SSL: Fix leaking file descriptor

And bad connection fail handling.
2011-07-08 22:02:49 -07:00 · 2011-07-08 22:02:49 -07:00 · e8f317243f
parent 864a04ea6d
commit e8f317243f
2 changed files with 18 additions and 4 deletions
--- a/utils/src/com/cloud/utils/nio/Link.java
+++ b/utils/src/com/cloud/utils/nio/Link.java
@ -21,6 +21,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.net.InetSocketAddress;
 import java.nio.ByteBuffer;
 import java.nio.channels.Channels;
@ -347,16 +348,19 @@ public class Link {
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        KeyStore ks = KeyStore.getInstance("JKS");
        TrustManager[] tms;
+        InputStream stream;
        
        if (!isClient) {
        	char[] passphrase = "vmops.com".toCharArray();
        	String keystorePath = "/etc/cloud/management/cloud.keystore";
        	if (new File(keystorePath).exists()) {
-        		ks.load(new FileInputStream(keystorePath), passphrase);
+        	    stream = new FileInputStream(keystorePath);
        	} else {
        		s_logger.warn("SSL: Fail to find the generated keystore. Loading fail-safe one to continue.");
-        		ks.load(NioConnection.class.getResourceAsStream("/cloud.keystore"), passphrase);
+        		stream = NioConnection.class.getResourceAsStream("/cloud.keystore");
        	}
+        	ks.load(stream, passphrase);
+        	stream.close();
        	kmf.init(ks, passphrase);
        	tmf.init(ks);
        	tms = tmf.getTrustManagers();
--- a/utils/src/com/cloud/utils/nio/NioConnection.java
+++ b/utils/src/com/cloud/utils/nio/NioConnection.java
@ -198,8 +198,18 @@ public abstract class NioConnection implements Runnable {

        	Link.doHandshake(socketChannel, sslEngine, false);
        } catch (Exception e) {
-            s_logger.debug("Socket " + socket + " closed on read.  Probably -1 returned: " + e.getMessage());
-            terminate(key);
+            if (s_logger.isDebugEnabled()) {
+                s_logger.debug("Socket " + socket + " closed on read.  Probably -1 returned: " + e.getMessage());
+                s_logger.debug("Closing socket " + socketChannel.socket());
+            }
+            try {
+                socketChannel.close();
+                socket.close();
+            } catch (IOException ignore) {
+            }
+            if (s_logger.isDebugEnabled()) {
+                s_logger.debug("Closed socket " + socketChannel.socket());
+            }
            return;
        }