Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SpringBoot 2.4.2 BlockHound: blocking call when making outbound HTTPS request

See original GitHub issue

Hello Reactor Netty Team,

During a test we were doing, we encountered an issue, and wanted to let you know. This blocking call only happens when making outbound (I am the client, making a request to another server) https call. And https is important, as it is not reproducible with http.

Here is the stack trace:

Caused by: reactor.blockhound.BlockingOperationError: Blocking call! java.io.FileInputStream#readBytes
	at java.base/java.io.FileInputStream.readBytes(FileInputStream.java) ~[na:na]
	at java.base/java.io.FileInputStream.read(FileInputStream.java:279) ~[na:na]
	at java.base/java.io.FilterInputStream.read(FilterInputStream.java:133) ~[na:na]
	at java.base/sun.security.provider.NativePRNG$RandomIO.readFully(NativePRNG.java:424) ~[na:na]
	at java.base/sun.security.provider.NativePRNG$RandomIO.ensureBufferValid(NativePRNG.java:526) ~[na:na]
	at java.base/sun.security.provider.NativePRNG$RandomIO.implNextBytes(NativePRNG.java:545) ~[na:na]
	at java.base/sun.security.provider.NativePRNG.engineNextBytes(NativePRNG.java:220) ~[na:na]
	at java.base/java.security.SecureRandom.nextBytes(SecureRandom.java:741) ~[na:na]
	at java.base/java.security.SecureRandom.next(SecureRandom.java:798) ~[na:na]
	at java.base/java.util.Random.nextInt(Random.java:329) ~[na:na]
	at java.base/sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:117) ~[na:na]
	at java.base/javax.net.ssl.SSLContext.init(SSLContext.java:297) ~[na:na]
	at io.netty.handler.ssl.JdkSslClientContext.newSSLContext(JdkSslClientContext.java:294) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
	at io.netty.handler.ssl.JdkSslClientContext.<init>(JdkSslClientContext.java:272) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
	at io.netty.handler.ssl.SslContext.newClientContextInternal(SslContext.java:824) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
	at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:614) ~[netty-handler-4.1.59.Final.jar:4.1.59.Final]
	at reactor.netty.tcp.SslProvider.<init>(SslProvider.java:366) ~[reactor-netty-core-1.0.4.jar:1.0.4]
	at reactor.netty.tcp.SslProvider.updateDefaultConfiguration(SslProvider.java:95) ~[reactor-netty-core-1.0.4.jar:1.0.4]
	at reactor.netty.http.client.HttpClientConnect$MonoHttpConnect.lambda$subscribe$0(HttpClientConnect.java:234) ~[reactor-netty-http-1.0.4.jar:1.0.4]
	at reactor.core.publisher.MonoCreate.subscribe(MonoCreate.java:57) ~[reactor-core-3.4.3.jar:3.4.3]
	at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64) ~[reactor-core-3.4.3.jar:3.4.3]
	at reactor.core.publisher.FluxRetryWhen.subscribe(FluxRetryWhen.java:76) ~[reactor-core-3.4.3.jar:3.4.3]
	at reactor.core.publisher.MonoRetryWhen.subscribeOrReturn(MonoRetryWhen.java:46) ~[reactor-core-3.4.3.jar:3.4.3]
	at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:57) ~[reactor-core-3.4.3.jar:3.4.3]
	at reactor.netty.http.client.HttpClientConnect$MonoHttpConnect.subscribe(HttpClientConnect.java:269) ~[reactor-netty-http-1.0.4.jar:1.0.4]
	at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64) ~[reactor-core-3.4.3.jar:3.4.3]

May I ask what might be the root cause of this blocking call in a reactive stack for https please?

Thank you

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:20 (8 by maintainers)

github_iconTop GitHub Comments

2reactions
violetaggcommented, Apr 7, 2021

@patpatpat123 With PR #1573, we exposed a new API that you can use in order to utilise the default configuration and also to solve the blocking call issue:

/**
 * SslContext builder that provides, specific for the protocol, default configuration
 * e.g. {@link DefaultSslContextSpec}, {@link TcpSslContextSpec} etc.
 * As opposed to {@link #sslContext(SslContextBuilder)}, the default configuration is applied before
 * any other custom configuration.
 *
 * @param spec SslContext builder that provides, specific for the protocol, default configuration
 * @return {@literal this}
 * @since 1.0.6
 */
reactor.netty.tcp.SslProvider.SslContextSpec#sslContext(reactor.netty.tcp.SslProvider.ProtocolSslContextSpec)

Examples

HTTP/1.1

Http11SslContextSpec http11SslContextSpec =
        Http11SslContextSpec.forServer(cert, key)
                            .configure(sslContextBuilder -> sslContextBuilder...);

HttpServer.create()
          .secure(spec -> spec.sslContext(http11SslContextSpec))

HTTP/2

Http2SslContextSpec http11SslContextSpec =
        Http2SslContextSpec.forServer(cert, key)
                           .configure(sslContextBuilder -> sslContextBuilder...);

HttpServer.create()
          .secure(spec -> spec.sslContext(http11SslContextSpec))
2reactions
violetaggcommented, Mar 24, 2021

@rp199 with .secure() you eagerly initialise the default SslContext, while without it the default SslContext will be resolved lazy when there is a url with https scheme.

Read more comments on GitHub >

github_iconTop Results From Across the Web

BlockHound throws blocking call exception when using bean ...
I was experimenting the same behavior in my Spring Boot application. The good news is that it is very easy to solve. When...
Read more >
reactor/BlockHound - Gitter
I am using BlockHound in a Kotlin,Spring WebFlux app with Spring Boot v2.24 and openJDK8. I have a pretty basic REST hello world...
Read more >
Blockhound detects a blocking call from kotlin-reflect in Spring ...
There is blocking call detected by BlockHound when calling kotlin controller in Spring Boot WebFlux 2.4.4 application. Program was run with JDK 11...
Read more >
BlockHound: detect blocking calls in Reactive code before it's ...
The first test method verifies that blocking code is not allowed when executed from within a Non-Blocking thread belonging to the Schedulers.parallel() ...
Read more >
BlockHound and Blocking Calls: How It Works - Foojay
BlockHound lets you check if a blocking call occurs in a thread where it ... an API call is not a blocking request-response...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Memory leak in PooledConnectionProvider

Next page

LEAK: ByteBuf.release() was not called before it's garbage-collected. (ReactiveMongoRepository)