> As described in the bug, by connecting the SSLEngine with a misbehaving peer > SSL implementation, it can get into a state where it calling `wrap` reports > getStatus == OK, getHandshakeStatus === NEED_WRAP but still doesn't produce > any further output. It happens when the output bound is not empty. > > It is caused by a mismatching condition in the SSLEngineOutputRecord. The > use hasAlert() method should be replaced with isEmpty(). Otherwise, there is > conflicts of the closing status while checking with OutputRecord.isEmpty() in > TransportContext.getHandshakeStatus() implementation. It is safe to remove > hasAlert() method, as we don't allow creation of new output record if the > closure is in progress, thus isEmpty() could be used instead. > > The patch passed the test provided by the bug submitter.
Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: Update copyright date and typo correction ------------- Changes: - all: https://git.openjdk.java.net/jdk/pull/3292/files - new: https://git.openjdk.java.net/jdk/pull/3292/files/989e9ad3..03a0dc60 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=3292&range=02 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=3292&range=01-02 Stats: 2 lines in 1 file changed: 0 ins; 1 del; 1 mod Patch: https://git.openjdk.java.net/jdk/pull/3292.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/3292/head:pull/3292 PR: https://git.openjdk.java.net/jdk/pull/3292
