Merge pull request #305 from sebastian-nagel/NUTCH-2447-ssl-handshake…

…-alert NUTCH-2447 Work-around SSLProtocolException: handshake alert: unrecognized_name
apache · Mar 27, 2018 · 2934d43 · 2934d43
2 parents 93e03a7 + c9444e0
commit 2934d43
Showing 1 changed file with 48 additions and 22 deletions.
diff --git a/src/plugin/protocol-http/src/java/org/apache/nutch/protocol/http/HttpResponse.java b/src/plugin/protocol-http/src/java/org/apache/nutch/protocol/http/HttpResponse.java
@@ -124,28 +124,29 @@ public HttpResponse(HttpBase http, URL url, CrawlDatum datum)
       socket.connect(sockAddr, http.getTimeout());
 
       if (scheme == Scheme.HTTPS) {
-        SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory
-            .getDefault();
-        SSLSocket sslsocket = (SSLSocket) factory
-            .createSocket(socket, sockHost, sockPort, true);
-        sslsocket.setUseClientMode(true);
-
-        // Get the protocols and ciphers supported by this JVM
-        Set<String> protocols = new HashSet<String>(
-            Arrays.asList(sslsocket.getSupportedProtocols()));
-        Set<String> ciphers = new HashSet<String>(
-            Arrays.asList(sslsocket.getSupportedCipherSuites()));
-
-        // Intersect with preferred protocols and ciphers
-        protocols.retainAll(http.getTlsPreferredProtocols());
-        ciphers.retainAll(http.getTlsPreferredCipherSuites());
-
-        sslsocket.setEnabledProtocols(
-            protocols.toArray(new String[protocols.size()]));
-        sslsocket.setEnabledCipherSuites(
-            ciphers.toArray(new String[ciphers.size()]));
-
-        sslsocket.startHandshake();
+        SSLSocket sslsocket = null;
+
+        try {
+          sslsocket = getSSLSocket(socket, sockHost, sockPort);
+          sslsocket.startHandshake();
+        } catch (IOException e) {
+          Http.LOG.debug("SSL connection to {} failed with: {}", url,
+              e.getMessage());
+          if ("handshake alert:  unrecognized_name".equals(e.getMessage())) {
+            try {
+              // Reconnect, see NUTCH-2447
+              socket = new Socket();
+              socket.setSoTimeout(http.getTimeout());
+              socket.connect(sockAddr, http.getTimeout());
+              sslsocket = getSSLSocket(socket, "", sockPort);
+              sslsocket.startHandshake();
+            } catch (IOException ex) {
+              String msg = "SSL reconnect to " + url + " failed with: "
+                  + e.getMessage();
+              throw new HttpException(msg);
+            }
+          }
+        }
         socket = sslsocket;
       }
 
@@ -318,6 +319,31 @@ public byte[] getContent() {
    * -------------------------
    */
 
+  private SSLSocket getSSLSocket(Socket socket, String sockHost, int sockPort) throws IOException {
+    SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory
+      .getDefault();
+    SSLSocket sslsocket = (SSLSocket) factory
+      .createSocket(socket, sockHost, sockPort, true);
+    sslsocket.setUseClientMode(true);
+
+    // Get the protocols and ciphers supported by this JVM
+    Set<String> protocols = new HashSet<String>(
+      Arrays.asList(sslsocket.getSupportedProtocols()));
+    Set<String> ciphers = new HashSet<String>(
+      Arrays.asList(sslsocket.getSupportedCipherSuites()));
+
+    // Intersect with preferred protocols and ciphers
+    protocols.retainAll(http.getTlsPreferredProtocols());
+    ciphers.retainAll(http.getTlsPreferredCipherSuites());
+
+    sslsocket.setEnabledProtocols(
+      protocols.toArray(new String[protocols.size()]));
+    sslsocket.setEnabledCipherSuites(
+      ciphers.toArray(new String[ciphers.size()]));
+
+    return sslsocket;
+  }
+
   private void readPlainContent(InputStream in)
       throws HttpException, IOException {