[jira] [Comment Edited] (DIRMINA-1072) SslFilter does not account for SSLEngine runtime exceptions

Sat, 07 Oct 2017 16:36:42 -0700 

    [ 
https://issues.apache.org/jira/browse/DIRMINA-1072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16195939#comment-16195939
 ] 

Christoph John edited comment on DIRMINA-1072 at 10/7/17 11:35 PM:
-------------------------------------------------------------------

I assume the "Fix Version" is 2.0.17 then? Any plans on when this is going to 
be released?
Thanks in advance


was (Author: chrjohn):
I assume the "Fix Version" is 2.0.17 then? Any plans on when this going to be 
released?
Thanks in advance

> SslFilter does not account for SSLEngine runtime exceptions
> -----------------------------------------------------------
>
>                 Key: DIRMINA-1072
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-1072
>             Project: MINA
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 2.0.16
>            Reporter: Guus der Kinderen
>         Attachments: sslengine-exception.patch, 
> sslengine-exception-with-destroy.patch
>
>
> Mina's {{SslFilter}} wraps Mina's {{SslHandler}}, which itself wraps Java's 
> {{SSLEngine}}.
> {{SslFilter}} does not catch runtime exceptions that are thrown by 
> {{SSLEngine}} - I am unsure if this is by design.
> Ideally, we'd prevent the engine to get into a state where it can throw such 
> exceptions, but I'm not sure if that's completely feasible.
> None-the-less, I'm here providing an improvement that prevents at least one 
> occurrence of an unchecked exception from being thrown (instead, my patch 
> preemptively throws an {{SSLException}} that is then caught by the exception 
> handling that's already in place).
> An alternative to this fix could be an additional catch block, that handles 
> unchecked exceptions.
> The scenario that is causing the unchecked exception that is caught by this 
> patch, is this:
> * client connects, causes an SslFilter to be initialized, which causes the 
> SSLEngine to begin its handshake
> * server shuts down the input (for instance, for inactivity, or as a 
> side-effect of resource starvation)
> * client sends data
> The corresponding stack trace starts with this:
> {code}java.lang.IllegalStateException: Internal error
>         at 
> sun.security.ssl.SSLEngineImpl.initHandshaker(SSLEngineImpl.java:470)
>         at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1007)
>         at 
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
>         at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
>         at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624){code}
> Inspiration for this fix was obtain from the Jetty project, notably, this 
> change: https://github.com/eclipse/jetty.project/issues/1228



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to