You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/05/19 13:02:24 UTC
svn commit: r1680246 - in /tomcat/trunk/java/org/apache/tomcat/util/net:
LocalStrings.properties SecureNio2Channel.java SecureNioChannel.java
Author: markt
Date: Tue May 19 11:02:24 2015
New Revision: 1680246
URL: http://svn.apache.org/r1680246
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57931
Ensure that the TLS connection is closed cleanly so that the client receives the appropriate error code when the connection is terminated due to invalid / missing client cert (or any other reason during the handshake)
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1680246&r1=1680245&r2=1680246&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties Tue May 19 11:02:24 2015
@@ -93,6 +93,7 @@ channel.nio.ssl.remainingDataDuringClose
channel.nio.ssl.pendingWriteDuringClose=Pending write, so remaining data in the network buffer, can't send SSL close message, force a close with close(true) instead
channel.nio.ssl.invalidCloseState=Invalid close state, will not send network data.
channel.nio.ssl.unwrapFail=Unable to unwrap data, invalid status [{0}]
+channel.nio.ssl.wrapException=Handshake failed during wrap
channel.nio.ssl.wrapFail=Unable to wrap data, invalid status [{0}]
channel.nio.ssl.incompleteHandshake=Handshake incomplete, you must complete handshake before reading data.
channel.nio.ssl.closing=Channel is in closing state.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1680246&r1=1680245&r2=1680246&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Tue May 19 11:02:24 2015
@@ -223,10 +223,19 @@ public class SecureNio2Channel extends N
}
case NEED_WRAP: {
//perform the wrap function
- handshake = handshakeWrap();
- if (handshake.getStatus() == Status.OK){
+ try {
+ handshake = handshakeWrap();
+ } catch (SSLException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("channel.nio.ssl.wrapException", e);
+ }
+ handshake = handshakeWrap();
+ }
+ if (handshake.getStatus() == Status.OK) {
if (handshakeStatus == HandshakeStatus.NEED_TASK)
handshakeStatus = tasks();
+ } else if (handshake.getStatus() == Status.CLOSED) {
+ return -1;
} else {
//wrap should always work with our buffers
throw new IOException(sm.getString("channel.nio.ssl.unexpectedStatusDuringWrap", handshake.getStatus()));
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1680246&r1=1680245&r2=1680246&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Tue May 19 11:02:24 2015
@@ -28,6 +28,7 @@ import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLEngineResult.Status;
+import javax.net.ssl.SSLException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -76,7 +77,6 @@ public class SecureNioChannel extends Ni
netOutBuffer = ByteBuffer.allocateDirect(DEFAULT_NET_BUFFER_SIZE);
}
-
// selector pool for blocking operations
this.pool = pool;
this.endpoint = endpoint;
@@ -181,10 +181,20 @@ public class SecureNioChannel extends Ni
}
case NEED_WRAP: {
//perform the wrap function
- handshake = handshakeWrap(write);
- if ( handshake.getStatus() == Status.OK ){
+ try {
+ handshake = handshakeWrap(write);
+ } catch (SSLException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("channel.nio.ssl.wrapException", e);
+ }
+ handshake = handshakeWrap(write);
+ }
+ if (handshake.getStatus() == Status.OK) {
if (handshakeStatus == HandshakeStatus.NEED_TASK)
handshakeStatus = tasks();
+ } else if (handshake.getStatus() == Status.CLOSED) {
+ flush(netOutBuffer);
+ return -1;
} else {
//wrap should always work with our buffers
throw new IOException(sm.getString("channel.nio.ssl.unexpectedStatusDuringWrap", handshake.getStatus()));
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org