Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 22381 invoked from network); 1 Sep 2005 11:08:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 1 Sep 2005 11:08:30 -0000 Received: (qmail 30014 invoked by uid 500); 1 Sep 2005 11:08:29 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 29948 invoked by uid 500); 1 Sep 2005 11:08:29 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 29935 invoked by uid 99); 1 Sep 2005 11:08:29 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Sep 2005 04:08:29 -0700 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=FORGED_RCVD_HELO X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [217.76.129.65] (HELO flca485.serveursdns.net) (217.76.129.65) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Sep 2005 04:08:44 -0700 Received: from pcjvermillard.archean (135.55.101-84.rev.gaoland.net [84.101.55.135]) by flca485.serveursdns.net (Postfix) with ESMTP id 8ECD4138FF2 for ; Thu, 1 Sep 2005 13:08:26 +0200 (CEST) Subject: Re: [mina] SSLFilter race condition From: Julien Vermillard Reply-To: jvermillard@archean.fr To: Apache Directory Developers List In-Reply-To: References: Content-Type: text/plain; charset=ISO-8859-1 Organization: Archean Technologies Date: Thu, 01 Sep 2005 13:08:25 +0200 Message-Id: <1125572905.19080.6.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Le jeudi 01 septembre 2005 � 16:27 +0530, Vinod Panicker a �crit : > Hi, > > I'm facing a race condition in SSLFilter. Basically I've done a > "STARTTLS" kind of implementation in which SSL is enabled over an > existing plain-text connection. The server tells the client to start > the SSL negotiation via the application protocol and puts an SSLFilter > over the connection to handle the handshake. > > The race condition occurs when the client sends the SSL handshake even > before the SSLFilter is implemented on the connection. This data is > sent to the IoHandler and causes all sorts of problems. Ultimately > the session is in limbo - it has to be closed. > > Any possible solutions? I've not opened a JIRA issue as yet coz I > wanted to make sure that this cant be handled by the application and > has to be done in MINA. > A solution whould be to install the filter, then send the ACK of the SSL installation to the client by by-passing the "just installed" SSL filter, I'm not sure it's possible. Without that you will need to tweak a delay before the client start the SSL handshaking for avoiding the receptino of the first SSL bytes before the IoHandler being ready :( I think it should go to JIRA no ? Installing a filter should lock the processing of incoming/outgoing buffers ? Julien