[CONFSERVER-8626] Ensure that the connection is released when SSLHandshakeException is encountered

Type: Bug
Resolution: Unresolved
Priority: Medium
Fix Version/s: None
Affects Version/s: 2.5.3, 5.4.2, 5.6.5
Component/s: Content - Linking
Labels:
- affects-server
- engine-room/architecture

Support reference count:
14
Symptom Severity:
Severity 2 - Major
UIS:
3
Bug Fix Policy:
View Atlassian Server bug fix policy

Users are facing problems with Confluence freezing up when the trackbacks failed in different circumstances such as SSL cert validation. This probably causes a lot of connections being held up. Perhaps we should catch this better.

 findPingUrls Error getting content of URL 'https://xxx': javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
...
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
	at com.atlassian.trackback.TrackbackUtils.getUrlContent(TrackbackUtils.java:149)
	at com.atlassian.trackback.DefaultTrackbackFinder.findPingUrls(DefaultTrackbackFinder.java:51

mentioned in: Page Failed to load; Page Failed to load

MK added a comment - 02/Dec/2015 10:38 AM

Hello,

maybe deactivating trackback can help:
https://confluence.atlassian.com/doc/trackback-and-external-referrers-147487.html

Regards

MK added a comment - 02/Dec/2015 10:38 AM Hello, maybe deactivating trackback can help: https://confluence.atlassian.com/doc/trackback-and-external-referrers-147487.html Regards

Sorin Sbarnea added a comment - 16/Nov/2015 6:09 PM

I guess our only hope is to use twitter to complain about these bugs. I guess that's the reason why the twitter plugin was disabled at some point, probably a request from marketing.

Sorin Sbarnea added a comment - 16/Nov/2015 6:09 PM I guess our only hope is to use twitter to complain about these bugs. I guess that's the reason why the twitter plugin was disabled at some point, probably a request from marketing.

Amauri Toscano added a comment - 15/Sep/2015 2:18 PM

Its happening with version 5.8.10

2015-09-14 13:52:04,067 WARN [scheduler_Worker-7] [com.atlassian.trackback.DefaultTrackbackFinder] findPingUrls Unable to connect to 'http://xxxxxxx.com': java.net.ConnectException: Connection refused: connect
java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at java.net.Socket.connect(Socket.java:538)
at java.net.Socket.<init>(Socket.java:434)
at java.net.Socket.<init>(Socket.java:286)
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80)
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at com.atlassian.trackback.TrackbackUtils.getUrlContent(TrackbackUtils.java:149)
at com.atlassian.trackback.DefaultTrackbackFinder.findPingUrls(DefaultTrackbackFinder.java:52)
at com.atlassian.confluence.util.task.TrackbackQueueItem.execute(TrackbackQueueItem.java:42)
at com.atlassian.core.task.AbstractTaskQueue.flush(AbstractTaskQueue.java:38)
at com.atlassian.quartz.jobs.TaskQueueFlushJob.doExecute(TaskQueueFlushJob.java:34)
at com.atlassian.quartz.jobs.AbstractJob.lambda$executeInternal$38(AbstractJob.java:129)
at com.atlassian.quartz.jobs.AbstractJob$$Lambda$96/1886192795.doInHibernate(Unknown Source)
at org.springframework.orm.hibernate.HibernateTemplate.execute(HibernateTemplate.java:370)
at org.springframework.orm.hibernate.HibernateTemplate.execute(HibernateTemplate.java:337)
at com.atlassian.quartz.jobs.AbstractJob.executeInternal(AbstractJob.java:125)
at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
at com.atlassian.scheduler.quartz1.Quartz1JobFactory$ClassLoaderProtectingWrappedJob.execute(Quartz1JobFactory.java:62)
at org.quartz.core.JobRunShell.run(JobRunShell.java:223)
at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool.lambda$runInThread$46(ConfluenceQuartzThreadPool.java:19)
at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$$Lambda$93/1337602256.run(Unknown Source)

Amauri Toscano added a comment - 15/Sep/2015 2:18 PM Its happening with version 5.8.10 2015-09-14 13:52:04,067 WARN [scheduler_Worker-7] [com.atlassian.trackback.DefaultTrackbackFinder] findPingUrls Unable to connect to 'http://xxxxxxx.com': java.net.ConnectException: Connection refused: connect java.net.ConnectException: Connection refused: connect at java.net.DualStackPlainSocketImpl.connect0(Native Method) at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at java.net.Socket.connect(Socket.java:538) at java.net.Socket.<init>(Socket.java:434) at java.net.Socket.<init>(Socket.java:286) at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80) at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122) at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) at com.atlassian.trackback.TrackbackUtils.getUrlContent(TrackbackUtils.java:149) at com.atlassian.trackback.DefaultTrackbackFinder.findPingUrls(DefaultTrackbackFinder.java:52) at com.atlassian.confluence.util.task.TrackbackQueueItem.execute(TrackbackQueueItem.java:42) at com.atlassian.core.task.AbstractTaskQueue.flush(AbstractTaskQueue.java:38) at com.atlassian.quartz.jobs.TaskQueueFlushJob.doExecute(TaskQueueFlushJob.java:34) at com.atlassian.quartz.jobs.AbstractJob.lambda$executeInternal$38(AbstractJob.java:129) at com.atlassian.quartz.jobs.AbstractJob$$Lambda$96/1886192795.doInHibernate(Unknown Source) at org.springframework.orm.hibernate.HibernateTemplate.execute(HibernateTemplate.java:370) at org.springframework.orm.hibernate.HibernateTemplate.execute(HibernateTemplate.java:337) at com.atlassian.quartz.jobs.AbstractJob.executeInternal(AbstractJob.java:125) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at com.atlassian.scheduler.quartz1.Quartz1JobFactory$ClassLoaderProtectingWrappedJob.execute(Quartz1JobFactory.java:62) at org.quartz.core.JobRunShell.run(JobRunShell.java:223) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool.lambda$runInThread$46(ConfluenceQuartzThreadPool.java:19) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$$Lambda$93/1337602256.run(Unknown Source)

Zarco added a comment - 17/Jul/2015 7:44 AM

Same here with 5.7.3, application links do not work at all.

Zarco added a comment - 17/Jul/2015 7:44 AM Same here with 5.7.3, application links do not work at all.

Paul Derbyshire added a comment - 11/Apr/2015 2:04 PM

same with 5.7.1. Log file is full of these errors.

Paul Derbyshire added a comment - 11/Apr/2015 2:04 PM same with 5.7.1. Log file is full of these errors.

Ken Roland added a comment - 07/Nov/2014 6:59 PM

Running Confluence 5.4.2, this is still an issue:

2014-11-07 10:53:09,093 WARN [scheduler_Worker-1] [com.atlassian.trackback.DefaultTrackbackFinder] findPingUrls Error getting content of URL 'http://10.10.234.10/example.html': java.net.NoRouteToHostException: No route to host
java.net.NoRouteToHostException: No route to host
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:579)
        at java.net.Socket.connect(Socket.java:528)
        at java.net.Socket.<init>(Socket.java:425)
        at java.net.Socket.<init>(Socket.java:280)
        at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80)
        at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122)
        at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
        at com.atlassian.trackback.TrackbackUtils.getUrlContent(TrackbackUtils.java:149)
        at com.atlassian.trackback.DefaultTrackbackFinder.findPingUrls(DefaultTrackbackFinder.java:52)
        at com.atlassian.confluence.util.task.TrackbackQueueItem.execute(TrackbackQueueItem.java:40)
        at com.atlassian.core.task.AbstractTaskQueue.flush(AbstractTaskQueue.java:38)
        at com.atlassian.quartz.jobs.TaskQueueFlushJob.doExecute(TaskQueueFlushJob.java:32)
        at com.atlassian.quartz.jobs.AbstractJob.executeInternal(AbstractJob.java:88)
        at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
        at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:20)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)

Ken Roland added a comment - 07/Nov/2014 6:59 PM Running Confluence 5.4.2, this is still an issue: 2014-11-07 10:53:09,093 WARN [scheduler_Worker-1] [com.atlassian.trackback.DefaultTrackbackFinder] findPingUrls Error getting content of URL 'http://10.10.234.10/example.html': java.net.NoRouteToHostException: No route to host java.net.NoRouteToHostException: No route to host at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:579) at java.net.Socket.connect(Socket.java:528) at java.net.Socket.<init>(Socket.java:425) at java.net.Socket.<init>(Socket.java:280) at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80) at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122) at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) at com.atlassian.trackback.TrackbackUtils.getUrlContent(TrackbackUtils.java:149) at com.atlassian.trackback.DefaultTrackbackFinder.findPingUrls(DefaultTrackbackFinder.java:52) at com.atlassian.confluence.util.task.TrackbackQueueItem.execute(TrackbackQueueItem.java:40) at com.atlassian.core.task.AbstractTaskQueue.flush(AbstractTaskQueue.java:38) at com.atlassian.quartz.jobs.TaskQueueFlushJob.doExecute(TaskQueueFlushJob.java:32) at com.atlassian.quartz.jobs.AbstractJob.executeInternal(AbstractJob.java:88) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:20) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)

Jan-Willem van den Berg added a comment - 23/Oct/2014 1:56 PM

This appears to be an issue still? We have a lot of links in our test documentation that are only valid if you are in the related test network. Apparently Confluence will still try and follow these links for some reason? I see a huge amount of these errors in our logs and Confluence is very unresponsive at times (this seems to be related). We are now at version 5.3.1.

2014-10-23 15:40:00,053 WARN [scheduler_Worker-5] [com.atlassian.trackback.DefaultTrackbackFinder] findPingUrls Error getting content of URL 'https://testserver/owa/': javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)

Jan-Willem van den Berg added a comment - 23/Oct/2014 1:56 PM This appears to be an issue still? We have a lot of links in our test documentation that are only valid if you are in the related test network. Apparently Confluence will still try and follow these links for some reason? I see a huge amount of these errors in our logs and Confluence is very unresponsive at times (this seems to be related). We are now at version 5.3.1. 2014-10-23 15:40:00,053 WARN [scheduler_Worker-5] [com.atlassian.trackback.DefaultTrackbackFinder] findPingUrls Error getting content of URL 'https://testserver/owa/': javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source) at sun.security.ssl.AppOutputStream.write(Unknown Source) at java.io.BufferedOutputStream.flushBuffer(Unknown Source) at java.io.BufferedOutputStream.flush(Unknown Source)

marcus_schultheiss added a comment - 05/Feb/2010 11:03 AM

also interested in a solution of this issue

marcus_schultheiss added a comment - 05/Feb/2010 11:03 AM also interested in a solution of this issue

Daniel Zahn added a comment - 05/Feb/2010 11:00 AM - edited

We are also experiencing this behavior with 2.10.1 and have tried to find the reason for our Confluence freezes for a while in

https://support.atlassian.com/browse/CSP-41112

Now we just found this issue and it looks exactly like what we see in our logfiles, and like this is the reason.

Daniel Zahn added a comment - 05/Feb/2010 11:00 AM - edited We are also experiencing this behavior with 2.10.1 and have tried to find the reason for our Confluence freezes for a while in https://support.atlassian.com/browse/CSP-41112 Now we just found this issue and it looks exactly like what we see in our logfiles, and like this is the reason.

Tom Davies added a comment - 05/Jun/2007 12:25 AM

That error shouldn't leave an open connection, DB or otherwise.

Tom Davies added a comment - 05/Jun/2007 12:25 AM That error shouldn't leave an open connection, DB or otherwise.

Assignee:: Unassigned

Reporter:: Mei Yan Chan [Atlassian]

Affected customers:: 27 This affects my team

Watchers:: 26 Start watching this issue

Created:: 04/Jun/2007 9:17 AM

Updated:: 02/Apr/2025 4:04 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: MK added a comment - 02/Dec/2015 10:38 AM

Expand comment: MK added a comment - 02/Dec/2015 10:38 AM

Collapse comment: Sorin Sbarnea added a comment - 16/Nov/2015 6:09 PM

Expand comment: Sorin Sbarnea added a comment - 16/Nov/2015 6:09 PM

Collapse comment: Amauri Toscano added a comment - 15/Sep/2015 2:18 PM

Expand comment: Amauri Toscano added a comment - 15/Sep/2015 2:18 PM

Collapse comment: Zarco added a comment - 17/Jul/2015 7:44 AM

Expand comment: Zarco added a comment - 17/Jul/2015 7:44 AM

Collapse comment: Paul Derbyshire added a comment - 11/Apr/2015 2:04 PM

Expand comment: Paul Derbyshire added a comment - 11/Apr/2015 2:04 PM

Collapse comment: Ken Roland added a comment - 07/Nov/2014 6:59 PM

Expand comment: Ken Roland added a comment - 07/Nov/2014 6:59 PM

Collapse comment: Jan-Willem van den Berg added a comment - 23/Oct/2014 1:56 PM

Expand comment: Jan-Willem van den Berg added a comment - 23/Oct/2014 1:56 PM

Collapse comment: marcus_schultheiss added a comment - 05/Feb/2010 11:03 AM

Expand comment: marcus_schultheiss added a comment - 05/Feb/2010 11:03 AM

Collapse comment: Daniel Zahn added a comment - 05/Feb/2010 11:00 AM, Edited by Daniel Zahn - 05/Feb/2010 11:05 AM

Expand comment: Daniel Zahn added a comment - 05/Feb/2010 11:00 AM, Edited by Daniel Zahn - 05/Feb/2010 11:05 AM

Collapse comment: Tom Davies added a comment - 05/Jun/2007 12:25 AM

Expand comment: Tom Davies added a comment - 05/Jun/2007 12:25 AM

People

Dates