[MINA3] Re: More SSL thoughts

[Emmanuel Lécharny <el...@gmail.com>]

Replying again, but this time with MINA 3 in mind (please add a tage in
front of teh subject, i order to avoid confusion : I was in MINA 2 mode
those last 3 weeks...)


Le 07/10/14 23:37, Jeff MAURY a écrit :
> Hello,
>
> as I'm working on the SSL part this time and more specifically on the
> handshake/rehandshake processing, I have a couple of questions and some
> infos to share:
>
>    - I've added 3 more methods in IoHandler to reflect handshake related
>    event: handshakeStarted, handshakeCompleted and secureClosed. I've added
>    them as well to IoFilter but I don't quite understand the philosophy as
>    some method have a chain controller to call the next filter and some not

This has to be reviewed and fixed.

I just had a look at the IoFilter hierarchy, and there are many wrong
things :
- The LoggingFilter is not extending the AbstractIoFilter class, which
is wrong
- It does not propagate all the events (messageSent, for instance),
which is totally broken
- I think each of the implementation method should call the super
method, not the controller itself. ie, doing things like :

            controller.callReadNextFilter(coapMsg);

 is not te right way. We should do :

            super.messageReceived(session, message, controller);



>    - In order to support rehandshaking et being efficient, we must keep the
>    same SSLEngine. So my idea to start a new handshake was to reuse what we
>    have today through the initSecure method: if the SSLContext is null, then
>    the rehandkshake is started if we already have an initialized SSLHandler
>    attached to the session. If SSLContext is null and no SSLHandler is
>    attached to the session, then an exception (IllegalState ?) will be
>    through. If an SSLContext is attached and an SSLHandler is attached to the
>    session, then a new SSLEngine is build. WDYT ?
That sounds like teh right way to handle re-handshake, as a standard SSL
start.