hanicz opened a new pull request, #1065: URL: https://github.com/apache/knox/pull/1065
…uncycastle exception, set max connections for PoolingHttpClientConnectionManager ## What changes were proposed in this pull request? The BC FIPS provider causes a SocketException with 'Broken Pipe' message on FIPS clusters. When there is a connection: close header in the response Knox tries to close the connection however there is an exception coming from BC. It tries to write to the already closed connection and we get the Broken Pipe issue and it results in HTTP 500 responses from Knox. The solution catches and ignores this exception on the socket level. The intercepting socket would only load if FIPS arg is provided for Knox. This arg is defaults to com.safelogic.cryptocomply.fips.approved_only=true and can be changed in the gateway-site.xml. ## How was this patch tested? Unit tests Tested on FIPS cluster with fips arg and BC provider loaded by JDK. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
