You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/11/10 13:06:53 UTC
[tomcat] branch 8.5.x updated: Improve error handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 6410818 Improve error handling
6410818 is described below
commit 6410818af3b5207e17f8aa0701709fc259237300
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Nov 10 13:04:41 2021 +0000
Improve error handling
While this is in the vicinity of the current CI failures for the
TestSSLHostConfigCompat tests, I don't think it is the root cause of the
test failures. It might be the root cause of the some of the JVM
crashes.
Whether it is the root cause of failures and/or crashes or not, ignoring
the return value when it may indicate an error needs improvement.
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 6 +++++-
java/org/apache/tomcat/util/net/LocalStrings.properties | 1 +
webapps/docs/changelog.xml | 4 ++++
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 4d157ce..c09aaa2 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -626,7 +626,11 @@ public class AprEndpoint extends AbstractEndpoint<Long> implements SNICallBack {
// 2: SSL handshake
step = 2;
if (sslContext != 0) {
- SSLSocket.attach(sslContext, socket);
+ int rv = SSLSocket.attach(sslContext, socket);
+ if (rv != Status.APR_SUCCESS) {
+ log.warn(sm.getString("endpoint.err.attach", Integer.valueOf(rv)));
+ return false;
+ }
if (SSLSocket.handshake(socket) != 0) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("endpoint.err.handshake") + ": " + SSL.getLastError());
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 94913e8..ad190eb 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -76,6 +76,7 @@ endpoint.debug.unlock.fail=Caught exception trying to unlock accept on port [{0}
endpoint.debug.unlock.localFail=Unable to determine local address for [{0}]
endpoint.debug.unlock.localNone=Failed to unlock acceptor for [{0}] because the local address was not available
endpoint.duplicateSslHostName=Multiple SSLHostConfig elements were provided for the host name [{0}]. Host names must be unique.
+endpoint.err.attach=Failed to attach SSLContext to socket - error [{0}]
endpoint.err.close=Caught exception trying to close socket
endpoint.err.handshake=Handshake failed
endpoint.err.unexpected=Unexpected error processing socket
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d972caa..5b9b203 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -137,6 +137,10 @@
open a server socket as continuing in this case will trigger a JVM crash.
(markt)
</fix>
+ <fix>
+ Improve error handling if APR/Native fails to attach TLS capabilities to
+ a TLS enabled client connection. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="WebSocket">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org