tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: svn commit: r1174884 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
Date Sun, 02 Oct 2011 20:21:49 GMT
2011/9/23  <markt@apache.org>:
> Author: markt
> Date: Fri Sep 23 16:58:50 2011
> New Revision: 1174884
>
> URL: http://svn.apache.org/viewvc?rev=1174884&view=rev
> Log:
> Fix SSL + BIO + Java 7
> The implementation of InputStream.read(byte[0]) has changed so it always returns zero
without checking for EOF. This broke the old way of doing things.
>
> Modified:
>    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
>
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=1174884&r1=1174883&r2=1174884&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java Fri Sep 23 16:58:50
2011
> @@ -175,7 +175,7 @@ class JSSESupport implements SSLSupport,
>         InputStream in = ssl.getInputStream();
>         int oldTimeout = ssl.getSoTimeout();
>         ssl.setSoTimeout(1000);
> -        byte[] b = new byte[0];
> +        byte[] b = new byte[1];
>         listener.reset();
>         ssl.startHandshake();
>         int maxTries = 60; // 60 * 1000 = example 1 minute time out
> @@ -183,7 +183,14 @@ class JSSESupport implements SSLSupport,
>             if (log.isTraceEnabled())
>                 log.trace("Reading for try #" + i);
>             try {
> -                in.read(b);
> +                int read = in.read(b);
> +                if (read > 0) {
> +                    // Shouldn't happen as all input should have been swallowed
> +                    // before trying to do the handshake. If it does, something
> +                    // went wrong so lets bomb out now.
> +                    throw new SSLException(
> +                            sm.getString("jsseSupport.unexpectedData"));
> +                }

This solution looks tricky.
Maybe "in.available()" can work here?

>             } catch(SSLException sslex) {
>                 log.info(sm.getString("jsseSupport.clientCertError"), sslex);
>                 throw sslex;
>

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message