[prev in list] [next in list] [prev in thread] [next in thread] 

List:       activemq-dev
Subject:    [GitHub] activemq pull request #227: SSL Connection leaks
From:       thodimi1 <git () git ! apache ! org>
Date:       2017-02-25 15:34:50
Message-ID: git-pr-227-activemq () git ! apache ! org
[Download RAW message or body]

GitHub user thodimi1 opened a pull request:

    https://github.com/apache/activemq/pull/227

    SSL Connection leaks

    There are possibility to create a denial of service attack just by opening TCP \
connection to a SSL port and keep it open. 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/apache/activemq master

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/activemq/pull/227.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #227
    
----
commit ed0e786b6002633411037923fb28a075489e442b
Author: Christopher L. Shannon (cshannon) <christopher.l.shannon@gmail.com>
Date:   2016-08-31T13:46:50Z

    https://issues.apache.org/jira/browse/AMQ-6414
    
    Changing the nio+ssl transports to trigger a serviceRead after start up
    to prevent blocking. The prevents the channels from not reading in
    certain cases, most notably with the auto+nio+ssl transport when used
    for a network bridge.  Also added a couple tests and changed a network
    bridge test to test out auto+nio+ssl.

commit f8bc19b96da752e216de2c5c543a7d8523512a03
Author: gtully <gary.tully@gmail.com>
Date:   2016-09-01T15:46:21Z

    AMQ-6413 - ensure audit update on skipped store add for kahadb \
concurrentStoreAndDispatch. Fix and test

commit a9c7f7122badd6bc46237cdeeaa64e892d9fa045
Author: gtully <gary.tully@gmail.com>
Date:   2016-09-01T15:53:02Z

    AMQ-6411 - tidy up latch between runs. Have not seen repeat of npe yet

commit a0d05f8ea3e883a16d86b4a6755f7fc1a503f55b
Author: gtully <gary.tully@gmail.com>
Date:   2016-09-01T15:54:50Z

    AMQ-2910 fix timing on test timeout - ensure consumer connection is started

commit bb8d32c04aa06735d0036963685a4bc41fcbaad7
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-01T20:26:03Z

    https://issues.apache.org/jira/browse/AMQ-6387
    
    Fix up the Memory Store such that it removes the references it adds to
    messages when they are placed into the memory durable topic subscription
    store.

commit 508df5359c1c85b6c3e0bfd3c316a8c3026c9cd5
Author: gtully <gary.tully@gmail.com>
Date:   2016-09-02T09:37:46Z

    sanity check on provider url params for connection factory

commit a3f1aa0bdad56cd896b3fb3d5b99137a0978f215
Author: gtully <gary.tully@gmail.com>
Date:   2016-09-02T10:27:12Z

    TrapMessageInJDBCStoreTest - intermittent ci failure. Avoid contention on \
datasource, use long lived connection for assertions

commit 98c5866c7534c1f26d2e41edbdb372fe21387fe4
Author: Christopher L. Shannon (cshannon) <christopher.l.shannon@gmail.com>
Date:   2016-09-02T19:56:33Z

    https://issues.apache.org/jira/browse/AMQ-6418
    
    Properly setting the transport properties on the
    AutoNIOSSLTransportServer and fixing the Stomp protocol to set the peer
    certs when using auto+ssl

commit 9ab94883a8ba88aeeb0a16e2310ab42a46de1d05
Author: Christopher L. Shannon (cshannon) <christopher.l.shannon@gmail.com>
Date:   2016-09-07T11:42:13Z

    https://issues.apache.org/jira/browse/AMQ-6420
    
    Properly copying wire format options map before applying to the
    transport when using auto transports so that the options do not get
    cleared and will be used for all future connections

commit 88af1c70d96d2df15a127ba02d73f205202fb5cc
Author: Christopher L. Shannon (cshannon) <christopher.l.shannon@gmail.com>
Date:   2016-09-07T12:17:34Z

    https://issues.apache.org/jira/browse/AMQ-6418
    
    Fixing mqtt link stealing default setting for auto transport

commit 88daeec28f25266c6fce15e200ac6d2ca9d11eb6
Author: gtully <gary.tully@gmail.com>
Date:   2016-09-07T16:28:35Z

    AMQ-6422 - include the inflight count in the prefetch for positive remote credit \
flows. Fix and test

commit ee271afe9041172df24b572231b394a7c6fec0ce
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-07T18:05:21Z

    https://issues.apache.org/jira/browse/AMQ-6422
    
    I've made a few minor test changes and added a couple more cases.  Under
    heavy CPU load I'm able to get test,
    testReceiveMessageAndRefillCreditBeforeAcceptOnQueue to fail on the
    second receive call where it should get the second message since it
    granted credit.

commit 0050f22b97aaf15446c482c6dd229500ab0e2eba
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-07T21:27:31Z

    Add a test case for anonymous sender links using simple test client.

commit a038655605e8fa1de279b37989ba69a68f83c601
Author: Christopher L. Shannon (cshannon) <christopher.l.shannon@gmail.com>
Date:   2016-09-08T12:27:49Z

    https://issues.apache.org/jira/browse/AMQ-6423
    
    Fixing durable sync over a network bridge so that network subscriptions
    that are no longer permissible are also cleaned up

commit 84cd815500bb486d2ab3d8724a76f0ac43dc3bf4
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-08T20:19:37Z

    Allow the AMQP test client to also be configure to trace frames
    
    The test client can allow for quick tracing of the frame traffic via a
    call to setTraceFrames on the client or connection instance before
    connection to the remote.  This allows for tests to easily switch on /
    off tracing.  The log4j.properties is also updated to output frame
    tracing with the URI option is put on the AMQP transport or the client
    value is enabled.

commit 5de9bdac080cfcaa8777b1ee7e431dab4e03ac85
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-09T15:17:08Z

    https://issues.apache.org/jira/browse/AMQ-6427
    
    Move to Qpid JMS 0.11.0

commit 640289868e18e82b054be8aff5580d3665518f5c
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-09T16:52:48Z

    https://issues.apache.org/jira/browse/AMQ-6422
    
    Add test for credit grants but no settles for a single receiver.

commit 2fdc2600ac37d11d2d660654b327dddd852eeef7
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-09T17:02:04Z

    https://issues.apache.org/jira/browse/AMQ-6422
    
    Small fix to test and check for zero inflight on successive send to
    destination that should have no credit on the registered receiver.

commit da9fedead4078cc82efb32e15d8d9cd53c8e82dc
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-09T22:34:03Z

    https://issues.apache.org/jira/browse/AMQ-6422
    
    Adds a split consumer test that uses presettled receivers.

commit b4ab0e1af9fb0bb56b8a4a9cfc948727a7b92e0c
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-14T22:23:52Z

    NO-JIRA AMQP Test updates
    
    Adds support for doing sends and receives that are enrolled in a
    transaction created in a session other than the session that created the
    sender or receiver.  Adds some tests that show this in action.

commit 4516c8df3f45db4ea3495e397744e9c235b68d7f
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-15T17:24:18Z

    NO-JIRA: Add some additional tests ported from the .NET AMQP client
    
    Adds some transaction tests ported from AMQP .NET client with some
    variances based on the way the test client works and limitations in the
    brokers handling of Transacted sends.

commit a35d23dff7642a097eda24caa9c9979c99bafafe
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-15T20:28:16Z

    NO-JIRA: Small test client fix to close threads out faster.

commit 6630e813795c20055b26cea52ba6a34390315bdf
Author: Dejan Bosanac <dejan@nighttale.net>
Date:   2016-09-19T14:22:36Z

    https://issues.apache.org/jira/browse/AMQ-6435 - destination mbean query api

commit 9f812a21036f4d1ec6830aca35ff54fb17750edd
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-19T14:53:40Z

    NO-JIRA: Additional test on JobSchedulerStoreImpl 
    
    Pushes on the journal log GC logic to ensure that cleanup is occurring
    when the redelivery plugin is scheduling more resends on TX rollback.

commit 5d53aa2d11edb3b819b4ee862a10c7bd1532e805
Author: Timothy Bish <tabish121@gmail.com>
Date:   2016-09-19T21:36:58Z

    NO-JIRA: Add some more variants of the .NET transaction tests
    
    Adds ability to not settle accepted messages on the client to enable
    creation of tests that are equivalent to the AmqpNetLite client's
    transaction tests which hold settlement and expect the resource to
    handle it on successful discharge.

commit 5d9f1cd3d58cae626a53cd0fcf21656d4da38ca8
Author: gtully <gary.tully@gmail.com>
Date:   2016-09-21T09:26:06Z

    https://issues.apache.org/jira/browse/AMQ-6435 - use lesser guava dep to match \
leveldb java

commit ffee8b442f57b38d57a59745b9062e8d963c65ba
Author: gtully <gary.tully@gmail.com>
Date:   2016-09-21T09:33:20Z

    https://issues.apache.org/jira/browse/AMQ-6422 - match proton sender view credit \
to prefetchExtension - tracking credit to dispatch delta to track additional flow \
requests. Proton sender layer is distinct from the transport layer - they mirror each \
other

commit 6c01b641b1850b384e57d74ad6471ea4c8fcf01f
Author: gtully <gary.tully@gmail.com>
Date:   2016-09-21T12:59:45Z

    https://issues.apache.org/jira/browse/AMQ-6422 - move delivery tracking to \
pumpoutbound and additional test that shows how the presettle case breaks. Thanks to \
Robbie Gemmell for the feedback

commit 7c293b661f22245ce21bf2b5aa1c5bf4192cb8c5
Author: Christopher L. Shannon (cshannon) <christopher.l.shannon@gmail.com>
Date:   2016-09-21T13:32:37Z

    https://issues.apache.org/jira/browse/AMQ-6430
    
    When a nolocal durable consumer reconnects the new connectionId is properly \
captured for  the NoLocal expression so that nolocal works on reconnect.  Also fixed
    the detection of the nolocal value changing on consumer connect.

commit 35e8a528880d1ae427124b6ea1b8ef810478484c
Author: Clebert Suconic <clebertsuconic@apache.org>
Date:   2016-09-21T20:12:52Z

    NO-JIRA: Adding an extra test on AmqpTransactionTest
    
    The test I'm adding was back ported from Artemis.
    It will validate if the ACKs are nacked in case of a connection.close();
    To avoid a situation where the TX would sit on a Transaction Resource Manager \
somewhere like an XID.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---


[prev in list] [next in list] [prev in thread] [next in thread]