directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julien Vermillard <jvermill...@archean.fr>
Subject Re: [mina] SSLFilter race condition
Date Thu, 01 Sep 2005 11:08:25 GMT

Le jeudi 01 septembre 2005 à 16:27 +0530, Vinod Panicker a écrit :
> Hi,
> 
> I'm facing a race condition in SSLFilter.  Basically I've done a
> "STARTTLS" kind of implementation in which SSL is enabled over an
> existing plain-text connection.  The server tells the client to start
> the SSL negotiation via the application protocol and puts an SSLFilter
> over the connection to handle the handshake.
> 
> The race condition occurs when the client sends the SSL handshake even
> before the SSLFilter is implemented on the connection.  This data is
> sent to the IoHandler and causes all sorts of problems.  Ultimately
> the session is in limbo - it has to be closed.
> 
> Any possible solutions?  I've not opened a JIRA issue as yet coz I
> wanted to make sure that this cant be handled by the application and
> has to be done in MINA.
> 
A solution whould be to install the filter, then send the ACK of the SSL
installation to the client by by-passing the "just installed" SSL
filter, I'm not sure it's possible. Without that you will need to tweak
a delay before the client start the SSL handshaking for avoiding the
receptino of the first SSL bytes before the IoHandler being ready :( I
think it should go to JIRA no ? Installing a filter should lock the
processing of incoming/outgoing buffers ?

Julien


Mime
View raw message