-
-
Notifications
You must be signed in to change notification settings - Fork 15.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Correctly clear the error stack in all cases when using ReferenceCoun… #7941
Conversation
…tedOpenSslEngine. Motivation: We missed to correctly clear the error stack in one case when using the ReferenceCountedOpenSslEngine. Because of this it was possible to pick up an error on an unrelated operation. Modifications: - Correctly clear the stack - Add verification of empty error stack to tests. Result: Not possible to observe unrelated errors.
@@ -1093,8 +1093,6 @@ public final SSLEngineResult unwrap( | |||
} | |||
|
|||
private SSLEngineResult sslReadErrorResult(int err, int bytesConsumed, int bytesProduced) throws SSLException { | |||
String errStr = SSL.getErrorString(err); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change was just done to eliminate the need to create it when its not needed.
@Override | ||
public void tearDown() throws InterruptedException { | ||
super.tearDown(); | ||
Assert.assertEquals("SSL error stack not correctly consumed", 0, SSL.getLastErrorNumber()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: static import Assert.assertEquals
} | ||
// We need to clear all errors so we not pick up anything that was left on the stack on the next | ||
// operation. Note that shutdownWithError(...) will cleanup the stack as well so its only needed here. | ||
SSL.clearError(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@normanmaurer without this what behaviour did you observe?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
basically whatever test that ran after OpenSslEngineTest.testMultipleRecordsInOneBufferWithNonZeroPositionJDKCompatabilityModeOff
failed when using BoringSSL. Thats also why I added asserts now to ensure the error stack is empty when we teardown.
@@ -1093,8 +1093,6 @@ public final SSLEngineResult unwrap( | |||
} | |||
|
|||
private SSLEngineResult sslReadErrorResult(int err, int bytesConsumed, int bytesProduced) throws SSLException { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
future improvement: we don't actually use err
for anything besides getting the string. We could add a method to netty-tcnative that is SSL.getLastErrorString()
to save a JNI call. Looks like this is the only place that getLastErrorNumber
is used in non-unit test code too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…CountedOpenSslEngine. Motivation: #7941 proved that its easy to not correctly clear the error stack sometimes. We should do carefully test this. Modifications: Add a new SSLEngine wrapper that is used during tests, which verifies that the error stack is empty after each method call. Result: Better testing.
…CountedOpenSslEngine. Motivation: #7941 proved that its easy to not correctly clear the error stack sometimes. We should do carefully test this. Modifications: Add a new SSLEngine wrapper that is used during tests, which verifies that the error stack is empty after each method call. Result: Better testing.
…CountedOpenSslEngine. (#7943) Motivation: #7941 proved that its easy to not correctly clear the error stack sometimes. We should do carefully test this. Modifications: Add a new SSLEngine wrapper that is used during tests, which verifies that the error stack is empty after each method call. Result: Better testing.
…tedOpenSslEngine.
Motivation:
We missed to correctly clear the error stack in one case when using the ReferenceCountedOpenSslEngine. Because of this it was possible to pick up an error on an unrelated operation.
Modifications:
Result:
Not possible to observe unrelated errors.