (and this message to
>> > > your
>> > > > group at the project is from my personal email) but I'd be glad
>> > > to
>> > > > submit bug reports as we come across them in our day to day use
>> > > of
>> > > > Java.
>> > >
>> > > If there are good reproducers for bugs this would be very welcome.
>> > > Thanks for investing some time in this!
>> > >
>> > > Cheers,
>> > > Severin
>> > >
>> > > [1] http://openjdk.java.net/bylaws#author
>> <https://mailtrack.io/trace/link/100b2b16add0f9efa569b40c35d0034070f13adf?url=http%3A%2F%2Fopenjdk.java.net%2Fbylaws%23author&userId=3240016&signature=040ae6d9192cd351>
>> > > http://openjdk.java.net/projects/#project-author
>> <https://mailtrack.io/trace/link/377fa21aeb632c6d04c744d70e816e23fb506afc?url=http%3A%2F%2Fopenjdk.java.net%2Fprojects%2F%23project-author&userId=3240016&signature=dbf523efea173590>
>> > > [2] http://oss.oracle.com/oca.pdf
>> <https://mailtrack.io/trace/link/994d4b4757fa32117b29fae74179a75e0a36fa95?url=http%3A%2F%2Foss.oracle.com%2Foca.pdf&userId=3240016&signature=946fe1d98e179a0d>
>> > >
>> > > > Cordially,
>> > > > Dennis
>> > > > dennis at gesker.com
>> > > >
>> > > > On Fri, Jan 18, 2019 at 10:07 AM Severin Gehwolf <
>> > > sgehwolf at redhat.com
>> > > > > wrote:
>> > > > > On Thu, 2019-01-17 at 10:00 -0700, Dennis Gesker wrote:
>> > > > > [...]
>> > > > > > Added the -Djavax.net.debug=all option to my Wildfly startup
>> > > and
>> > > > > > waited for the pool to close a connection to MySql at AWS.
>> > > > > >
>> > > > > > TXT file attached.
>> > > > > >
>> > > > > > javac 11.0.1
>> > > > > > mysql jdbc driver 8.0.13
>> > > > > > wildfly 15.0.1
>> > > > > >
>> > > > > > --drg
>> > > > >
>> > > > > Unfortunately the txt file got stripped by the mailing list.
>> > > Would
>> > > > > you
>> > > > > be able to upload it somewhere and post a link?
>> > > > >
>> > > > > Thanks,
>> > > > > Severin
>> > > > >
>> > > >
>> > > >
>> > >
>> >
>> >
>>
>>
--
Dennis R. Gesker
[image: LinkedIn]
<https://mailtrack.io/trace/link/bed6535bcaae1241c0cbf312986ab5a726b7fcff?url=http%3A%2F%2Fwww.linkedin.com%2Fin%2Fgesker%2F&userId=3240016&signature=24162ee449c33b01>[image:
WordPress]
<https://mailtrack.io/trace/link/b85986afc00c3aa56d87ed4ae31341128199c153?url=https%3A%2F%2Fdennis.gesker.com&userId=3240016&signature=afbb515a2f3642c0>[image:
Gesker]
<https://mailtrack.io/trace/link/eb5085f5d0d5ed1de195f77bc0fca59cad783741?url=http%3A%2F%2Fwww.gesker.com%2F&userId=3240016&signature=132eb4b8bf006a56>[image:
GPG_PGP]
<https://mailtrack.io/trace/link/ffb3adc6e60194e8f17348f746394e3b1e6849c8?url=http%3A%2F%2Fwww.gesker.com%2Fhome%2Fdennis-gpg-key&userId=3240016&signature=4f06720e16f66f17>[image:
dennis at gesker.com] <dennis at gesker.com>
“Be without fear in the face of your enemies. Be brave and upright that God
may love thee. Speak the truth always, even if it leads to your death.
Safeguard the helpless and do no wrong – that is your oath.”* -The Knight’s
Oath (Kingdom of Heaven)*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190122/eaf7807c/attachment.htm>
More information about the security-dev
mailing list