You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Kamal Rathod (JIRA)" <ji...@apache.org> on 2018/03/27 14:40:00 UTC

[jira] [Created] (DIRMINA-1082) SSLHandler calling wrap method after closeOutBound() on SSLEngine

Kamal Rathod created DIRMINA-1082:
-------------------------------------

             Summary: SSLHandler calling wrap method after closeOutBound() on SSLEngine
                 Key: DIRMINA-1082
                 URL: https://issues.apache.org/jira/browse/DIRMINA-1082
             Project: MINA
          Issue Type: Bug
          Components: Core
    Affects Versions: 2.0.16
            Reporter: Kamal Rathod


Hi,

I am trying to connect through SSL and Proxy and getting below error.

_ERROR quickfix.mina.initiator.InitiatorIoHandler - Socket : javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP_
_bytesConsumed = 0 bytesProduced = 87_
_javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP_
_bytesConsumed = 0 bytesProduced = 87_
 _at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:500) ~[mina-core.jar:?]_
 _at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:742) ~[mina-core.jar:?]_
 _at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:677) ~[mina-core.jar:?]_
 _at org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:648) ~[mina-core.jar:?]_

 

I had a look at closeOutBound() method of SslHandler.java and suspect bug there.

Line 484: sslEngine.closeOutBound()

Line 490: sslEngine.wrap(emptyBuffer.buf(), outNetBuffer.buf());

 

In the scenario the sslEngine is closed first and then the wrap method is called. 

As per java docs:

 _In all cases, closure handshake messages are generated by the engine, and {{wrap()}} should be repeatedly called until the resulting {{SSLEngineResult}}'s status returns "CLOSED", or [{{isOutboundDone()}}|https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html#isOutboundDone()] returns true. All data obtained from the {{wrap()}} method should be sent to the peer._

_[{{closeOutbound()}}|https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html#closeOutbound()] is used to signal the engine that the application will not be sending any more data._

So as per docs, wrap should be called repeatedly and then closeOutbound() method, but in code its reverse, after closeOutbound wrap is called.

Can someone please check and comment on this?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)