[FIX] Close channel on TLS negotiation failure to prevent zombie conn…#16255
[FIX] Close channel on TLS negotiation failure to prevent zombie conn…#16255LI123456mo wants to merge 4 commits intoapache:3.3from
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## 3.3 #16255 +/- ##
============================================
+ Coverage 60.78% 60.81% +0.02%
- Complexity 11763 11772 +9
============================================
Files 1953 1953
Lines 89186 89188 +2
Branches 13454 13454
============================================
+ Hits 54209 54236 +27
+ Misses 29400 29383 -17
+ Partials 5577 5569 -8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
it might be better to add a testcase for it. |
| "", | ||
| "TLS negotiation failed when trying to accept new connection.", | ||
| cause); | ||
| ctx.close(); |
There was a problem hiding this comment.
should close context after calling fireExceptionCaught
There was a problem hiding this comment.
should close context after calling fireExceptionCaught
Thank you for the feedback, @zrlw. That makes sense—firing the exception first ensures the error is fully propagated through the pipeline before the channel is terminated. I will update the PR to swap the order: ctx.fireExceptionCaught(cause) followed by ctx.close().
Thanks for suggestion , will add |
LI123456mo
force-pushed
the
fix-tls-negotiation-exception
branch
from
ca8cdb7 to
ea62549
Compare
|
3 participants
This pull request addresses a bug in SslServerTlsHandler where exceptions during the TLS handshake were swallowed, leaving TCP channels active but dead. By adding ctx.close() to exceptionCaught, the PR ensures that failed connections are closed, enabling the consumer to detect the failure and initiate self-healing.