From 9c8b8bdf6f1ce35b72013c754b74f5cba8bf8f54 Mon Sep 17 00:00:00 2001 From: Vithursa Date: Wed, 8 Sep 2021 17:24:01 +0530 Subject: [PATCH] Mark connection as failed when TLS tunnel has not been established --- .../org/apache/synapse/transport/passthru/TargetHandler.java | 5 ++++- .../apache/synapse/transport/passthru/TargetResponse.java | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetHandler.java b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetHandler.java index 8f09e82bf2..e952b13e21 100644 --- a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetHandler.java +++ b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetHandler.java @@ -321,6 +321,7 @@ public void responseReceived(NHttpClientConnection conn) { HttpResponse response = conn.getHttpResponse(); ProtocolState connState; try { + boolean isError = false; String method = null; ProxyTunnelHandler tunnelHandler = (ProxyTunnelHandler) context.getAttribute(PassThroughConstants.TUNNEL_HANDLER); if (tunnelHandler != null && !tunnelHandler.isCompleted()) { @@ -333,6 +334,9 @@ public void responseReceived(NHttpClientConnection conn) { conn.requestOutput(); return; } else { + // TLS tunnel has not been established, so mark connection as failed to prevent that it is + // returned back into pool + isError = true; log.warn("Tunnel response failed"); // the reason for getting the targetRequest and calling the consumeError() on pipe. Instead of // calling the informWriterError(NHTTPClientConnection) is, at this point the @@ -367,7 +371,6 @@ public void responseReceived(NHttpClientConnection conn) { .info((System.currentTimeMillis() - startTime) + "|HTTP|" + TargetContext.getRequest(conn).getUrl().toString() + "|BACKEND LATENCY"); } - boolean isError = false; if (connState != ProtocolState.REQUEST_DONE) { isError = true; MessageContext requestMsgContext = TargetContext.get(conn).getRequestMsgCtx(); diff --git a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetResponse.java b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetResponse.java index 73f53d514b..65d802b012 100644 --- a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetResponse.java +++ b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetResponse.java @@ -134,7 +134,7 @@ public void start(NHttpClientConnection conn) { try { // this is a connection we should not re-use TargetContext.updateState(conn, ProtocolState.CLOSING); - targetConfiguration.getConnections().shutdownConnection(conn); + targetConfiguration.getConnections().shutdownConnection(conn, forceShutdownConnectionOnComplete); } catch (Exception ignore) { @@ -183,7 +183,7 @@ public int read(NHttpClientConnection conn, ContentDecoder decoder) throws IOExc if (!this.connStrategy.keepAlive(response, conn.getContext()) || forceShutdownConnectionOnComplete) { TargetContext.updateState(conn, ProtocolState.CLOSED); - targetConfiguration.getConnections().shutdownConnection(conn); + targetConfiguration.getConnections().shutdownConnection(conn, forceShutdownConnectionOnComplete); } else { if (conn instanceof LoggingNHttpClientConnection) { ((LoggingNHttpClientConnection) conn).setReleaseConn(true);