You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2011/08/12 16:08:02 UTC
svn commit: r1157114 - in /httpcomponents/httpcore/trunk: RELEASE_NOTES.txt
httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSession.java
Author: olegk
Date: Fri Aug 12 14:08:02 2011
New Revision: 1157114
URL: http://svn.apache.org/viewvc?rev=1157114&view=rev
Log:
HTTPCORE-268: handle runtime exceptions thrown by SSLEngine
Modified:
httpcomponents/httpcore/trunk/RELEASE_NOTES.txt
httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSession.java
Modified: httpcomponents/httpcore/trunk/RELEASE_NOTES.txt
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/RELEASE_NOTES.txt?rev=1157114&r1=1157113&r2=1157114&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/RELEASE_NOTES.txt (original)
+++ httpcomponents/httpcore/trunk/RELEASE_NOTES.txt Fri Aug 12 14:08:02 2011
@@ -1,10 +1,16 @@
+Changes since 4.1.3
+-------------------
+
+* [HTTPCORE-268] Handle runtime exceptions thrown by SSLEngine.
+ Contributed by Oleg Kalnichevski <olegk at apache.org>
+
Release 4.1.3
-------------------
-This is an emergency release that fixes a severe regression in the non-blocking SSL I/O code
+This is an emergency release that fixes a severe regression in the non-blocking SSL I/O code
introduced in release 4.1.2.
-* [HTTPCORE-266] SSLIOSession does not correctly terminate if the opposite end shuts down connection
+* [HTTPCORE-266] SSLIOSession does not correctly terminate if the opposite end shuts down connection
without sending a 'close notify' message causing an infinite loop in the I/O dispatch thread.
Contributed by Oleg Kalnichevski <olegk at apache.org>
@@ -13,35 +19,21 @@ Release 4.1.2
This is a patch release that fixes a number of bugs found in the previous version.
-Please note that several classes and methods deprecated between versions 4.0-beta1 and 4.0 GA
+Please note that several classes and methods deprecated between versions 4.0-beta1 and 4.0 GA
(more than two years ago) will also be removed in the 4.2 branch.
Users of 4.0.x versions are advised to upgrade and replace deprecated API calls following
-recommendations in javadocs.
-
-* [HTTPCORE-261] IOSession#setSocketTimeout() method does not reset the timeout count.
- Contributed by Oleg Kalnichevski <olegk at apache.org>
-
-* [HTTPCORE-260] Non-blocking SSL I/O session can terminate prematurely causing message body
- truncation when message content is chunk coded and the connection is closed on the opposite end.
- Contributed by Oleg Kalnichevski <olegk at apache.org>
-
-* [HTTPCORE-257] Fixed incorrect results produced by DefaultConnectionReuseStrategy when handling
- response messages whose content entity has been decoded or modified by a protocol interceptor.
- Contributed by Oleg Kalnichevski <olegk at apache.org>
-
-Changes since 4.1.1
--------------------
+recommendations in javadocs.
-* [HTTPCORE-261] IOSession#setSocketTimeout() method does not reset the timeout count.
+* [HTTPCORE-261] IOSession#setSocketTimeout() method does not reset the timeout count.
Contributed by Oleg Kalnichevski <olegk at apache.org>
-* [HTTPCORE-260] Non-blocking SSL I/O session can terminate prematurely causing message body
- truncation when message content is chunk coded and the connection is closed on the opposite end.
+* [HTTPCORE-260] Non-blocking SSL I/O session can terminate prematurely causing message body
+ truncation when message content is chunk coded and the connection is closed on the opposite end.
Contributed by Oleg Kalnichevski <olegk at apache.org>
-* [HTTPCORE-257] Fixed incorrect results produced by DefaultConnectionReuseStrategy when handling
- response messages whose content entity has been decoded or modified by a protocol interceptor.
+* [HTTPCORE-257] Fixed incorrect results produced by DefaultConnectionReuseStrategy when handling
+ response messages whose content entity has been decoded or modified by a protocol interceptor.
Contributed by Oleg Kalnichevski <olegk at apache.org>
Release 4.1.1
@@ -49,18 +41,18 @@ Release 4.1.1
This is a patch release that fixes a number of non-critical issues found since release 4.1.
-This release marks the end of support for Java 1.3. As of release 4.2 HttpCore will require
-Java 1.5 for all its components.
+This release marks the end of support for Java 1.3. As of release 4.2 HttpCore will require
+Java 1.5 for all its components.
-Please note that several classes and methods deprecated between versions 4.0-beta1 and 4.0 GA
+Please note that several classes and methods deprecated between versions 4.0-beta1 and 4.0 GA
(more than two years ago) will also be removed in the 4.2 branch.
Users of 4.0.x versions are advised to upgrade and replace deprecated API calls following
-recommendations in javadocs.
+recommendations in javadocs.
-* In case of an unexpected end of stream condition (the peer closed connection prematurely)
+* In case of an unexpected end of stream condition (the peer closed connection prematurely)
truncated Content-Length delimited message bodies will cause an I/O exception. Application
- can still choose to catch and ignore ConnectionClosedException in order to accept partial
+ can still choose to catch and ignore ConnectionClosedException in order to accept partial
message content.
Contributed by Oleg Kalnichevski <olegk at apache.org>
Modified: httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSession.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSession.java?rev=1157114&r1=1157113&r2=1157114&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSession.java (original)
+++ httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSession.java Fri Aug 12 14:08:02 2011
@@ -152,6 +152,46 @@ public class SSLIOSession implements IOS
return this.sslEngine.getSession();
}
+ // A works-around for exception handling craziness in Sun/Oracle's SSLEngine
+ // implementation.
+ //
+ // sun.security.pkcs11.wrapper.PKCS11Exception is re-thrown as
+ // plain RuntimeException in sun.security.ssl.Handshaker#checkThrown
+ private SSLException convert(final RuntimeException ex) throws SSLException {
+ Throwable cause = ex.getCause();
+ if (cause == null) {
+ cause = ex;
+ }
+ return new SSLException(cause);
+ }
+
+ private SSLEngineResult doWrap(final ByteBuffer src, final ByteBuffer dst) throws SSLException {
+ try {
+ return this.sslEngine.wrap(src, dst);
+ } catch (RuntimeException ex) {
+ throw convert(ex);
+ }
+ }
+
+ private SSLEngineResult doUnwrap(final ByteBuffer src, final ByteBuffer dst) throws SSLException {
+ try {
+ return this.sslEngine.unwrap(src, dst);
+ } catch (RuntimeException ex) {
+ throw convert(ex);
+ }
+ }
+
+ private void doRunTask() throws SSLException {
+ try {
+ Runnable r = this.sslEngine.getDelegatedTask();
+ if (r != null) {
+ r.run();
+ }
+ } catch (RuntimeException ex) {
+ throw convert(ex);
+ }
+ }
+
private void doHandshake() throws SSLException {
boolean handshaking = true;
@@ -161,7 +201,7 @@ public class SSLIOSession implements IOS
case NEED_WRAP:
// Generate outgoing handshake data
this.outPlain.flip();
- result = this.sslEngine.wrap(this.outPlain, this.outEncrypted);
+ result = doWrap(this.outPlain, this.outEncrypted);
this.outPlain.compact();
if (result.getStatus() != Status.OK) {
handshaking = false;
@@ -170,15 +210,14 @@ public class SSLIOSession implements IOS
case NEED_UNWRAP:
// Process incoming handshake data
this.inEncrypted.flip();
- result = this.sslEngine.unwrap(this.inEncrypted, this.inPlain);
+ result = doUnwrap(this.inEncrypted, this.inPlain);
this.inEncrypted.compact();
if (result.getStatus() != Status.OK) {
handshaking = false;
}
break;
case NEED_TASK:
- Runnable r = this.sslEngine.getDelegatedTask();
- r.run();
+ doRunTask();
break;
case NOT_HANDSHAKING:
handshaking = false;
@@ -256,7 +295,7 @@ public class SSLIOSession implements IOS
SSLEngineResult.Status opStatus = Status.OK;
while (this.inEncrypted.position() > 0 && opStatus == Status.OK) {
this.inEncrypted.flip();
- SSLEngineResult result = this.sslEngine.unwrap(this.inEncrypted, this.inPlain);
+ SSLEngineResult result = doUnwrap(this.inEncrypted, this.inPlain);
this.inEncrypted.compact();
opStatus = result.getStatus();
@@ -312,11 +351,11 @@ public class SSLIOSession implements IOS
}
if (this.outPlain.position() > 0) {
this.outPlain.flip();
- this.sslEngine.wrap(this.outPlain, this.outEncrypted);
+ doWrap(this.outPlain, this.outEncrypted);
this.outPlain.compact();
}
if (this.outPlain.position() == 0) {
- SSLEngineResult result = this.sslEngine.wrap(src, this.outEncrypted);
+ SSLEngineResult result = doWrap(src, this.outEncrypted);
if (result.getStatus() == Status.CLOSED) {
this.status = CLOSED;
}