[
https://issues.apache.org/jira/browse/GEODE-7157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alberto Gomez reassigned GEODE-7157:
------------------------------------
Assignee: Alberto Gomez
> SSLConfigurationFactory and SSLConfig are NOT Thread-safe!
> ----------------------------------------------------------
>
> Key: GEODE-7157
> URL: https://issues.apache.org/jira/browse/GEODE-7157
> Project: Geode
> Issue Type: Bug
> Components: configuration, core, security
> Reporter: John Blum
> Assignee: Alberto Gomez
> Priority: Critical
> Labels: affects-spring
>
> {{SSLConfig}} is a "_shared_" object (if you carefully analyze the
> {{SSLConfigurationFactory}} class) and needs to be Thread-safe!!
> {{SSLConfigurationFactory}} does NOT properly guard all access points to the
> (once again) "_shared_" {{registeredSSLConfig}} {{Map}} instance.
> Furthermore, this class also uses an non-Thread-safe {{Map}} implementation
> for {{registeredSSLConfig}}, i.e. {{HashMap}}, to "cache" {{SSLConfig}}
> objects, which is "safe" iff "_all_" access to this "shared"
> {{registeredSSLConfig}} {{Map}} instance is "{{synchronized}}", which it
> isn't (!!) ... e.g. {{SSLConfigurationFactory.close()}}, which subsequently
> calls {{clearSSLConfigForAllComponents()}}, which "_clears_" the
> {{registeredSSLConfig}} {{Map}}. Because it is not properly protected, it is
> possible to see stale state, especially between tests!!!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
