(tomcat) branch 9.0.x updated: Use SSLException when handshake failed and nothing can get read/written

Thu, 12 Mar 2026 09:16:17 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 6225ed6151 Use SSLException when handshake failed and nothing can get 
read/written
6225ed6151 is described below

commit 6225ed6151dab887abacb981b4bd627bc9500afc
Author: remm <[email protected]>
AuthorDate: Thu Mar 12 17:12:25 2026 +0100

    Use SSLException when handshake failed and nothing can get read/written
---
 java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java | 4 ++--
 webapps/docs/changelog.xml                                        | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 38322b8d37..12a513cf24 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -413,7 +413,7 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
                 }
 
                 if (bytesWritten == 0) {
-                    throw new 
IllegalStateException(sm.getString("engine.failedToWriteBytes"));
+                    throw new 
SSLException(sm.getString("engine.failedToWriteBytes"));
                 }
 
                 // Check to see if the engine wrote data into the network BIO
@@ -541,7 +541,7 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
                 if (bytesRead == 0) {
                     // This should not be possible. pendingApp is positive
                     // therefore the read should have read at least one byte.
-                    throw new 
IllegalStateException(sm.getString("engine.failedToReadAvailableBytes"));
+                    throw new 
SSLException(sm.getString("engine.failedToReadAvailableBytes"));
                 }
 
                 bytesProduced += bytesRead;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6dc64e2977..53867a5616 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -221,6 +221,10 @@
       <fix>
         Free certificate chain if an error occurs, in the FFM code. (remm)
       </fix>
+      <fix>
+        Report handshake issues as <code>SSLException</code> in the FFM
+        code, rather than <code>IllegalStateException</code>. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to