directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trustin Lee <trus...@gmail.com>
Subject Re: [mina] SSLFilter race condition: Take #2
Date Thu, 13 Oct 2005 13:14:44 GMT
2005/10/13, Julien Vermillard <jvermillard@archean.fr>:
>
> Why not :
>
> public void messageReceived(IoSession session, Object message) {
> if (message instanceof MyStartTLSRequest) {
> // insert SSLFilter to start handshaking
> session.getFilterChain().addFirst(sslFilter);
>
> // Disable encryption
> sslFilter.setEnabled(false); // SSLfilter is bypassing
>
> // write StartTLSResponse
> session.write(new MyStartTLSResponse(OK));
>
> // Enable encryption
> sslFilter.setEnabled(true); // SSLfilter is crypting
> }
> }


What if a client initiates TLS handshake process before we call
sslFilter.setEnable(true). I know this won't happen easily, but it has
possibility of race condition yet.

I talked with Emmanuel and here's another option:

public void messageReceived(IoSession session, Object message) {
if (message instanceof MyStartTLSRequest) {
// insert SSLFilter to start handshaking
session.getFilterChain().addFirst(sslFilter);

// Disable encryption temporarilly. This attribute will be cleared after
Session.write()
session.setAttribute( SSLFilter.DISABLE_ENCRYPTION, Boolean.TRUE );

// write StartTLSResponse
session.write(new MyStartTLSResponse(OK));
}
}

Trustin
--
what we call human nature is actually human habit
--
http://gleamynode.net/

Mime
View raw message