-
-
Notifications
You must be signed in to change notification settings - Fork 15.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exception: Handshake has already been started on Android 5+ #4718
Comments
@ganskef - What version of netty are you using?
|
@Scottmitch - I use the Netty 4.1 branch and I've checked out bf24ffd but this happens with 4.1.0.Beta8 and before too. |
@Scottmitch - now I've built commit e578e92 And I depend on
|
@ganskef - Thanks for trying. Will dig deeper and get back to you. |
To reiterate/clarify what I mentioned before ... jdk's SSLEngineImpl and Netty's OpenSslEngine both tolerate multiple calls to |
@nmittler - What are your thoughts? I would be curious to see if Android devs would be willing to make behavior consistent with OpenJdk SSLEngineImpl (as indicated above). |
Opened an an issue to discuss with Android folks https://code.google.com/p/android/issues/detail?id=199204 |
@Scottmitch I would not expect that we would be calling |
@ganskef - Can you provide the following to help with the android issue?
|
@nmittler - We currently may call it from
We can avoid this if necessary (which will have to do if we want to support currently released versions of Android 5+ and 6+) but it would be nice to have clarity / consistency in JDK behavior. |
Agreed :) So it sounds like we need to fix Netty regardless, correct? That would mean that this bug is not dependent on resolving https://code.google.com/p/android/issues/detail?id=199204. |
Yes if we want to support existing Android releases (5+ and 6+) then Netty code needs to change. I have a PR pending. |
@Scottmitch - I've seen it on a Nexus 5 device too but it's not my own. So I have to use the emulator, by Genymotion my choice:
Handshaking works well with:
|
@ganskef - Thanks for the info. Yes Android 4.x appears to use a different implementation of SSLEngineImpl which behaves the same way as the OpenJDK's SSLEngineImpl, and so I wouldn't expect to see this issue. |
@Scottmitch @nmittler I can take a stab on this once back from vacation (next week). |
@normanmaurer - I have a PR pending, which you will be on the hook for reviewing 😉 |
@Scottmitch internal PR or just not published? |
@johnou yes should be upstream soon. |
@Scottmitch think the fix for this will make 4.0.34.Final? |
Yes
|
Motivation: Not all SSLEngine implementations permit beginHandshake being called while a handshake is in progress during the initial handshake. We should ensure we only go through the initial handshake code once to prevent unexpected exceptions from being thrown. Modifications: - Only call beginHandshake if there is not currently a handshake in progress Result: SslHandler's handshake method is compatible with OpenSSLEngineImpl in Android 5.0+ and 6.0+. Fixes netty#4718
Motivation: Not all SSLEngine implementations permit beginHandshake being called while a handshake is in progress during the initial handshake. We should ensure we only go through the initial handshake code once to prevent unexpected exceptions from being thrown. Modifications: - Only call beginHandshake if there is not currently a handshake in progress Result: SslHandler's handshake method is compatible with OpenSSLEngineImpl in Android 5.0+ and 6.0+. Fixes #4718
Fixed by #4764. Please re-open if you still see issues. |
I've integrated it here but I haven't got an Android 5+ device. It works well :-) in emulator. Will try it with desktop platforms too. Sorry, it's binary only, see http://ganskef.github.io/MoCuishle/license/. |
Motivation: Not all SSLEngine implementations permit beginHandshake being called while a handshake is in progress during the initial handshake. We should ensure we only go through the initial handshake code once to prevent unexpected exceptions from being thrown. Modifications: - Only call beginHandshake if there is not currently a handshake in progress Result: SslHandler's handshake method is compatible with OpenSSLEngineImpl in Android 5.0+ and 6.0+. Fixes netty#4718
With https://github.com/ganskef/LittleProxy-mitm I use SSL on all Java platforms. Android devices up to 4.4 are supported well since #3904 is fixed. With Android 5.0 it's been better since #4116 is fixed, but there is still one concern with Android 5+. All connection attempts are interrupted with this:
This hint is figured out by @MediumOne: After commenting out this line it's mostly working, but not perfect:
https://github.com/netty/netty/blob/4.1/handler/src/main/java/io/netty/handler/ssl/SslHandler.java#L1266
On Mac OS X it looks good (Windows is not been tested), but on Linux and Android 5+ it's not totally stable, so it's not a fix. Some connections are cancelled, and sometimes blocking occurs, mostly at the first connection.
I can reproduce this behavior on emulators, with Android 5.0, 5.1 and 6.0. This code was been introduced with this commit: 50fafdc on 06/07/2012 by Trustin. Do you have any suggestions please?
The text was updated successfully, but these errors were encountered: