This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 84e75259fb Fix Tomcat not sending close_notify with
OpenSSLImplementation
84e75259fb is described below
commit 84e75259fbe50309f7bffa92317744f38076b0be
Author: remm <r...@apache.org>
AuthorDate: Sun Sep 1 10:53:44 2024 +0200
Fix Tomcat not sending close_notify with OpenSSLImplementation
Port patch
---
.../util/net/openssl/panama/OpenSSLEngine.java | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index ac2c275fb2..a528df7676 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -370,8 +370,8 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// If isOutboundDone is set, then the data from the network BIO
// was the close_notify message -- we are not required to wait
- // for the receipt the peer's close_notify message -- shutdown.
- if (isOutboundDone) {
+ // for the receipt of the peer's close_notify message -- shutdown.
+ if (isOutboundDone()) {
shutdown();
}
@@ -471,9 +471,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// protect against protocol overflow attack vector
if (len > MAX_ENCRYPTED_PACKET_LENGTH) {
- isInboundDone = true;
- isOutboundDone = true;
- engineClosed = true;
shutdown();
throw new SSLException(sm.getString("engine.oversizedPacket"));
}
@@ -549,7 +546,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// Check to see if we received a close_notify message from the peer
if (!receivedShutdown && (SSL_get_shutdown(state.ssl) &
SSL_RECEIVED_SHUTDOWN()) == SSL_RECEIVED_SHUTDOWN()) {
receivedShutdown = true;
- closeOutbound();
closeInbound();
}
@@ -603,7 +599,10 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
isInboundDone = true;
engineClosed = true;
- shutdown();
+ if (isOutboundDone()) {
+ // Only call shutdown if there is no outbound data pending.
+ shutdown();
+ }
if (accepted != Accepted.NOT && !receivedShutdown) {
throw new SSLException(sm.getString("engine.inboundClose"));
@@ -1038,13 +1037,15 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// Check if we are in the shutdown phase
if (engineClosed) {
- // Waiting to send the close_notify message
if (BIO_ctrl_pending(state.networkBIO) != 0) {
+ // Waiting to send the close_notify message
return SSLEngineResult.HandshakeStatus.NEED_WRAP;
}
- // Must be waiting to receive the close_notify message
- return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+ if (!isInboundDone()) {
+ // Must be waiting to receive the close_notify message
+ return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
+ }
}
return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
