From 2b241ac04bdccfb88c60841e5e8cacb4d487a16a Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Fri, 12 Dec 2014 09:23:24 -0700 Subject: [PATCH] 454773 - SSLConnection use on Android client results in loop + Adding safety check for SSL unwrap in client mode that results in OK status but no content --- .../eclipse/jetty/io/ssl/SslConnection.java | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java index ca0ec020d80..067e5f76611 100644 --- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java +++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java @@ -304,7 +304,7 @@ public class SslConnection extends AbstractConnection { @Override public void succeeded() - { + { } @Override @@ -314,7 +314,7 @@ public class SslConnection extends AbstractConnection getFillInterest().onFail(x); getWriteFlusher().onFail(x); } - + },x); } }; @@ -346,7 +346,7 @@ public class SslConnection extends AbstractConnection @Override protected void onIncompleteFlush() - { + { // This means that the decrypted endpoint write method was called and not // all data could be wrapped. So either we need to write some encrypted data, // OR if we are handshaking we need to read some encrypted data OR @@ -380,8 +380,8 @@ public class SslConnection extends AbstractConnection try_again = true; } } - - + + if (try_again) { // If the output is closed, @@ -522,7 +522,9 @@ public class SslConnection extends AbstractConnection HandshakeStatus unwrapHandshakeStatus = unwrapResult.getHandshakeStatus(); Status unwrapResultStatus = unwrapResult.getStatus(); - _underFlown = unwrapResultStatus == Status.BUFFER_UNDERFLOW; + // Extra check on unwrapResultStatus == OK with zero length buffer is due + // to SSL client on android (see bug #454773) + _underFlown = unwrapResultStatus == Status.BUFFER_UNDERFLOW || unwrapResultStatus == Status.OK && unwrapResult.bytesConsumed()==0 && unwrapResult.bytesProduced()==0; if (_underFlown) { @@ -731,11 +733,11 @@ public class SslConnection extends AbstractConnection if (wrapResult.bytesConsumed()>0) consumed+=wrapResult.bytesConsumed(); Status wrapResultStatus = wrapResult.getStatus(); - + boolean allConsumed=true; for (ByteBuffer b : appOuts) if (BufferUtil.hasContent(b)) - allConsumed=false; + allConsumed=false; // and deal with the results returned from the sslEngineWrap switch (wrapResultStatus) @@ -800,7 +802,7 @@ public class SslConnection extends AbstractConnection // try again. if (!allConsumed && wrapResult.getHandshakeStatus()==HandshakeStatus.FINISHED && BufferUtil.isEmpty(_encryptedOutput)) continue; - + // Return true if we consumed all the bytes and encrypted are all flushed return allConsumed && BufferUtil.isEmpty(_encryptedOutput);