[Bug 60437] New: SSL Handshake implementation in AsycnChannelWrapperSecure does not handle SSLEngineResult.Status.BUFFER_OVERFLOW state

Thu, 01 Dec 2016 04:09:07 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=60437

            Bug ID: 60437
           Summary: SSL Handshake implementation in
                    AsycnChannelWrapperSecure does not handle
                    SSLEngineResult.Status.BUFFER_OVERFLOW state
           Product: Tomcat 8
           Version: 8.0.38
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: WebSocket
          Assignee: dev@tomcat.apache.org
          Reporter: dpa...@amdocs.com
  Target Milestone: ----

Created attachment 34494
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34494&action=edit
sample program

This defect is related to an issue reported previously
(https://bz.apache.org/bugzilla/show_bug.cgi?id=54997) .
With the above fix, although BUFFER_UNDERFLOW is being handled, there is still
an issue with BUFFER_OVERFLOW. 

Issue is reproduced by using WebSocketContainer to connect to a server which
requires clientcert authentication (  SSLEnabled="true" clientAuth="true" )


In this case, during the SSL handshake, when AsyncChannelWrapperSecure gets a
handshakeStatus of NEED_UNWRAP, it needs to dynamically resize the DUMMY
buffer, before invoking sslEngine.unwrap(socketReadBuffer, DUMMY), as
recommended by
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html . 


The handshake fails with the following error :
javax.websocket.DeploymentException: The HTTP request to initiate the WebSocket
connection failed
        at
org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:423)
        at
com.wss.WSSCLientUsingTomcatWSContainer.main(WSSCLientUsingTomcatWSContainer.java:27)
Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLException:
TODO
        at
org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WrapperFuture.get(AsyncChannelWrapperSecure.java:508)
        at
org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:367)
        ... 1 more
Caused by: javax.net.ssl.SSLException: TODO
        at
org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.checkResult(AsyncChannelWrapperSecure.java:427)
        at
org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.java:391)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to