Repository: cassandra Updated Branches: refs/heads/cassandra-2.2 879c49bb7 -> c8493c41e
Explicitly handle SSL handshake errors during connect() patch by Stefan Podkowinski; reviewed by aweisberg for CASSANDRA-10816 Any IOException before this patch has just been logged to debug and retried in case of outgoing connections. Any issues with SSL certificates would only be reported in case the log level is set to debug, which won't be the case on most clusters. The existing retry loop for the outgoing connect() call would also not make much sense in case of SSL handshake errors and cause unnecessary load while constantly running into the same handshake error again. Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/c8493c41 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/c8493c41 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/c8493c41 Branch: refs/heads/cassandra-2.2 Commit: c8493c41ec7acda6b38c18218633301115e98b19 Parents: 879c49b Author: Stefan Podkowinski <stefan.podkowin...@1und1.de> Authored: Fri Dec 4 13:52:30 2015 +0100 Committer: Sylvain Lebresne <sylv...@datastax.com> Committed: Thu Dec 10 17:29:50 2015 +0100 ---------------------------------------------------------------------- CHANGES.txt | 1 + src/java/org/apache/cassandra/net/MessagingService.java | 6 ++++++ .../org/apache/cassandra/net/OutboundTcpConnection.java | 9 +++++++++ 3 files changed, 16 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/c8493c41/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 34866fa..cd6b92e 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 2.2.5 + * Better handling of SSL connection errors inter-node (CASSANDRA-10816) * Disable reloading of GossipingPropertyFileSnitch (CASSANDRA-9474) * Verify tables in pseudo-system keyspaces at startup (CASSANDRA-10761) Merged from 2.1: http://git-wip-us.apache.org/repos/asf/cassandra/blob/c8493c41/src/java/org/apache/cassandra/net/MessagingService.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/net/MessagingService.java b/src/java/org/apache/cassandra/net/MessagingService.java index 3b4925f..09ee73f 100644 --- a/src/java/org/apache/cassandra/net/MessagingService.java +++ b/src/java/org/apache/cassandra/net/MessagingService.java @@ -31,6 +31,7 @@ import java.util.concurrent.atomic.AtomicInteger; import javax.management.MBeanServer; import javax.management.ObjectName; +import javax.net.ssl.SSLHandshakeException; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Function; @@ -1012,6 +1013,11 @@ public final class MessagingService implements MessagingServiceMBean logger.trace("MessagingService server thread already closed"); break; } + catch (SSLHandshakeException e) + { + logger.error("SSL handshake error for inbound connection from " + socket, e); + FileUtils.closeQuietly(socket); + } catch (IOException e) { logger.trace("Error reading the socket " + socket, e); http://git-wip-us.apache.org/repos/asf/cassandra/blob/c8493c41/src/java/org/apache/cassandra/net/OutboundTcpConnection.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/net/OutboundTcpConnection.java b/src/java/org/apache/cassandra/net/OutboundTcpConnection.java index 9a4e789..2a8bdf3 100644 --- a/src/java/org/apache/cassandra/net/OutboundTcpConnection.java +++ b/src/java/org/apache/cassandra/net/OutboundTcpConnection.java @@ -35,6 +35,8 @@ import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicLong; import java.util.zip.Checksum; +import javax.net.ssl.SSLHandshakeException; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -469,6 +471,13 @@ public class OutboundTcpConnection extends Thread return true; } + catch (SSLHandshakeException e) + { + logger.error("SSL handshake error for outbound connection to " + socket, e); + socket = null; + // SSL errors won't be recoverable within timeout period so we'll just abort + return false; + } catch (IOException e) { socket = null;