okhttp 3.7.0 SSL Shutdown failed threw UnknownHostException and not SSLException - ssl

While making a network request with low connectivity very rarely I see that I get
<-- HTTP FAILED: java.net.UnknownHostException: Unable to resolve host ....
while my server seems to have got the request correctly. I found 1 instance of it with device logs which shows actually an SSLException happened
D/NativeCrypto: jniThrowException: javax/net/ssl/SSLException: Read error: ssl=0x7dc365f080: I/O error during system call, Software caused connection abort
D/NativeCrypto: jniThrowException: javax/net/ssl/SSLException: SSL shutdown failed: ssl=0x7dc365f080: I/O error during system call, Broken pipe
My question is why does okhttp and retrofit throw UnknownHostException and not SSLException, and is there a way to actually get the SSLException as currently my app thinks the request did not go while server processes that request.
I am using
okhttp:3.10.0
retrofit:2.2.0
adapter-rxjava2:2.2.0

Related

How to get proper https server response in apache camel DSL?

I am trying to hit https server using https4 component I want to get whatever response the server throwing it maybe success or failed here is my route.
from("direct:start")
.setHeader(Exchange.HTTP_QUERY,constant("USERNAME=__&PASSWORD=__"))
.to("https4://someAddress.com/api/controls/uploadAndImportFileFromCSV")
.to("stream:out");
Output I'm getting:
org.apache.camel.CamelExecutionException: Exception occurred during execution on the exchange: Exchange[ID-rajat-Lenovo-G50-70-1513247400372-0-1]
org.apache.camel.util.ObjectHelper.wrapCamelExecutionException(ObjectHelper.java:1847)
.........
Caused by: org.apache.camel.http.common.HttpOperationFailedException: HTTP operation failed invoking https4://someAddress.com/api/controls/uploadAndImportFileFromCSV?USERNAME=__&PASSWORD=__ with statusCode: 599
But whenever I hit this URL on web browser I am getting the accurate response what server throws
like {"sessionId":"2985416A1F1122694031261B55F0277F.jvm1","_ERROR_MESSAGE_LIST_":[" The following required parameter is missing: [IN]uploadAndImportFile.configId]","The following required parameter is missing: [IN][uploadAndImportFile.fileTypeEnumId]"],"removePathAlias":false,"loggedIn":true,"USERNAME":"admin","_LOGIN_PASSED_":"TRUE","webSiteId":"API"}
This is what I want to get from camel
After a brief browsing about camel exception randomly I got my solution is already clearly mention on org.apache.camel.http4.
If throwExceptionOnFailure=false the HttpOperationFailedException will not be thrown for failed response codes. This allows you to get any response from the remote server.
from("direct:start")....to("https4://.......?throwExceptionOnFailure=false")

Authentication failure spring-amqp timeout

My consumer worked fine for about one week, then the consumer thread died and logged the below error:
It seems the Authentication failure is caused by
BufferedInputStream.read timeout, and I want to know if there is a way
to treat the Authentication failure as a non-fatal and do not kill the
consumer thread. and I think the timeout issue is just caused by
network issue not the Authentication failure, since this consumer
already worked for one week.
org.springframework.amqp.rabbit.listener.exception.FatalListenerStartupException: Authentication failure
at org.springframework.amqp.rabbit.listener.BlockingQueueConsumer.start(BlockingQueueConsumer.java:460)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$AsyncMessageProcessingConsumer.run(SimpleMessageListenerContainer.java:1171)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.amqp.AmqpAuthenticationException: com.rabbitmq.client.PossibleAuthenticationFailureException: Possibly caused by authentication failure
at org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:61)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:296)
at org.springframework.amqp.rabbit.connection.CachingConnectionFactory.createConnection(CachingConnectionFactory.java:524)
at org.springframework.amqp.rabbit.connection.ConnectionFactoryUtils$1.createConnection(ConnectionFactoryUtils.java:85)
at org.springframework.amqp.rabbit.connection.ConnectionFactoryUtils.doGetTransactionalResourceHolder(ConnectionFactoryUtils.java:135)
at org.springframework.amqp.rabbit.connection.ConnectionFactoryUtils.getTransactionalResourceHolder(ConnectionFactoryUtils.java:71)
at org.springframework.amqp.rabbit.listener.BlockingQueueConsumer.start(BlockingQueueConsumer.java:456)
... 2 more
Caused by: com.rabbitmq.client.PossibleAuthenticationFailureException: Possibly caused by authentication failure
at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:341)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:824)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:736)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:283)
... 7 more
Caused by: com.rabbitmq.client.ShutdownSignalException: connection error at com.rabbitmq.utility.ValueOrException.getValue(ValueOrExcept‌​ion.java:66) at com.rabbitmq.utility.BlockingValueOrException.uninterruptibl‌​eGetValue(BlockingVa‌​lueOrException.java:‌​36) at com.rabbitmq.client.impl.AMQChannel$BlockingRpcContinuation.‌​getReply(AMQChannel.‌​java:366) at com.rabbitmq.client.impl.AMQChannel.privateRpc(AMQChannel.ja‌​va:233) at com.rabbitmq.client.impl.AMQChannel.rpc(AMQChannel.java:211) at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.j‌​ava:326)
The target code looks like:
} catch (ShutdownSignalException e) {
...
throw new PossibleAuthenticationFailureException(e);
}
So, indeed, it isn't necessary that the issue with the connection is about authentication.
There is just ShutdownSignalException by the Connection timed out reason.
So, you should just try to increase connection timeout, which is 60000 by default.
But that is likely there is some problem with resources on the broker since we just can't connect.
We can't treat this kind of errors (ShutdownSignalException) as non-fatal, since your problem happens exactly on the start().
EDIT
In case of fatal failure the container emits ListenerContainerConsumerFailedEvent:http://docs.spring.io/spring-amqp/reference/html/_reference.html#consumer-events. You can handle it and restart the container on purpose.

Spring XD on YARN

I am getting the below error, while I am trying to install Spring XD on YARN.
Error executing a spring application; nested exception is org.springframework.yarn.YarnSystemException:
Call From c01dfobi43.vcac.dc1.dsghost.net/100.98.226.45 to c01dfobi41.vcac.dc1.dsghost.net:8032 failed on connection exception:
java.net.ConnectException: Connection refused; For more details see: http://wiki.apache.org/hadoop/ConnectionRefused;
nested exception is java.net.ConnectException:
Call From c01dfobi43.vcac.dc1.dsghost.net/100.98.226.45 to c01dfobi41.vcac.dc1.dsghost.net:8032 failed on connection exception:
java.net.ConnectException: Connection refused; For more details see: http://wiki.apache.org/hadoop/ConnectionRefused
Not sure where I am committing a mistake. Also do we need to install Spring XD Yarn on all nodes?
It would be great if you can share any documentation mentioned explicitly for YARN.
I am going to assume that c01dfobi41.vcac.dc1.dsghost.net:8032 is a ResourceManager host, I am also going to assume that based on your comment stating that yarn applications do run, you have more then one. In that case what may be happening (and I see this all the time) is that your yarn client attempts to contact the resource manager by looking it up in yarn-site.xml, it picks the first one and gets ConnectionRefused as the standby resource manager does not listen on its RPC port, it moves on to the next one and succeeds. If this is the case this is not a fatal error and can be ignored.

Server received ssl alert 0 "close notify" as fatal error

We have seen much more SSL error than before when we move to a new server. The total SSL error rate is not high. Many of them are:
error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
We finally found these requests are actually successful requests. Why these error was generated is that openssl found these were fatal error. Add more debug info show that:
ssl_callback_info:SSL_CB_READ_ALERT fatal error close notify
But from rfc2246:
7.2.1. Closure alerts
The client and the server must share knowledge that the connection is
ending in order to avoid a truncation attack. Either party may
initiate the exchange of closing messages.
close_notify
This message notifies the recipient that the sender will not send
any more messages on this connection. The session becomes
unresumable if any connection is terminated without proper
close_notify messages with level equal to warning.
We are wondering if there some special clients send "alert 0" as fatal . Or this related some known issue of openssl. We are using openssl-1.0.1e now. Before migration we used openssl-1.0.0-25.
Any suggestions would be appreciated.
Update:
I investigated the access log and found almost all the "fatal alert 0" was sent by Safari on Apple devices(Mac, iPhone, iPad).
Through the code of libsecurity_ssl which the library of SSL engine. I found that this library would send "fatal alert 0" in sometimes that was totally different with other SSL libraries, for example openssl, NSS.
SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx);
http://www.opensource.apple.com/source/libsecurity_ssl/libsecurity_ssl-32463/lib/sslRecord.c
This mostly occurred when Safari meet unexpected abort of the connection. As my server would not sent a "warning alert 0" to close the connection.

WebDriver InternetExplorerDriver: Software caused connection abort: recv failed?

I'm using Selenium 2.20 . Why does WebDriver InternetExplorerDriver throw this warning when launching browser? This is happening to me during a parameterized JUnit test. The warning is thrown each time I am invoking "new InternetExplorerDriver()" . After it retries, it succeeds on the second attempt of whatever it is doing. So, in other words, the tryExecute call has to run twice before my IE instance works in WebDriver.
org.apache.http.impl.client.DefaultRequestDirector tryExecute
INFO: I/O exception (java.net.SocketException) caught when processing request:
Software caused connection abort: recv failed
org.apache.http.impl.client.DefaultRequestDirector tryExecute
INFO: Retrying request
This is a warning message. The native code (C++) component of the IE driver includes an HTTP server, since the driver uses the JSON Wire Protocol for its communications. That HTTP server takes a small amount of time to start and be ready to receive HTTP requests. However, the RemoteWebDriver's HTTP client (remember that InternetExplorerDriver is a subclass of RemoteWebDriver) cannot know exactly when that server is available, so this causes a race condition. The HTTP client must poll the server until it receives a valid response. When you're seeing this warning, it's only telling you that the internal HTTP server hasn't completed its initialization, and the HTTP client has lost the race. It should be harmless, and you should be able to safely ignore it.
Since this message is not going to be important for most cases as it is a known race condition, you can configure java.util.logging to ignore it by passing in a custom log configuration using this Java code:
LogManager.getLogManager().readConfiguration(
getClass().getResourceAsStream(
"/META-INF/logger.properties"));
And a file META-INF/logger.properties
handlers=java.util.logging.ConsoleHandler
java.util.logging.ConsoleHandler.level=ALL
java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
org.apache.http.impl.client.DefaultHttpClient.level=WARNING