https://bz.apache.org/bugzilla/show_bug.cgi?id=60437
Bug ID: 60437 Summary: SSL Handshake implementation in AsycnChannelWrapperSecure does not handle SSLEngineResult.Status.BUFFER_OVERFLOW state Product: Tomcat 8 Version: 8.0.38 Hardware: PC OS: All Status: NEW Severity: normal Priority: P2 Component: WebSocket Assignee: dev@tomcat.apache.org Reporter: dpa...@amdocs.com Target Milestone: ---- Created attachment 34494 --> https://bz.apache.org/bugzilla/attachment.cgi?id=34494&action=edit sample program This defect is related to an issue reported previously (https://bz.apache.org/bugzilla/show_bug.cgi?id=54997) . With the above fix, although BUFFER_UNDERFLOW is being handled, there is still an issue with BUFFER_OVERFLOW. Issue is reproduced by using WebSocketContainer to connect to a server which requires clientcert authentication ( SSLEnabled="true" clientAuth="true" ) In this case, during the SSL handshake, when AsyncChannelWrapperSecure gets a handshakeStatus of NEED_UNWRAP, it needs to dynamically resize the DUMMY buffer, before invoking sslEngine.unwrap(socketReadBuffer, DUMMY), as recommended by http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html . The handshake fails with the following error : javax.websocket.DeploymentException: The HTTP request to initiate the WebSocket connection failed at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:423) at com.wss.WSSCLientUsingTomcatWSContainer.main(WSSCLientUsingTomcatWSContainer.java:27) Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLException: TODO at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WrapperFuture.get(AsyncChannelWrapperSecure.java:508) at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:367) ... 1 more Caused by: javax.net.ssl.SSLException: TODO at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.checkResult(AsyncChannelWrapperSecure.java:427) at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.java:391) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org