You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/04/10 15:23:55 UTC
svn commit: r1672649 - in /tomcat/trunk/java/org/apache/tomcat/util/net:
LocalStrings.properties SecureNioChannel.java
Author: markt
Date: Fri Apr 10 13:23:55 2015
New Revision: 1672649
URL: http://svn.apache.org/r1672649
Log:
Correctly handle underflow (tested by making initial buffer size 4)
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1672649&r1=1672648&r2=1672649&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties Fri Apr 10 13:23:55 2015
@@ -95,7 +95,7 @@ channel.nio.ssl.incompleteHandshake=Hand
channel.nio.ssl.closing=Channel is in closing state.
channel.nio.ssl.invalidBuffer=You can only read using the application read buffer provided by the handler.
channel.nio.ssl.expandNetInBuffer=Expanding network input buffer to [{0}] bytes
-channel.nio.ssl.expandNetOutBuffer=Expanding network input buffer to [{0}] bytes
+channel.nio.ssl.expandNetOutBuffer=Expanding network output buffer to [{0}] bytes
sniExtractor.clientHelloTooBig=The ClientHello was not presented in a single TLS record so no SNI information could be extracted
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1672649&r1=1672648&r2=1672649&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Fri Apr 10 13:23:55 2015
@@ -31,6 +31,7 @@ import javax.net.ssl.SSLEngineResult.Sta
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.net.SNIExtractor.SNIResult;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -234,6 +235,22 @@ public class SecureNioChannel extends Ni
sc.read(netInBuffer);
SNIExtractor extractor = new SNIExtractor(netInBuffer);
+ while (extractor.getResult() == SNIResult.UNDERFLOW) {
+ // extractor needed more data to process but netInBuffer was full so
+ // double the size of the buffer and read some more data.
+ ByteBuffer newNetInBuffer;
+ if (sp.getDirectSslBuffer()) {
+ newNetInBuffer = ByteBuffer.allocateDirect(netInBuffer.capacity() * 2);
+ } else {
+ newNetInBuffer = ByteBuffer.allocate(netInBuffer.capacity() * 2);
+ }
+ netInBuffer.flip();
+ newNetInBuffer.put(netInBuffer);
+ netInBuffer = newNetInBuffer;
+ sc.read(netInBuffer);
+ extractor = new SNIExtractor(netInBuffer);
+ }
+
String hostName = null;
switch (extractor.getResult()) {
case FOUND:
@@ -242,19 +259,17 @@ public class SecureNioChannel extends Ni
case NOT_PRESENT:
// NO-OP
break;
- case UNDERFLOW:
- // Need to expand buffer
- break;
case NEED_READ:
return SelectionKey.OP_READ;
- default:
+ case UNDERFLOW:
+ // Can't happen. Buffer would have been expanded above.
break;
}
- System.out.println("SNI hostname was [" + hostName + "]");
-
// TODO: Extract the correct configuration for the requested host name
- // and set up the SSLEngine accordingly.
+ // and set up the SSLEngine accordingly. At that point this can
+ // become a debug level message.
+ log.info("SNI hostname was [" + hostName + "]");
sslEngine = endpoint.createSSLEngine();
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org