Author: markt Date: Fri Dec 14 12:44:13 2018 New Revision: 1848935 URL: http://svn.apache.org/viewvc?rev=1848935&view=rev Log: Ensure TLS socket is closed when normal closure fails.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1848935&r1=1848934&r2=1848935&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties [UTF-8] (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties [UTF-8] Fri Dec 14 12:44:13 2018 @@ -29,8 +29,8 @@ channel.nio.ssl.invalidStatus=Unexpected channel.nio.ssl.netInputNotEmpty=Network input buffer still contains data. Handshake will fail. channel.nio.ssl.netOutputNotEmpty=Network output buffer still contains data. Handshake will fail. channel.nio.ssl.notHandshaking=NOT_HANDSHAKING during handshake -channel.nio.ssl.pendingWriteDuringClose=Pending write, so remaining data in the network buffer, can't send SSL close message, force a close with close(true) instead -channel.nio.ssl.remainingDataDuringClose=Remaining data in the network buffer, can't send SSL close message, force a close with close(true) instead +channel.nio.ssl.pendingWriteDuringClose=Pending write, so remaining data in the network buffer, can't send SSL close message, socket closed anyway +channel.nio.ssl.remainingDataDuringClose=Remaining data in the network buffer, can't send SSL close message, socket closes anyway channel.nio.ssl.sniDefault=Unable to buffer enough data to determine requested SNI host name. Using default channel.nio.ssl.sniHostName=The SNI host name extracted for connection [{0}] was [{1}] channel.nio.ssl.timeoutDuringHandshake=Timeout during handshake. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1848935&r1=1848934&r2=1848935&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Fri Dec 14 12:44:13 2018 @@ -583,16 +583,20 @@ public class SecureNio2Channel extends N try { if (timeout > 0) { if (!flush().get(timeout, TimeUnit.MILLISECONDS).booleanValue()) { + closeSilently(); throw new IOException(sm.getString("channel.nio.ssl.remainingDataDuringClose")); } } else { if (!flush().get().booleanValue()) { + closeSilently(); throw new IOException(sm.getString("channel.nio.ssl.remainingDataDuringClose")); } } } catch (InterruptedException | ExecutionException | TimeoutException e) { + closeSilently(); throw new IOException(sm.getString("channel.nio.ssl.remainingDataDuringClose"), e); } catch (WritePendingException e) { + closeSilently(); throw new IOException(sm.getString("channel.nio.ssl.pendingWriteDuringClose"), e); } //prep the buffer for the close message @@ -609,16 +613,20 @@ public class SecureNio2Channel extends N try { if (timeout > 0) { if (!flush().get(timeout, TimeUnit.MILLISECONDS).booleanValue()) { + closeSilently(); throw new IOException(sm.getString("channel.nio.ssl.remainingDataDuringClose")); } } else { if (!flush().get().booleanValue()) { + closeSilently(); throw new IOException(sm.getString("channel.nio.ssl.remainingDataDuringClose")); } } } catch (InterruptedException | ExecutionException | TimeoutException e) { + closeSilently(); throw new IOException(sm.getString("channel.nio.ssl.remainingDataDuringClose"), e); } catch (WritePendingException e) { + closeSilently(); throw new IOException(sm.getString("channel.nio.ssl.pendingWriteDuringClose"), e); } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org