Excessive memory usage after many reconnection attempts
See original GitHub issueI found some extra ordinary logs.
2017/04/20 01:24:45.722 DEBUG (Slf4JLogger.java:81) - SSL_read failed: OpenSSL error: error:10000414:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_REVOKED
2017/04/20 01:24:45.722 INFO (ApnsClient.java:523) - Failed to connect.
javax.net.ssl.SSLHandshakeException: error:10000414:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_REVOKED
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:696)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:899)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:853)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:931)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:974)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1097)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:968)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:902)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:651)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:574)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:488)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:450)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873)
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144)
at java.lang.Thread.run(Thread.java:745)
2017/04/20 01:24:45.722 WARN (Slf4JLogger.java:146) - [id: 0x93247371, L:/10.0.13.69:41672 - R:api.push.apple.com/17.188.163.207:443] TLS handshake failed:
javax.net.ssl.SSLHandshakeException: error:10000414:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_REVOKED
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:696)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:899)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:853)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:931)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:974)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1097)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:968)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:902)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:651)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:574)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:488)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:450)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873)
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144)
at java.lang.Thread.run(Thread.java:745)
2017/04/20 01:24:45.723 DEBUG (ApnsClient.java:471) - Disconnected. Next automatic reconnection attempt in 1 seconds.
found the expired certificate. so that apnsClient tried to reconnect. In this case, when I connected at first time, the certificate was not expired yet. but after few days, it’s been expired. how can I avoid this problem? I want to ignore to reconnect in this case.
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Excessive memory usage after many reconnection attempts
I found some extra ordinary logs. 2017/04/20 01:24:45.722 DEBUG (Slf4JLogger.java:81) - SSL_read failed: OpenSSL error: error:10000414:SSL ...
Read more >Fix High RAM Memory Usage Issue on Windows 11/10 [10 ...
Method 1. Close Unnecessary Running Programs/Applications. When your computer is with high memory usage, you can try to close some unnecessary ...
Read more >Troubleshoot high memory use in an ElastiCache cluster
However, too much swap usage might lead to performance issues. High swap usually starts happening in a node that's running under memory pressure ......
Read more >Windows 10 Memory leak on 1809 and 1903
Recently I started having high memory usage on my systems, since updates to 1809. I went through all the normal steps of virus...
Read more >1795295 – [ovn] With large SB databases, large reconnection ...
It seems like we have two issues: 1) High CPU usage by SBDB. This results in ovn-controller taking a long time to converge....
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Attempting to reconnect when the connection is lost is the expected behavior. We’ve been through this territory a number of times, and the fundamental issue is that we don’t have a reliable way of detecting all of the “certificate has stopped working due to expiration or revocation” cases; instead, we have to rely on callers to be performing that maintenance on their own.
We could consider adding a special-case listener system for SSL-related connection exceptions, but we’ve tried that in the past and found it to be less than reliable. It seems like the best course of action may be to use a metrics listener to watch for a high rate of connection failures.
Try using token-based authentication; token signing keys can still be revoked, but won’t expire. Because tokens come into play after a connection has been established, signing key revocation won’t cause connection cycling. Here, you’d still need to be monitoring notification rejection rates for signs of key revocation (i.e. all notifications are failing with
InvalidProviderToken
).The memory consumption sounds like a bug, and we’ll look into it.
I have found similar issue as well today in our production use. Is there a way to fix this? Also the retries went in infinite loop and crashed the system due to memory consumption.