You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/09/19 11:31:35 UTC
svn commit: r1761422 - in /tomcat/trunk:
java/org/apache/tomcat/util/net/SecureNioChannel.java
webapps/docs/changelog.xml
Author: markt
Date: Mon Sep 19 11:31:35 2016
New Revision: 1761422
URL: http://svn.apache.org/viewvc?rev=1761422&view=rev
Log:
Fail earlier if the client closes the connection during SNI processing.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1761422&r1=1761421&r2=1761422&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Mon Sep 19 11:31:35 2016
@@ -148,14 +148,19 @@ public class SecureNioChannel extends Ni
}
/**
- * Performs SSL handshake, non blocking, but performs NEED_TASK on the same thread.<br>
- * Hence, you should never call this method using your Acceptor thread, as you would slow down
- * your system significantly.<br>
- * The return for this operation is 0 if the handshake is complete and a positive value if it is not complete.
- * In the event of a positive value coming back, reregister the selection key for the return values interestOps.
+ * Performs SSL handshake, non blocking, but performs NEED_TASK on the same
+ * thread. Hence, you should never call this method using your Acceptor
+ * thread, as you would slow down your system significantly. If the return
+ * value from this method is positive, the selection key should be
+ * registered interestOps given by the return value.
+ *
* @param read boolean - true if the underlying channel is readable
* @param write boolean - true if the underlying channel is writable
- * @return int - 0 if hand shake is complete, otherwise it returns a SelectionKey interestOps value
+ *
+ * @return 0 if hand shake is complete, -1 if an error (other than an
+ * IOException) occurred, otherwise it returns a SelectionKey
+ * interestOps value
+ *
* @throws IOException If an I/O error occurs during the handshake or if the
* handshake fails during wrapping or unwrapping
*/
@@ -254,14 +259,19 @@ public class SecureNioChannel extends Ni
* Peeks at the initial network bytes to determine if the SNI extension is
* present and, if it is, what host name has been requested. Based on the
* provided host name, configure the SSLEngine for this connection.
+ *
+ * @return 0 if SNI processing is complete, -1 if an error (other than an
+ * IOException) occurred, otherwise it returns a SelectionKey
+ * interestOps value
+ *
+ * @throws IOException If an I/O error occurs during the SNI processing
*/
private int processSNI() throws IOException {
// Read some data into the network input buffer so we can peek at it.
int bytesRead = sc.read(netInBuffer);
if (bytesRead == -1) {
- // Reached end of stream before SNI could be processed. Treat this
- // as if no SNI was present.
- return 0;
+ // Reached end of stream before SNI could be processed.
+ return -1;
}
TLSClientHelloExtractor extractor = new TLSClientHelloExtractor(netInBuffer);
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1761422&r1=1761421&r2=1761422&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Sep 19 11:31:35 2016
@@ -87,6 +87,10 @@
track this. This removes the possibility that blocking the non-container
thread could trigger a deadlock. (markt)
</add>
+ <fix>
+ Fail earlier if the client closes the connection during SNI processing.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org