This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 83e9dfd84d Fix Tomcat not sending close_notify with
OpenSSLImplementation
83e9dfd84d is described below
commit 83e9dfd84dfba839ec1d728b2b74e657f180c301
Author: Mark Thomas <[email protected]>
AuthorDate: Fri Aug 30 15:21:08 2024 +0100
Fix Tomcat not sending close_notify with OpenSSLImplementation
---
.../apache/tomcat/util/net/openssl/OpenSSLEngine.java | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 0eb7beb55d..914eafb901 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -465,8 +465,8 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// If isOutboundDone is set, then the data from the network BIO
// was the close_notify message -- we are not required to wait
- // for the receipt the peer's close_notify message -- shutdown.
- if (isOutboundDone) {
+ // for the receipt of the peer's close_notify message -- shutdown.
+ if (isOutboundDone()) {
shutdown();
}
@@ -637,7 +637,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// Check to see if we received a close_notify message from the peer
if (!receivedShutdown && (SSL.getShutdown(state.ssl) &
SSL.SSL_RECEIVED_SHUTDOWN) == SSL.SSL_RECEIVED_SHUTDOWN) {
receivedShutdown = true;
- closeOutbound();
closeInbound();
}
if (bytesProduced == 0 && (written == 0 || (written > 0 &&
!src.hasRemaining() && handshakeFinished))) {
@@ -692,7 +691,10 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
isInboundDone = true;
engineClosed = true;
- shutdown();
+ if (isOutboundDone()) {
+ // Only call shutdown if there is no outbound data pending.
+ shutdown();
+ }
if (accepted != Accepted.NOT && !receivedShutdown) {
throw new SSLException(sm.getString("engine.inboundClose"));
@@ -1073,13 +1075,15 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// Check if we are in the shutdown phase
if (engineClosed) {
- // Waiting to send the close_notify message
if (SSL.pendingWrittenBytesInBIO(state.networkBIO) != 0) {
+ // Waiting to send the close_notify message
return SSLEngineResult.HandshakeStatus.NEED_WRAP;
}
- // Must be waiting to receive the close_notify message
- return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+ if (!isInboundDone()) {
+ // Must be waiting to receive the close_notify message
+ return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+ }
}
return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
