[ https://issues.apache.org/jira/browse/GEODE-7157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John Blum updated GEODE-7157: ----------------------------- Summary: SSLConfigurationFactory and SSLConfig are NOT Thread-safe! (was: SSLConnectionFactory and SSLConfig are NOT Thread-safe) > SSLConfigurationFactory and SSLConfig are NOT Thread-safe! > ---------------------------------------------------------- > > Key: GEODE-7157 > URL: https://issues.apache.org/jira/browse/GEODE-7157 > Project: Geode > Issue Type: Bug > Components: configuration, core, security > Reporter: John Blum > Priority: Major > > {{SSLConfig}} is a "_shared_" object (if you carefully analyze the > {{SSLConfigurationFactory}} class) and needs to be Thread-safe!! > {{SSLConfigurationFactory}} does NOT properly guard all access points to the > (once again) "_shared_" {{registeredSSLConfig}} {{Map}} instance. > Furthermore, this class also uses an non-Thread-safe {{Map}} implementation > for {{registeredSSLConfig}}, i.e. {{HashMap}}, to "cache" {{SSLConfig}} > objects, which is "safe" iff "_all_" access to this "shared" > {{registeredSSLConfig}} {{Map}} instance is "{{synchronized}}", which it > isn't (!!) ... e.g. {{SSLConfigurationFactory.close()}}, which subsequently > calls {{clearSSLConfigForAllComponents()}}, which "_clears_" the > {{registeredSSLConfig}} {{Map}}. Because it is not properly protected, it is > possible to see stale state, especially between tests!!! -- This message was sent by Atlassian Jira (v8.3.2#803003)