由于 SolrJ、HttpClient、JVM 或我的应用程序中的无效 SSL 证书导致类加载器泄漏?
Classloader leak because of invalid SSL certificate in SolrJ, HttpClient, JVM or my application?
最近几天我在一个大型应用程序中分析了一个类加载器泄漏,我已经解决了这个问题。
我的应用程序使用 SolrJ,它将通过 @Bean-方法初始化:
@Bean(destroyMethod = "close")
public SolrClient solrClient() {
return new HttpSolrClient(SOLR_URL);
}
SolrJ (org.apache.solr:solr-solrj:5.4.1) 使用 Apache HttpClient (org.apache.httpcomponents:httpclient:4.4.1)。 HttpClient 通过使用正常的 java 类 像 javax.net.ssl.SSLSocketFactory 来初始化 SSL 上下文。
这样 java 加载 trustManager 并分析所有受信任的证书。如果出现错误,证书(sun.security.x509.X509CertImpl 的一个实例)将存储在一个列表中,并通过抛出的异常得到丰富。
这个异常被吞没了,我的申请仍然是 unaware.
据我所知,SSL 上下文在系统/根类加载器中,我的应用程序在专用 WebappClassLoader 中,这就是问题所在,因为现在里面有一个 IOException在我的应用程序中包含堆栈跟踪、回溯等对 类 的引用的 SSL 上下文。
但现在我不知道这是从哪里来的。是 SolrJ 客户端、Apache HttpClient、Java 本身(JVM)还是我的应用程序?
我制作了一个小应用程序来重现您可以在此处找到的问题:https://github.com/CptS/solrj-classloader-leak
这也包含一个解决方法(一个关闭钩子,它删除了导致类加载器泄漏的引用)。
如果您禁用关闭挂钩(例如通过注释掉它)并开始清理 Tomcat(请参阅下面的 "Environment to reproduce"),您可以按照以下步骤重现它:
- 部署demo工程(A)的war
- 重新加载它 (B)
- 重新加载 (C)
- 触发GC(D)
- 取消部署
- 触发 GC (E)
- 看到元空间没有完全清理 (F)
我创建了堆转储,到 GC 的最短路径如下所示:
这与我的大型应用程序中的相同。
提到的解决方法(有点受 https://github.com/mjiderhamn/classloader-leak-prevention 的启发,但不幸的是,这并没有解决我的问题)通过对这些 unparseableExtensions 使用反射进行搜索,并通过删除存储在 why 字段中的异常这边走:
SSLContextImpl.DefaultSSLContext#defaultImpl -> SSLContextImpl#trustManager -> X509TrustManager#trustedCerts -> X509CertImpl#info -> X509CertInfo#extensions -> CertificateExtensions#unparseableExtensions -> UnparseableExtension#why
通过这样做,我得到了异常的堆栈跟踪,如果它对某人有帮助的话:
java.io.IOException: No data available in passed DER encoded value.
at sun.security.x509.GeneralNames.<init>(GeneralNames.java:61)
at sun.security.x509.IssuerAlternativeNameExtension.<init>(IssuerAlternativeNameExtension.java:136)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at sun.security.x509.CertificateExtensions.parseExtension(CertificateExtensions.java:113)
at sun.security.x509.CertificateExtensions.init(CertificateExtensions.java:88)
at sun.security.x509.CertificateExtensions.<init>(CertificateExtensions.java:78)
at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:702)
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:167)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1804)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:100)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:755)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:226)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultTrustManager(SSLContextImpl.java:767)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:733)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.security.Provider$Service.newInstance(Provider.java:1595)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:122)
at org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:190)
at org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:85)
at org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:121)
at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:484)
at org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:234)
at org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:40)
at org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:149)
at org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:125)
at org.apache.solr.client.solrj.impl.HttpSolrClient.<init>(HttpSolrClient.java:189)
at org.apache.solr.client.solrj.impl.HttpSolrClient.<init>(HttpSolrClient.java:162)
at de.test.spring.SolrJConfig.solrClient(SolrJConfig.java:20)
at de.test.spring.SolrJConfig$$EnhancerBySpringCGLIB$$dbd4362f.CGLIB$solrClient[=11=](<generated>)
at de.test.spring.SolrJConfig$$EnhancerBySpringCGLIB$$dbd4362f$$FastClassBySpringCGLIB$e7566a6.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:309)
at de.test.spring.SolrJConfig$$EnhancerBySpringCGLIB$$dbd4362f.solrClient(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1119)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1014)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:303)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:755)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480)
at de.test.WicketApplication.init(WicketApplication.java:32)
at org.apache.wicket.Application.initApplication(Application.java:950)
at org.apache.wicket.protocol.http.WicketFilter.init(WicketFilter.java:429)
at org.apache.wicket.protocol.http.WicketFilter.init(WicketFilter.java:353)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:260)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:105)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4640)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5247)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:724)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:700)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:919)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1703)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
我的解决方法暂时解决了这个问题,当然这只是一个解决方法。
我想知道,也许有人可以回答我的一个或多个问题:
- 这是 SolrJ、HttpClient、Java 或我的应用程序中的 "bug" 吗?
- 如果是我的申请,我做错了什么?
- 如果不是我的应用,是已知问题吗?我找不到有关此的任何信息。 (在哪里)我应该创建错误票吗?
- 为什么会有"invalid"证书? (顺便说一句:如果我从信任库中删除这个证书,也许泄漏也会得到解决……我没有测试过,但我认为无效或损坏的证书永远不会导致类加载器泄漏……)
- 有人有这方面的更多信息吗?我不敢相信我是唯一一个检测到这种行为的人(除了我的应用程序......见我的问题 2)。
最后但同样重要的是,我要重现的环境:
- Tomcat 版本:Apache Tomcat/8.0.14 (Debian)
- JVM 版本:1.8.0_91-b14
- JVM 供应商:甲骨文公司
- OS 姓名:Linux
- OS版本:3.16.0-4-amd64
- 架构:amd64
这是 java 中的错误,错误票在这里:http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8168069
非常感谢 mjiderhamn (on GitHub). He is the developer of the great classloader-leak-prevention 库,现在已经包含一个针对此问题的预防程序(版本 2.1.0)。
Why is there a "invalid" certificate
密钥库中证书的"Issuer Alternative Name"扩展值为空,不符合X.509规范。请参阅 RFC 5280 的第 4.2.1.6 和 4.2.1.7 节。
$ keytool -exportcert ... -file ...
$ keytool -printcert -v -file ...
...
#10: ObjectId: 2.5.29.18 Criticality=false
Unparseable IssuerAlternativeName extension due to
java.io.IOException: No data available in passed DER encoded value.
0000: 30 00 0.
最近几天我在一个大型应用程序中分析了一个类加载器泄漏,我已经解决了这个问题。
我的应用程序使用 SolrJ,它将通过 @Bean-方法初始化:
@Bean(destroyMethod = "close")
public SolrClient solrClient() {
return new HttpSolrClient(SOLR_URL);
}
SolrJ (org.apache.solr:solr-solrj:5.4.1) 使用 Apache HttpClient (org.apache.httpcomponents:httpclient:4.4.1)。 HttpClient 通过使用正常的 java 类 像 javax.net.ssl.SSLSocketFactory 来初始化 SSL 上下文。
这样 java 加载 trustManager 并分析所有受信任的证书。如果出现错误,证书(sun.security.x509.X509CertImpl 的一个实例)将存储在一个列表中,并通过抛出的异常得到丰富。
这个异常被吞没了,我的申请仍然是 unaware.
据我所知,SSL 上下文在系统/根类加载器中,我的应用程序在专用 WebappClassLoader 中,这就是问题所在,因为现在里面有一个 IOException在我的应用程序中包含堆栈跟踪、回溯等对 类 的引用的 SSL 上下文。
但现在我不知道这是从哪里来的。是 SolrJ 客户端、Apache HttpClient、Java 本身(JVM)还是我的应用程序?
我制作了一个小应用程序来重现您可以在此处找到的问题:https://github.com/CptS/solrj-classloader-leak 这也包含一个解决方法(一个关闭钩子,它删除了导致类加载器泄漏的引用)。
如果您禁用关闭挂钩(例如通过注释掉它)并开始清理 Tomcat(请参阅下面的 "Environment to reproduce"),您可以按照以下步骤重现它:
- 部署demo工程(A)的war
- 重新加载它 (B)
- 重新加载 (C)
- 触发GC(D)
- 取消部署
- 触发 GC (E)
- 看到元空间没有完全清理 (F)
我创建了堆转储,到 GC 的最短路径如下所示:
这与我的大型应用程序中的相同。
提到的解决方法(有点受 https://github.com/mjiderhamn/classloader-leak-prevention 的启发,但不幸的是,这并没有解决我的问题)通过对这些 unparseableExtensions 使用反射进行搜索,并通过删除存储在 why 字段中的异常这边走:
SSLContextImpl.DefaultSSLContext#defaultImpl -> SSLContextImpl#trustManager -> X509TrustManager#trustedCerts -> X509CertImpl#info -> X509CertInfo#extensions -> CertificateExtensions#unparseableExtensions -> UnparseableExtension#why
通过这样做,我得到了异常的堆栈跟踪,如果它对某人有帮助的话:
java.io.IOException: No data available in passed DER encoded value.
at sun.security.x509.GeneralNames.<init>(GeneralNames.java:61)
at sun.security.x509.IssuerAlternativeNameExtension.<init>(IssuerAlternativeNameExtension.java:136)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at sun.security.x509.CertificateExtensions.parseExtension(CertificateExtensions.java:113)
at sun.security.x509.CertificateExtensions.init(CertificateExtensions.java:88)
at sun.security.x509.CertificateExtensions.<init>(CertificateExtensions.java:78)
at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:702)
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:167)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1804)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:100)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:755)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:226)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultTrustManager(SSLContextImpl.java:767)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:733)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.security.Provider$Service.newInstance(Provider.java:1595)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:122)
at org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:190)
at org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:85)
at org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:121)
at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:484)
at org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:234)
at org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:40)
at org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:149)
at org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:125)
at org.apache.solr.client.solrj.impl.HttpSolrClient.<init>(HttpSolrClient.java:189)
at org.apache.solr.client.solrj.impl.HttpSolrClient.<init>(HttpSolrClient.java:162)
at de.test.spring.SolrJConfig.solrClient(SolrJConfig.java:20)
at de.test.spring.SolrJConfig$$EnhancerBySpringCGLIB$$dbd4362f.CGLIB$solrClient[=11=](<generated>)
at de.test.spring.SolrJConfig$$EnhancerBySpringCGLIB$$dbd4362f$$FastClassBySpringCGLIB$e7566a6.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:309)
at de.test.spring.SolrJConfig$$EnhancerBySpringCGLIB$$dbd4362f.solrClient(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1119)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1014)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:303)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:755)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480)
at de.test.WicketApplication.init(WicketApplication.java:32)
at org.apache.wicket.Application.initApplication(Application.java:950)
at org.apache.wicket.protocol.http.WicketFilter.init(WicketFilter.java:429)
at org.apache.wicket.protocol.http.WicketFilter.init(WicketFilter.java:353)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:260)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:105)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4640)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5247)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:724)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:700)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:919)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1703)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
我的解决方法暂时解决了这个问题,当然这只是一个解决方法。
我想知道,也许有人可以回答我的一个或多个问题:
- 这是 SolrJ、HttpClient、Java 或我的应用程序中的 "bug" 吗?
- 如果是我的申请,我做错了什么?
- 如果不是我的应用,是已知问题吗?我找不到有关此的任何信息。 (在哪里)我应该创建错误票吗?
- 为什么会有"invalid"证书? (顺便说一句:如果我从信任库中删除这个证书,也许泄漏也会得到解决……我没有测试过,但我认为无效或损坏的证书永远不会导致类加载器泄漏……)
- 有人有这方面的更多信息吗?我不敢相信我是唯一一个检测到这种行为的人(除了我的应用程序......见我的问题 2)。
最后但同样重要的是,我要重现的环境:
- Tomcat 版本:Apache Tomcat/8.0.14 (Debian)
- JVM 版本:1.8.0_91-b14
- JVM 供应商:甲骨文公司
- OS 姓名:Linux
- OS版本:3.16.0-4-amd64
- 架构:amd64
这是 java 中的错误,错误票在这里:http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8168069
非常感谢 mjiderhamn (on GitHub). He is the developer of the great classloader-leak-prevention 库,现在已经包含一个针对此问题的预防程序(版本 2.1.0)。
Why is there a "invalid" certificate
密钥库中证书的"Issuer Alternative Name"扩展值为空,不符合X.509规范。请参阅 RFC 5280 的第 4.2.1.6 和 4.2.1.7 节。
$ keytool -exportcert ... -file ...
$ keytool -printcert -v -file ...
...
#10: ObjectId: 2.5.29.18 Criticality=false
Unparseable IssuerAlternativeName extension due to
java.io.IOException: No data available in passed DER encoded value.
0000: 30 00 0.