Return correct value from SSLSession.getPacketSize() when using nativ… #13095
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e SSL implementation Motivation: We didnt return the maximum size of SSL packet and tried to calculate it. This didnt work as SSL_max_seal_overhead(...) can only be used to calculate the maximum overhead for when encrypting ourself (and not the remote peer). Because of this we sometimes returned a smaller number then what is possible. This had the affect that when users did use getPacketSize() to size the ByteBuffer we could end up in a situation that would never produce a bug enough ByteBuffer and so never finish the handshake. This issue only accoured when users use the SSLEngine directly. When using our SslHandler we were not affected by this as we use a different approach there. Modifications: - Upgrade netty-tcnative to be able to reuse the the defined constant - Add unit test that did loop forever before this change Result: Fixes #13073
chrisvest
approved these changes
Jan 4, 2023
normanmaurer
added a commit
that referenced
this pull request
Jan 9, 2023
…ve SSL implementation (#13095) Motivation: We didnt return the maximum size of SSL packet and tried to calculate it. This didnt work as SSL_max_seal_overhead(...) can only be used to calculate the maximum overhead for when encrypting ourself (and not the remote peer). Because of this we sometimes returned a smaller number then what is possible. This had the affect that when users did use getPacketSize() to size the ByteBuffer we could end up in a situation that would never produce a bug enough ByteBuffer and so never finish the handshake. This issue only accoured when users use the SSLEngine directly. When using our SslHandler we were not affected by this as we use a different approach there. Modifications: - Upgrade netty-tcnative to be able to reuse the the defined constant - Add unit test that did loop forever before this change Result: Fixes #13073
lhotari
added a commit
to lhotari/pulsar
that referenced
this pull request
Feb 3, 2023
- Brings Netty Tcnative 2.0.56.Final - Also upgraded Netty's io_uring support to a compatible version Release notes: https://netty.io/news/2023/01/12/4-1-87-Final.html https://netty.io/news/2023/02/02/multiple_releases_incubator.html Some relevant Netty bug fixes: Improves compatibility with newer Linux distros: netty/netty#13112 TLS 1.3 handshake issue fix: netty/netty#13073 fixed by netty/netty#13095
4 tasks
lhotari
added a commit
to lhotari/bookkeeper
that referenced
this pull request
Feb 3, 2023
- Brings Netty Tcnative 2.0.56.Final - Also upgraded Netty's io_uring support to a compatible version Release notes: https://netty.io/news/2023/01/12/4-1-87-Final.html https://netty.io/news/2023/02/02/multiple_releases_incubator.html Some relevant Netty bug fixes: Improves compatibility with newer Linux distros: netty/netty#13112 TLS 1.3 handshake issue fix: netty/netty#13073 fixed by netty/netty#13095
nicoloboschi
pushed a commit
to apache/bookkeeper
that referenced
this pull request
Feb 10, 2023
- Brings Netty Tcnative 2.0.56.Final - Also upgraded Netty's io_uring support to a compatible version Release notes: https://netty.io/news/2023/01/12/4-1-87-Final.html https://netty.io/news/2023/02/02/multiple_releases_incubator.html Some relevant Netty bug fixes: Improves compatibility with newer Linux distros: netty/netty#13112 TLS 1.3 handshake issue fix: netty/netty#13073 fixed by netty/netty#13095
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…e SSL implementation
Motivation:
We didnt return the maximum size of SSL packet and tried to calculate it. This didnt work as SSL_max_seal_overhead(...) can only be used to calculate the maximum overhead for when encrypting ourself (and not the remote peer). Because of this we sometimes returned a smaller number then what is possible. This had the affect that when users did use getPacketSize() to size the ByteBuffer we could end up in a situation that would never produce a big enough ByteBuffer and so never finish the handshake.
This issue only accoured when users use the SSLEngine directly. When using our SslHandler we were not affected by this as we use a different approach there.
Modifications:
Result:
Fixes #13073