Skip to content

Commit 2eb5d4f

Browse files
trustintrustin
committed
Fix a bug where SslHandler doesn't sometimes handle renegotiation correctly
- Fixes netty#1964
1 parent de2c6ac commit 2eb5d4f

1 file changed

Lines changed: 20 additions & 19 deletions

File tree

handler/src/main/java/io/netty/handler/ssl/SslHandler.java

Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -42,9 +42,9 @@
4242

4343
import javax.net.ssl.SSLEngine;
4444
import javax.net.ssl.SSLEngineResult;
45+
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
4546
import javax.net.ssl.SSLEngineResult.Status;
4647
import javax.net.ssl.SSLException;
47-
4848
import java.io.IOException;
4949
import java.net.SocketAddress;
5050
import java.nio.ByteBuffer;
@@ -391,7 +391,7 @@ public void read(ChannelHandlerContext ctx) {
391391

392392
@Override
393393
public void write(final ChannelHandlerContext ctx, Object msg, ChannelPromise promise) throws Exception {
394-
pendingUnencryptedWrites.add(PendingWrite.newInstance((ByteBuf) msg, promise));
394+
pendingUnencryptedWrites.add(PendingWrite.newInstance(msg, promise));
395395
}
396396

397397
@Override
@@ -713,7 +713,7 @@ private static int getEncryptedPacketLength(ByteBuf buffer) {
713713
int majorVersion = buffer.getUnsignedByte(first + 1);
714714
if (majorVersion == 3) {
715715
// SSLv3 or TLS
716-
packetLength = (buffer.getUnsignedShort(first + 3)) + 5;
716+
packetLength = buffer.getUnsignedShort(first + 3) + 5;
717717
if (packetLength <= 5) {
718718
// Neither SSLv3 or TLSv1 (i.e. SSLv2 or bad data)
719719
tls = false;
@@ -814,25 +814,27 @@ private void unwrap(ChannelHandlerContext ctx) throws SSLException {
814814

815815
private void unwrap(ChannelHandlerContext ctx, ByteBuffer packet, List<Object> out) throws SSLException {
816816
boolean wrapLater = false;
817-
int bytesProduced = 0;
817+
int totalProduced = 0;
818818
try {
819-
loop:
820819
for (;;) {
821820
if (decodeOut == null) {
822821
decodeOut = ctx.alloc().buffer();
823822
}
824-
SSLEngineResult result = unwrap(engine, packet, decodeOut);
825-
bytesProduced += result.bytesProduced();
826-
switch (result.getStatus()) {
827-
case CLOSED:
828-
// notify about the CLOSED state of the SSLEngine. See #137
829-
sslCloseFuture.trySuccess(ctx.channel());
830-
break;
831-
case BUFFER_UNDERFLOW:
832-
break loop;
823+
824+
final SSLEngineResult result = unwrap(engine, packet, decodeOut);
825+
final Status status = result.getStatus();
826+
final HandshakeStatus handshakeStatus = result.getHandshakeStatus();
827+
final int produced = result.bytesProduced();
828+
final int consumed = result.bytesConsumed();
829+
830+
totalProduced += produced;
831+
if (status == Status.CLOSED) {
832+
// notify about the CLOSED state of the SSLEngine. See #137
833+
sslCloseFuture.trySuccess(ctx.channel());
834+
break;
833835
}
834836

835-
switch (result.getHandshakeStatus()) {
837+
switch (handshakeStatus) {
836838
case NEED_UNWRAP:
837839
break;
838840
case NEED_WRAP:
@@ -848,11 +850,10 @@ private void unwrap(ChannelHandlerContext ctx, ByteBuffer packet, List<Object> o
848850
case NOT_HANDSHAKING:
849851
break;
850852
default:
851-
throw new IllegalStateException(
852-
"Unknown handshake status: " + result.getHandshakeStatus());
853+
throw new IllegalStateException("Unknown handshake status: " + handshakeStatus);
853854
}
854855

855-
if (result.bytesConsumed() == 0 && result.bytesProduced() == 0) {
856+
if (status == Status.BUFFER_UNDERFLOW || consumed == 0 && produced == 0) {
856857
break;
857858
}
858859
}
@@ -864,7 +865,7 @@ private void unwrap(ChannelHandlerContext ctx, ByteBuffer packet, List<Object> o
864865
setHandshakeFailure(e);
865866
throw e;
866867
} finally {
867-
if (bytesProduced > 0) {
868+
if (totalProduced > 0) {
868869
ByteBuf decodeOut = this.decodeOut;
869870
this.decodeOut = null;
870871
out.add(decodeOut);

0 commit comments

Comments
 (0)