You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/06/10 15:59:04 UTC
[tomcat] branch 9.0.x updated: Fix BZ 65368 - better handling of
closed TLS connection
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 6576ded Fix BZ 65368 - better handling of closed TLS connection
6576ded is described below
commit 6576dedbbc16206219f418402322ef3ab9e108be
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jun 10 16:56:25 2021 +0100
Fix BZ 65368 - better handling of closed TLS connection
https://bz.apache.org/bugzilla/show_bug.cgi?id=65368
---
java/org/apache/tomcat/util/net/SecureNioChannel.java | 8 ++++++++
webapps/docs/changelog.xml | 11 ++++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java b/java/org/apache/tomcat/util/net/SecureNioChannel.java
index 277193b..de47904 100644
--- a/java/org/apache/tomcat/util/net/SecureNioChannel.java
+++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java
@@ -651,6 +651,14 @@ public class SecureNioChannel extends NioChannel {
sm.getString("channel.nio.ssl.unwrapFailResize", unwrap.getStatus()));
}
}
+ } else if (unwrap.getStatus() == Status.CLOSED && netInBuffer.position() == 0 && read > 0) {
+ // Clean TLS close on input side but there is application data
+ // to process. Can't tell if the client closed the connection
+ // mid-request or if the client is performing a half-close after
+ // a complete request. Assume it is a half-close and allow
+ // processing to continue. If the connection has been closed
+ // mid-request then the next attempt to read will trigger an
+ // EOF.
} else {
// Something else went wrong
throw new IOException(sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus()));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 18b4ab4..0217e3c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,7 +105,16 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 9.0.49 (remm)" rtext="in development">
-</section>
+<subsection name="Coyote">
+ <changelog>
+ <fix>
+ <bug>65368</bug>: Improve handling of clean closes of inbound TLS
+ connections. Treat them the same way as clean closes of non-TLS
+ connections rather than as unknown errors. (markt)
+ </fix>
+ </changelog>
+ </subsection>
+ </section>
<section name="Tomcat 9.0.48 (remm)" rtext="release in progress">
<subsection name="Coyote">
<changelog>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org