Close channel on TLS exception to prevent half-open connections

[uuuyuqi]

What is the purpose of the change?

Fixes #16201

SslServerTlsHandler.exceptionCaught() only logged errors without closing the channel or propagating the exception. This caused channels to remain TCP-active but application-dead (half-open) when non-IOException/non-OutOfMemoryError exceptions (e.g., NoClassDefFoundError) occurred during Netty's read loop.

Impact: Consumer-side DubboInvoker.isAvailable() always returned true for these broken connections (it only checks TCP-level channel.isActive()), so the addInvalidateInvoker mechanism never triggered. The broken Provider was never removed from validInvokers, causing continuous RPC timeouts.

Changes:

• SslServerTlsHandler.exceptionCaught(): Added ctx.close() after logging, consistent with the userEventTriggered() method in the same class which already closes the channel on TLS handshake failure.
• SslClientTlsHandler.userEventTriggered(): Changed from ctx.fireExceptionCaught() to ctx.close() on handshake failure, consistent with server-side behavior and ensuring the channel is properly closed so the Consumer can detect the failure.

Checklist

• Make sure there is a GitHub_issue field for the change. ([Bug] SslServerTlsHandler.exceptionCaught() swallows exceptions without closing channel, causing permanent half-open TLS connections #16201)
• Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
• Write necessary unit-test to verify your logic correction. If the new feature or significant change is committed, please remember to add sample in dubbo samples project.
• Make sure gitHub actions can pass. Why the workflow is failing and how to fix it?

Made with Cursor

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.78%. Comparing base (8814afa) to head (1ab3c38).

Additional details and impacted files

@@             Coverage Diff              @@
##                3.3   #16202      +/-   ##
============================================
- Coverage     60.79%   60.78%   -0.01%     
  Complexity    11751    11751              
============================================
  Files          1953     1953              
  Lines         89119    89120       +1     
  Branches      13444    13444              
============================================
- Hits          54177    54171       -6     
  Misses        29368    29368              
- Partials       5574     5581       +7     

Flag	Coverage Δ
integration-tests-java21	32.16% <0.00%> (+0.03%)	⬆️
integration-tests-java8	32.21% <0.00%> (+0.03%)	⬆️
samples-tests-java21	32.10% <0.00%> (-0.08%)	⬇️
samples-tests-java8	29.74% <0.00%> (-0.08%)	⬇️
unit-tests-java11	59.03% <100.00%> (+0.01%)	⬆️
unit-tests-java17	58.52% <100.00%> (-0.02%)	⬇️
unit-tests-java21	58.55% <100.00%> (+0.02%)	⬆️
unit-tests-java25	58.50% <100.00%> (+0.02%)	⬆️
unit-tests-java8	59.04% <100.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.