2016-02-01 20:47 GMT+01:00 <ma...@apache.org>: > Author: markt > Date: Mon Feb 1 19:47:13 2016 > New Revision: 1727992 > > URL: http://svn.apache.org/viewvc?rev=1727992&view=rev > Log: > Fix a consistent unit test failure on OSX (no idea why it started to > appear now) > Handle the case where the required TLS buffer increases after the > connection has been initiated. >
Well, the design is so wrong. BTW, what is the getSession().getApplicationBufferSize() value here ? And that's with OpenSSL or JSSE ? Rémy > > Modified: > tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java > tomcat/trunk/webapps/docs/changelog.xml > > Modified: > tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1727992&r1=1727991&r2=1727992&view=diff > > ============================================================================== > --- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java > (original) > +++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Mon > Feb 1 19:47:13 2016 > @@ -558,18 +558,33 @@ public class SecureNioChannel extends Ni > if (unwrap.getStatus() == Status.BUFFER_UNDERFLOW) { > break; > } > - } else if (unwrap.getStatus() == Status.BUFFER_OVERFLOW && > read > 0) { > - //buffer overflow can happen, if we have read data, then > - //empty out the dst buffer before we do another read > - break; > + } else if (unwrap.getStatus() == Status.BUFFER_OVERFLOW) { > + if (read > 0) { > + // Buffer overflow can happen if we have read data. > Return > + // so the destination buffer can be emptied before > another > + // read is attempted > + break; > + } else { > + // The SSL session has increased the required buffer > size > + // since the buffer was created. > + if (dst == > socket.getSocketBufferHandler().getReadBuffer()) { > + // This is the normal case for this code > + socket.getSocketBufferHandler().expand( > + > sslEngine.getSession().getApplicationBufferSize()); > + dst = > socket.getSocketBufferHandler().getReadBuffer(); > + } else { > + // Can't expand the buffer as there is no way to > signal > + // to the caller that the buffer has been > replaced. > + throw new IOException( > + > sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus())); > + } > + } > } else { > - //here we should trap BUFFER_OVERFLOW and call expand on > the buffer > - //for now, throw an exception, as we initialized the > buffers > - //in the constructor > + // Something else went wrong > throw new > IOException(sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus())); > } > - } while ( (netInBuffer.position() != 0)); //continue to > unwrapping as long as the input buffer has stuff > - return (read); > + } while (netInBuffer.position() != 0); //continue to unwrapping > as long as the input buffer has stuff > + return read; > } > > /** > > Modified: tomcat/trunk/webapps/docs/changelog.xml > URL: > http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1727992&r1=1727991&r2=1727992&view=diff > > ============================================================================== > --- tomcat/trunk/webapps/docs/changelog.xml (original) > +++ tomcat/trunk/webapps/docs/changelog.xml Mon Feb 1 19:47:13 2016 > @@ -99,6 +99,10 @@ > New configuration option <code>ajpFlush</code> for the AJP > connectors > to disable the sending of AJP flush packets. (rjung) > </add> > + <fix> > + Handle the case in the NIO connector where the required TLS > buffer sizes > + increase after the connection has been initiated. (markt) > + </fix> > </changelog> > </subsection> > </section> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
