You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Guus der Kinderen (JIRA)" <ji...@apache.org> on 2017/10/06 20:12:00 UTC
[jira] [Created] (DIRMINA-1072) SslFilter does not account for
SSLEngine runtime exceptions
Guus der Kinderen created DIRMINA-1072:
------------------------------------------
Summary: SslFilter does not account for SSLEngine runtime exceptions
Key: DIRMINA-1072
URL: https://issues.apache.org/jira/browse/DIRMINA-1072
Project: MINA
Issue Type: Bug
Components: SSL
Affects Versions: 2.0.16
Reporter: Guus der Kinderen
Attachments: sslengine-exception.patch
Mina's {{SslFilter}} wraps Mina's {{SslHandler}}, which itself wraps Java's {{SSLEngine}}.
{{SslFilter}} does not catch runtime exceptions that are thrown by {{SSLEngine}} - I am unsure if this is by design.
Ideally, we'd prevent the engine to get into a state where it can throw such exceptions, but I'm not sure if that's completely feasible.
None-the-less, I'm here providing an improvement that prevents at least one occurrence of an unchecked exception from being thrown (instead, my patch preemptively throws an {{SSLException}} that is then caught by the exception handling that's already in place).
An alternative to this fix could be an additional catch block, that handles unchecked exceptions.
The scenario that is causing the unchecked exception that is caught by this patch, is this:
* client connects, causes an SslFilter to be initialized, which causes the SSLEngine to begin its handshake
* server shuts down the input (for instance, for inactivity, or as a side-effect of resource starvation)
* client sends data
The corresponding stack trace starts with this:
{code}java.lang.IllegalStateException: Internal error
at sun.security.ssl.SSLEngineImpl.initHandshaker(SSLEngineImpl.java:470)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1007)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624){code}
Inspiration for this fix was obtain from the Jetty project, notably, this change: https://github.com/eclipse/jetty.project/issues/1228
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)