An update.
1. OK vs. BUFFER_UNDERFLOW may still be an issue. It's not a big one,
but potentially confusing as to when you will get either.
2. I thought I saw this in the non-TLSv1.3 contexts also, but I think I
must have been reverted my test case back to "TLS", which uses the
TLS1.3 1/2 close. I can't get it to duplicate in TLSv1.2/1.1/1 today.
Never mind.
Brad
On 8/10/2018 6:14 PM, Bradford Wetmore wrote:
On 8/9/2018 5:57 PM, Xuelei Fan wrote:
Thank you, Tim! Please feel free to submit bugs and comments.
I went through a standard SSLEngineTemplate handshake/data/close with a
fine-tooth comb (debugger), and found two bugs based on your -04 patch.
1. Things may have changed since the original SSLEngine implementation,
but unwrap() was supposed to return a BUFFER_UNDERFLOW if there is not
enough (or any) inbound data to make a packet. I'm seeing a mix of OK
and BUFFER_UNDERFLOW. I haven't determined the pattern, but you should
be able to run my test (attached) and see pretty quickly.
2. I haven't not had the cycles to follow the earlier discussion, so
this may be a duplicate of something already discussed, but I got myself
into an endless loop because the closes weren't happening as expected.
In the attached file, after the handshaking and data exchange, close
just one of the SSLEngines outbound side. I'll use client for this
example, but same error with server side:
// clientEngine.closeOutbound();
clientEngine.getHandshakeStatus() == NEED_WRAP
client.isInboundDone(): false
client.isOutboundDone(): false
// client.wrap() sends the Close Notify (CN).
client wrap: CLOSED/NEED_UNWRAP, 0/24 bytes
clientEngine.getHandshakeStatus() == NEED_UNWRAP
client.isInboundDone(): false
client.isOutboundDone(): true
// server.unwrap() parses the CN, and closes the inbound side.
server unwrap: CLOSED/NEED_WRAP, 24/0 bytes
clientEngine.getHandshakeStatus() == NEED_WRAP
server.isInboundDone(): true
server.isOutboundDone(): false
So far so good.
// server.wrap() needs to send the corresponding close_notify.
server wrap: OK/NEED_WRAP, 0/0 bytes
clientEngine.getHandshakeStatus() == NEED_WRAP
server.isInboundDone(): true
server.isOutboundDone(): false
Whoops, it didn't happen. No outbound data was generated. State is
still in NEED_WRAP. I just let the app run, it never closes because no
CN is generated on the server side.
Run the attached file for full details.
Thanks,
Brad
Xuelei
On 8/9/2018 4:23 PM, Tim Brooks wrote:
Hi Xuelei,
My test passed using that patch. I’ll continue to explore over the
next few days. But that patch resolves the main issues that I had
encountered.
Thanks,
- Tim
On Aug 7, 2018, at 8:54 AM, Xuelei Fan <xuelei....@oracle.com
<mailto:xuelei....@oracle.com>> wrote:
Xuelei
