You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/06/15 09:34:26 UTC
[tomcat] branch 8.5.x updated: Fix BZ 65368 - better handling of
closed TLS connection
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 2f134e4 Fix BZ 65368 - better handling of closed TLS connection
2f134e4 is described below
commit 2f134e4a94a260cf67bd140e320151f106fc9e1e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jun 10 16:56:25 2021 +0100
Fix BZ 65368 - better handling of closed TLS connection
https://bz.apache.org/bugzilla/show_bug.cgi?id=65368
---
java/org/apache/tomcat/util/net/SecureNioChannel.java | 8 ++++++++
webapps/docs/changelog.xml | 5 +++++
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java b/java/org/apache/tomcat/util/net/SecureNioChannel.java
index 46735ad..cd42a5c 100644
--- a/java/org/apache/tomcat/util/net/SecureNioChannel.java
+++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java
@@ -681,6 +681,14 @@ public class SecureNioChannel extends NioChannel {
sm.getString("channel.nio.ssl.unwrapFailResize", unwrap.getStatus()));
}
}
+ } else if (unwrap.getStatus() == Status.CLOSED && netInBuffer.position() == 0 && read > 0) {
+ // Clean TLS close on input side but there is application data
+ // to process. Can't tell if the client closed the connection
+ // mid-request or if the client is performing a half-close after
+ // a complete request. Assume it is a half-close and allow
+ // processing to continue. If the connection has been closed
+ // mid-request then the next attempt to read will trigger an
+ // EOF.
} else {
// Something else went wrong
throw new IOException(sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus()));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8d48951..203612f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -108,6 +108,11 @@
<subsection name="Coyote">
<changelog>
<fix>
+ <bug>65368</bug>: Improve handling of clean closes of inbound TLS
+ connections. Treat them the same way as clean closes of non-TLS
+ connections rather than as unknown errors. (markt)
+ </fix>
+ <fix>
Modify the HTTP/2 connector not to sent small updates for stream flow
control windows to the user agent as, depending on how the user agent is
written, this may trigger small writes from the user agent that in turn
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org