New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: file handle leak in KeyUtil (SSL) #2808

merged 1 commit into from Sep 12, 2016


None yet
3 participants

gbu-censhare commented Sep 12, 2016

TLS/SSL mode of connector with Client-Certificates:
make sure files & input streams are closed


TLS/SSL mode of connector with Client-Certificates:
make sure files & input streams are closed

due to bug in org.graylog2.plugin.inputs.transports.util.KeyUtil#loadCertificates opened files were not closed again.
wrapping these in an try-auto-close statement to ensure closing of the streams / handles

2016-09-11T21:24:19.369+02:00 WARN [AbstractNioSelector] Failed to initialize an accepted socket.
java.nio.file.FileSystemException: /etc/graylog/connector/client-certs: Too many open files
at sun.nio.fs.UnixException.translateToIOException( ~[?:1.8.0_101]
at sun.nio.fs.UnixException.rethrowAsIOException( ~[?:1.8.0_101]
at sun.nio.fs.UnixException.rethrowAsIOException( ~[?:1.8.0_101]
at sun.nio.fs.UnixFileSystemProvider.newDirectoryStream( ~[?:1.8.0_101]
at java.nio.file.Files.newDirectoryStream( ~[?:1.8.0_101]
at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadCertificates( ~[graylog.jar:?]

Motivation and Context

we use many client certificates (self-signed ones) and we ran into a out of file handles.

do you need a seperate pull request for fixing this in 2.1 ?

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)


  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

This comment has been minimized.

CLAassistant commented Sep 12, 2016

CLA assistant check
All committers have signed the CLA.


This comment has been minimized.


gbu-censhare commented Sep 12, 2016

i've tested this on our graylog-server

@joschi joschi self-assigned this Sep 12, 2016

@joschi joschi added this to the 2.1.1 milestone Sep 12, 2016


This comment has been minimized.


joschi commented Sep 12, 2016

LGTM, thanks! 👍

@joschi joschi merged commit 92da224 into Graylog2:master Sep 12, 2016

4 checks passed

ci-server-integration Jenkins build graylog2-server-integration-pr 1354 has succeeded
ci-web-linter Jenkins build graylog-pr-linter-check 837 has succeeded
continuous-integration/travis-ci/pr The Travis CI build passed
licence/cla Contributor License Agreement is signed.

joschi added a commit that referenced this pull request Sep 12, 2016

Fix file handle leak in KeyUtil (#2808)
(cherry picked from commit 92da224)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment