相当频繁的 SSLPeerUnverifedException 与 PoolingClientConnectionManager
Quite frequent SSLPeerUnverifedException with PoolingClientConnectionManager
在我们使用 PoolingClientConnectionManager 4.2.1 的系统上(由于其他依赖项,我们目前无法更新它)。
当有超过一定数量的请求时,我们开始为单个请求获取 SSLPeerUnverifiedExceptions,我目前无法弄清楚为什么,也因为一些 Javadoc 只显示 "deprecated"。
这是池的设置:
SchemeRegistry schemeRegistry = SchemeRegistryFactory.createDefault();
Scheme https = getHttpsScheme(sslContext, port);
schemeRegistry.register(https);
PoolingClientConnectionManager connectionManager =
new PoolingClientConnectionManager(schemeRegistry, 5000, TimeUnit.MILLISECONDS);
connectionManager.setMaxTotal(20);
connectionManager.setDefaultMaxPerRoute(20);
return new DefaultHttpClient(connectionManager);
这是日志:
尝试工作:
PoolingClientConnectionManager "Connection request: [route: {s}-><a href="https://myserver][total" rel="nofollow">https://myserver][total</a> kept alive: 20; route allocated: 20 of 20; total allocated: 20 of 20]"
默认客户端连接 "Connection 0.0.0.0:49954<->[server_ip]:443 closed"
PoolingClientConnectionManager "Connection leased: [id: 94198][route: {s}-><a href="https://myserver][total" rel="nofollow">https://myserver][total</a> kept alive: 19; route allocated: 20 of 20; total allocated: 20 of 20]"
DefaultClientConnectionOperator "Connecting to myserver:443"
尝试失败:
PoolingClientConnectionManager "Connection request: [route: {s}-><a href="https://myserver" rel="nofollow">https://myserver</a> ][total kept alive: 19; route allocated: 20 of 20; total allocated: 20 of 20]"
默认客户端连接 "Connection 0.0.0.0:49953<->[server_ip]:443 closed"
PoolingClientConnectionManager "Connection leased: [id: 94196][route: {s}-><a href="https://myserver" rel="nofollow">https://myserver</a> ][total kept alive: 18; route allocated: 20 of 20; total allocated: 20 of 20]"
DefaultClientConnectionOperator "Connecting to myserver:443"
默认客户端连接 "Connection org.apache.http.impl.conn.DefaultClientConnection@4821fdeb closed"
默认客户端连接 "Connection org.apache.http.impl.conn.DefaultClientConnection@4821fdeb shut down"
PoolingClientConnectionManager "Connection [id: 94196][route: {s}-><a href="https://myserver" rel="nofollow">https://myserver</a> ] can be kept alive for 9223372036854775807 MILLISECONDS"
默认客户端连接 "Connection org.apache.http.impl.conn.DefaultClientConnection@4821fdeb closed"
PoolingClientConnectionManager "Connection released: [id: 94196][route: {s}-><a href="https://myserver" rel="nofollow">https://myserver</a> ][total kept alive: 18; route allocated: 19 of 20; total allocated: 19 of 20]"
除了如何摆脱异常,我想知道
- 如果池太小,因为所有路由都是永久分配的
- 如果我作为构造函数 arg(5000 毫秒)传递的生存时间得到尊重,当它说 "can be kept alive for 9223372036854775807 MILLISECONDS"
- 为什么连接在失败的尝试中被关闭。
通过在异常情况下预先关闭过期和空闲连接添加重试来解决问题。
...
try {
result = performWsRequest(request, soapAction);
} catch (WebServiceIOException | SSLPeerUnverifiedException ex) {
if (retryAttempt) {
logAndThrowExceptionUponWsRequest(ex);
} else {
LOGGER.info("Re-trying webservice-request");
cleanConnections();
result = performWsRequestWithRetry(request, soapAction, true);
}
} catch (Exception e) {
logAndThrowExceptionUponWsRequest(e);
}
...
private synchronized void cleanConnections() {
LOGGER.info(
"Cleaning connections. Total message-senders: {}",
this.webServiceTemplate.getMessageSenders().length);
for (WebServiceMessageSender messageSender : this.webServiceTemplate.getMessageSenders()) {
if (messageSender instanceof HttpComponentsMessageSender) {
LOGGER.info("Checking connections of message-sender {}", messageSender);
HttpComponentsMessageSender httpComponentsMessageSender = (HttpComponentsMessageSender)messageSender;
if (httpComponentsMessageSender.getHttpClient() != null
&& httpComponentsMessageSender.getHttpClient().getConnectionManager() != null) {
LOGGER.info("Closing connections");
httpComponentsMessageSender.getHttpClient().getConnectionManager().closeExpiredConnections();
httpComponentsMessageSender.getHttpClient()
.getConnectionManager()
.closeIdleConnections(5000, TimeUnit.MILLISECONDS);
}
}
}
}
在我们使用 PoolingClientConnectionManager 4.2.1 的系统上(由于其他依赖项,我们目前无法更新它)。
当有超过一定数量的请求时,我们开始为单个请求获取 SSLPeerUnverifiedExceptions,我目前无法弄清楚为什么,也因为一些 Javadoc 只显示 "deprecated"。
这是池的设置:
SchemeRegistry schemeRegistry = SchemeRegistryFactory.createDefault();
Scheme https = getHttpsScheme(sslContext, port);
schemeRegistry.register(https);
PoolingClientConnectionManager connectionManager =
new PoolingClientConnectionManager(schemeRegistry, 5000, TimeUnit.MILLISECONDS);
connectionManager.setMaxTotal(20);
connectionManager.setDefaultMaxPerRoute(20);
return new DefaultHttpClient(connectionManager);
这是日志:
尝试工作:
PoolingClientConnectionManager "Connection request: [route: {s}-><a href="https://myserver][total" rel="nofollow">https://myserver][total</a> kept alive: 20; route allocated: 20 of 20; total allocated: 20 of 20]"
默认客户端连接 "Connection 0.0.0.0:49954<->[server_ip]:443 closed"
PoolingClientConnectionManager "Connection leased: [id: 94198][route: {s}-><a href="https://myserver][total" rel="nofollow">https://myserver][total</a> kept alive: 19; route allocated: 20 of 20; total allocated: 20 of 20]"
DefaultClientConnectionOperator "Connecting to myserver:443"
尝试失败:
PoolingClientConnectionManager "Connection request: [route: {s}-><a href="https://myserver" rel="nofollow">https://myserver</a> ][total kept alive: 19; route allocated: 20 of 20; total allocated: 20 of 20]"
默认客户端连接 "Connection 0.0.0.0:49953<->[server_ip]:443 closed"
PoolingClientConnectionManager "Connection leased: [id: 94196][route: {s}-><a href="https://myserver" rel="nofollow">https://myserver</a> ][total kept alive: 18; route allocated: 20 of 20; total allocated: 20 of 20]"
DefaultClientConnectionOperator "Connecting to myserver:443"
默认客户端连接 "Connection org.apache.http.impl.conn.DefaultClientConnection@4821fdeb closed"
默认客户端连接 "Connection org.apache.http.impl.conn.DefaultClientConnection@4821fdeb shut down"
PoolingClientConnectionManager "Connection [id: 94196][route: {s}-><a href="https://myserver" rel="nofollow">https://myserver</a> ] can be kept alive for 9223372036854775807 MILLISECONDS"
默认客户端连接 "Connection org.apache.http.impl.conn.DefaultClientConnection@4821fdeb closed"
PoolingClientConnectionManager "Connection released: [id: 94196][route: {s}-><a href="https://myserver" rel="nofollow">https://myserver</a> ][total kept alive: 18; route allocated: 19 of 20; total allocated: 19 of 20]"
除了如何摆脱异常,我想知道
- 如果池太小,因为所有路由都是永久分配的
- 如果我作为构造函数 arg(5000 毫秒)传递的生存时间得到尊重,当它说 "can be kept alive for 9223372036854775807 MILLISECONDS"
- 为什么连接在失败的尝试中被关闭。
通过在异常情况下预先关闭过期和空闲连接添加重试来解决问题。
...
try {
result = performWsRequest(request, soapAction);
} catch (WebServiceIOException | SSLPeerUnverifiedException ex) {
if (retryAttempt) {
logAndThrowExceptionUponWsRequest(ex);
} else {
LOGGER.info("Re-trying webservice-request");
cleanConnections();
result = performWsRequestWithRetry(request, soapAction, true);
}
} catch (Exception e) {
logAndThrowExceptionUponWsRequest(e);
}
...
private synchronized void cleanConnections() {
LOGGER.info(
"Cleaning connections. Total message-senders: {}",
this.webServiceTemplate.getMessageSenders().length);
for (WebServiceMessageSender messageSender : this.webServiceTemplate.getMessageSenders()) {
if (messageSender instanceof HttpComponentsMessageSender) {
LOGGER.info("Checking connections of message-sender {}", messageSender);
HttpComponentsMessageSender httpComponentsMessageSender = (HttpComponentsMessageSender)messageSender;
if (httpComponentsMessageSender.getHttpClient() != null
&& httpComponentsMessageSender.getHttpClient().getConnectionManager() != null) {
LOGGER.info("Closing connections");
httpComponentsMessageSender.getHttpClient().getConnectionManager().closeExpiredConnections();
httpComponentsMessageSender.getHttpClient()
.getConnectionManager()
.closeIdleConnections(5000, TimeUnit.MILLISECONDS);
}
}
}
}