[
https://issues.apache.org/jira/browse/DIRMINA-1072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16195423#comment-16195423
]
Emmanuel Lecharny commented on DIRMINA-1072:
--------------------------------------------
Sadly, the patch causes one of the test to fail :
{code:java}
testTCPWithSSL(org.apache.mina.example.echoserver.ConnectorTest) Time elapsed:
11.635 sec <<< FAILURE!
java.lang.AssertionError: expected:<160> but was:<0>
at org.junit.Assert.fail(Assert.java:88)
at org.junit.Assert.failNotEquals(Assert.java:834)
at org.junit.Assert.assertEquals(Assert.java:645)
at org.junit.Assert.assertEquals(Assert.java:631)
at
org.apache.mina.example.echoserver.ConnectorTest.waitForResponse(ConnectorTest.java:220)
at
org.apache.mina.example.echoserver.ConnectorTest.testConnector0(ConnectorTest.java:190)
at
org.apache.mina.example.echoserver.ConnectorTest.testConnector(ConnectorTest.java:139)
at
org.apache.mina.example.echoserver.ConnectorTest.testConnector(ConnectorTest.java:102)
at
org.apache.mina.example.echoserver.ConnectorTest.testTCPWithSSL(ConnectorTest.java:89)
{code}
> SslFilter does not account for SSLEngine runtime exceptions
> -----------------------------------------------------------
>
> Key: DIRMINA-1072
> URL: https://issues.apache.org/jira/browse/DIRMINA-1072
> Project: MINA
> Issue Type: Bug
> Components: SSL
> Affects Versions: 2.0.16
> Reporter: Guus der Kinderen
> Attachments: sslengine-exception.patch
>
>
> Mina's {{SslFilter}} wraps Mina's {{SslHandler}}, which itself wraps Java's
> {{SSLEngine}}.
> {{SslFilter}} does not catch runtime exceptions that are thrown by
> {{SSLEngine}} - I am unsure if this is by design.
> Ideally, we'd prevent the engine to get into a state where it can throw such
> exceptions, but I'm not sure if that's completely feasible.
> None-the-less, I'm here providing an improvement that prevents at least one
> occurrence of an unchecked exception from being thrown (instead, my patch
> preemptively throws an {{SSLException}} that is then caught by the exception
> handling that's already in place).
> An alternative to this fix could be an additional catch block, that handles
> unchecked exceptions.
> The scenario that is causing the unchecked exception that is caught by this
> patch, is this:
> * client connects, causes an SslFilter to be initialized, which causes the
> SSLEngine to begin its handshake
> * server shuts down the input (for instance, for inactivity, or as a
> side-effect of resource starvation)
> * client sends data
> The corresponding stack trace starts with this:
> {code}java.lang.IllegalStateException: Internal error
> at
> sun.security.ssl.SSLEngineImpl.initHandshaker(SSLEngineImpl.java:470)
> at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1007)
> at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624){code}
> Inspiration for this fix was obtain from the Jetty project, notably, this
> change: https://github.com/eclipse/jetty.project/issues/1228
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
