You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/12/01 12:08:46 UTC
[Bug 60437] New: SSL Handshake implementation in
AsycnChannelWrapperSecure does not handle
SSLEngineResult.Status.BUFFER_OVERFLOW state
https://bz.apache.org/bugzilla/show_bug.cgi?id=60437
Bug ID: 60437
Summary: SSL Handshake implementation in
AsycnChannelWrapperSecure does not handle
SSLEngineResult.Status.BUFFER_OVERFLOW state
Product: Tomcat 8
Version: 8.0.38
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: WebSocket
Assignee: dev@tomcat.apache.org
Reporter: dpatel@amdocs.com
Target Milestone: ----
Created attachment 34494
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34494&action=edit
sample program
This defect is related to an issue reported previously
(https://bz.apache.org/bugzilla/show_bug.cgi?id=54997) .
With the above fix, although BUFFER_UNDERFLOW is being handled, there is still
an issue with BUFFER_OVERFLOW.
Issue is reproduced by using WebSocketContainer to connect to a server which
requires clientcert authentication ( SSLEnabled="true" clientAuth="true" )
In this case, during the SSL handshake, when AsyncChannelWrapperSecure gets a
handshakeStatus of NEED_UNWRAP, it needs to dynamically resize the DUMMY
buffer, before invoking sslEngine.unwrap(socketReadBuffer, DUMMY), as
recommended by
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html .
The handshake fails with the following error :
javax.websocket.DeploymentException: The HTTP request to initiate the WebSocket
connection failed
at
org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:423)
at
com.wss.WSSCLientUsingTomcatWSContainer.main(WSSCLientUsingTomcatWSContainer.java:27)
Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLException:
TODO
at
org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WrapperFuture.get(AsyncChannelWrapperSecure.java:508)
at
org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:367)
... 1 more
Caused by: javax.net.ssl.SSLException: TODO
at
org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.checkResult(AsyncChannelWrapperSecure.java:427)
at
org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.java:391)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60437] SSL Handshake implementation in
AsycnChannelWrapperSecure does not handle
SSLEngineResult.Status.BUFFER_OVERFLOW state
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60437
Dharmesh Patel <dp...@amdocs.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |markt@apache.org
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60437] SSL Handshake implementation in
AsycnChannelWrapperSecure does not handle
SSLEngineResult.Status.BUFFER_OVERFLOW state
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60437
--- Comment #2 from Dharmesh Patel <dp...@amdocs.com> ---
Yes, resizing to sslEngine.getSession().getPacketBufferSize() or 16921 would
work, since socketReadBuffer is set similarly.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60437] SSL Handshake implementation in
AsycnChannelWrapperSecure does not handle
SSLEngineResult.Status.BUFFER_OVERFLOW state
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60437
Remy Maucherat <re...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|markt@apache.org |
--- Comment #1 from Remy Maucherat <re...@apache.org> ---
Please don't add developers individually, thanks.
That DUMMY buffer is 8KB. This is probably not right and it could be either
sslEngine.getSession().getPacketBufferSize() or 16921. I don't see why dynamic
resize would be needed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60437] SSL Handshake implementation in
AsycnChannelWrapperSecure does not handle
SSLEngineResult.Status.BUFFER_OVERFLOW state
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60437
Remy Maucherat <re...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #3 from Remy Maucherat <re...@apache.org> ---
I'll try the simplest solution first then, the default buffer size will be
16921. The change will be in 9M14, 8.5.9, 8.0.40 and 7.0.74.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org