You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Konstantin Kolinko <kn...@gmail.com> on 2011/10/02 22:21:49 UTC
Re: svn commit: r1174884 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
2011/9/23 <ma...@apache.org>:
> Author: markt
> Date: Fri Sep 23 16:58:50 2011
> New Revision: 1174884
>
> URL: http://svn.apache.org/viewvc?rev=1174884&view=rev
> Log:
> Fix SSL + BIO + Java 7
> The implementation of InputStream.read(byte[0]) has changed so it always returns zero without checking for EOF. This broke the old way of doing things.
>
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
>
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=1174884&r1=1174883&r2=1174884&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java Fri Sep 23 16:58:50 2011
> @@ -175,7 +175,7 @@ class JSSESupport implements SSLSupport,
> InputStream in = ssl.getInputStream();
> int oldTimeout = ssl.getSoTimeout();
> ssl.setSoTimeout(1000);
> - byte[] b = new byte[0];
> + byte[] b = new byte[1];
> listener.reset();
> ssl.startHandshake();
> int maxTries = 60; // 60 * 1000 = example 1 minute time out
> @@ -183,7 +183,14 @@ class JSSESupport implements SSLSupport,
> if (log.isTraceEnabled())
> log.trace("Reading for try #" + i);
> try {
> - in.read(b);
> + int read = in.read(b);
> + if (read > 0) {
> + // Shouldn't happen as all input should have been swallowed
> + // before trying to do the handshake. If it does, something
> + // went wrong so lets bomb out now.
> + throw new SSLException(
> + sm.getString("jsseSupport.unexpectedData"));
> + }
This solution looks tricky.
Maybe "in.available()" can work here?
> } catch(SSLException sslex) {
> log.info(sm.getString("jsseSupport.clientCertError"), sslex);
> throw sslex;
>
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1174884 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
Posted by Mark Thomas <ma...@apache.org>.
On 02/10/2011 15:21, Konstantin Kolinko wrote:
> 2011/9/23 <ma...@apache.org>:
>> Author: markt
>> Date: Fri Sep 23 16:58:50 2011
>> New Revision: 1174884
>>
>> URL: http://svn.apache.org/viewvc?rev=1174884&view=rev
>> Log:
>> Fix SSL + BIO + Java 7
>> The implementation of InputStream.read(byte[0]) has changed so it always returns zero without checking for EOF. This broke the old way of doing things.
>>
>> Modified:
>> tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
>>
>> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
>> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=1174884&r1=1174883&r2=1174884&view=diff
>> ==============================================================================
>> --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java (original)
>> +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java Fri Sep 23 16:58:50 2011
>> @@ -175,7 +175,7 @@ class JSSESupport implements SSLSupport,
>> InputStream in = ssl.getInputStream();
>> int oldTimeout = ssl.getSoTimeout();
>> ssl.setSoTimeout(1000);
>> - byte[] b = new byte[0];
>> + byte[] b = new byte[1];
>> listener.reset();
>> ssl.startHandshake();
>> int maxTries = 60; // 60 * 1000 = example 1 minute time out
>> @@ -183,7 +183,14 @@ class JSSESupport implements SSLSupport,
>> if (log.isTraceEnabled())
>> log.trace("Reading for try #" + i);
>> try {
>> - in.read(b);
>> + int read = in.read(b);
>> + if (read > 0) {
>> + // Shouldn't happen as all input should have been swallowed
>> + // before trying to do the handshake. If it does, something
>> + // went wrong so lets bomb out now.
>> + throw new SSLException(
>> + sm.getString("jsseSupport.unexpectedData"));
>> + }
>
> This solution looks tricky.
> Maybe "in.available()" can work here?
That doesn't work for BIO.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org