You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Konstantin Kolinko <kn...@gmail.com> on 2011/10/02 22:21:49 UTC

Re: svn commit: r1174884 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java

2011/9/23  <ma...@apache.org>:
> Author: markt
> Date: Fri Sep 23 16:58:50 2011
> New Revision: 1174884
>
> URL: http://svn.apache.org/viewvc?rev=1174884&view=rev
> Log:
> Fix SSL + BIO + Java 7
> The implementation of InputStream.read(byte[0]) has changed so it always returns zero without checking for EOF. This broke the old way of doing things.
>
> Modified:
>    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
>
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=1174884&r1=1174883&r2=1174884&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java Fri Sep 23 16:58:50 2011
> @@ -175,7 +175,7 @@ class JSSESupport implements SSLSupport,
>         InputStream in = ssl.getInputStream();
>         int oldTimeout = ssl.getSoTimeout();
>         ssl.setSoTimeout(1000);
> -        byte[] b = new byte[0];
> +        byte[] b = new byte[1];
>         listener.reset();
>         ssl.startHandshake();
>         int maxTries = 60; // 60 * 1000 = example 1 minute time out
> @@ -183,7 +183,14 @@ class JSSESupport implements SSLSupport,
>             if (log.isTraceEnabled())
>                 log.trace("Reading for try #" + i);
>             try {
> -                in.read(b);
> +                int read = in.read(b);
> +                if (read > 0) {
> +                    // Shouldn't happen as all input should have been swallowed
> +                    // before trying to do the handshake. If it does, something
> +                    // went wrong so lets bomb out now.
> +                    throw new SSLException(
> +                            sm.getString("jsseSupport.unexpectedData"));
> +                }

This solution looks tricky.
Maybe "in.available()" can work here?

>             } catch(SSLException sslex) {
>                 log.info(sm.getString("jsseSupport.clientCertError"), sslex);
>                 throw sslex;
>

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: svn commit: r1174884 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java

Posted by Mark Thomas <ma...@apache.org>.

On 02/10/2011 15:21, Konstantin Kolinko wrote:
> 2011/9/23  <ma...@apache.org>:
>> Author: markt
>> Date: Fri Sep 23 16:58:50 2011
>> New Revision: 1174884
>>
>> URL: http://svn.apache.org/viewvc?rev=1174884&view=rev
>> Log:
>> Fix SSL + BIO + Java 7
>> The implementation of InputStream.read(byte[0]) has changed so it always returns zero without checking for EOF. This broke the old way of doing things.
>>
>> Modified:
>>    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
>>
>> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
>> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=1174884&r1=1174883&r2=1174884&view=diff
>> ==============================================================================
>> --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java (original)
>> +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java Fri Sep 23 16:58:50 2011
>> @@ -175,7 +175,7 @@ class JSSESupport implements SSLSupport,
>>         InputStream in = ssl.getInputStream();
>>         int oldTimeout = ssl.getSoTimeout();
>>         ssl.setSoTimeout(1000);
>> -        byte[] b = new byte[0];
>> +        byte[] b = new byte[1];
>>         listener.reset();
>>         ssl.startHandshake();
>>         int maxTries = 60; // 60 * 1000 = example 1 minute time out
>> @@ -183,7 +183,14 @@ class JSSESupport implements SSLSupport,
>>             if (log.isTraceEnabled())
>>                 log.trace("Reading for try #" + i);
>>             try {
>> -                in.read(b);
>> +                int read = in.read(b);
>> +                if (read > 0) {
>> +                    // Shouldn't happen as all input should have been swallowed
>> +                    // before trying to do the handshake. If it does, something
>> +                    // went wrong so lets bomb out now.
>> +                    throw new SSLException(
>> +                            sm.getString("jsseSupport.unexpectedData"));
>> +                }
> 
> This solution looks tricky.
> Maybe "in.available()" can work here?

That doesn't work for BIO.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org