Guus der Kinderen created DIRMINA-1072:
------------------------------------------
Summary: SslFilter does not account for SSLEngine runtime
exceptions
Key: DIRMINA-1072
URL: https://issues.apache.org/jira/browse/DIRMINA-1072
Project: MINA
Issue Type: Bug
Components: SSL
Affects Versions: 2.0.16
Reporter: Guus der Kinderen
Attachments: sslengine-exception.patch
Mina's {{SslFilter}} wraps Mina's {{SslHandler}}, which itself wraps Java's
{{SSLEngine}}.
{{SslFilter}} does not catch runtime exceptions that are thrown by
{{SSLEngine}} - I am unsure if this is by design.
Ideally, we'd prevent the engine to get into a state where it can throw such
exceptions, but I'm not sure if that's completely feasible.
None-the-less, I'm here providing an improvement that prevents at least one
occurrence of an unchecked exception from being thrown (instead, my patch
preemptively throws an {{SSLException}} that is then caught by the exception
handling that's already in place).
An alternative to this fix could be an additional catch block, that handles
unchecked exceptions.
The scenario that is causing the unchecked exception that is caught by this
patch, is this:
* client connects, causes an SslFilter to be initialized, which causes the
SSLEngine to begin its handshake
* server shuts down the input (for instance, for inactivity, or as a
side-effect of resource starvation)
* client sends data
The corresponding stack trace starts with this:
{code}java.lang.IllegalStateException: Internal error
at sun.security.ssl.SSLEngineImpl.initHandshaker(SSLEngineImpl.java:470)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1007)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624){code}
Inspiration for this fix was obtain from the Jetty project, notably, this
change: https://github.com/eclipse/jetty.project/issues/1228
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
