-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl #2057
Conversation
👋 Welcome back cverghese! A progress list of the required criteria for merging this PR into |
@cliveverghese The following labels will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command. |
Webrevs
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes to the HttpClient test look reasonable to me. I'll let the security libs experts comment on the rest of this change however.
best regards,
-- daniel
/issue add JDK-8259516 |
@cliveverghese |
// | ||
|
||
/* | ||
* @test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* @test | |
* @test | |
* @bug 8259662 8259516 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the feedback. I have updated the change to include the bug ids.
983842d
to
72fef9b
Compare
For the CSR request, I updated the component to security-libs/javax.net.ssl, add 17 as one of the fix versions, and added myself as reviewer. |
Thank you. I will change the status of the CSR to proposed. |
src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java
Outdated
Show resolved
Hide resolved
src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java
Outdated
Show resolved
Hide resolved
if (cause instanceof SocketException) { | ||
if (!conContext.isInboundClosed()) { | ||
try { | ||
decode(null); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One decode may be not sufficient if there are multiple pending handshake messages record, or the connection has been established and application data transportation is in progress. I'm not sure if an additional decode() here really solve the problem as described in JDK-8259516.
I did not follow the issue of JDK-8259516. Why an SSLException is desired but not SocketException, as if the socket has been closed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have removed issues for JDK-8259516.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please make sure all tier1 and tier2 tests passed on all supported platforms. Except the failed I commented in the update, javax/net/ssl/SSLSession/TestEnabledProtocols.java is also failed with a similar stack on Windows. Maybe, the pull request command "/test tier1" and "/test tier2" could help speed up the testing.
try { | ||
sslIS.read(); | ||
sslOS.write('A'); | ||
sslOS.flush(); | ||
} catch (SSLHandshakeException se) { | ||
// Ignore exception as this is expected. | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The test cannot pass tier2 test on Windows.
java.net.SocketException: An established connection was aborted by the software in your host machine
at java.base/sun.nio.ch.NioSocketImpl.implWrite(NioSocketImpl.java:420)
at java.base/sun.nio.ch.NioSocketImpl.write(NioSocketImpl.java:440)
at java.base/sun.nio.ch.NioSocketImpl$2.write(NioSocketImpl.java:826)
at java.base/java.net.Socket$SocketOutputStream.write(Socket.java:1045)
at java.base/sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:266)
at java.base/sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89)
at java.base/sun.security.ssl.CertificateRequest$T12CertificateRequestProducer.produce(CertificateRequest.java:629)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)
at java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1120)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:853)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:812)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1501)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1415)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:915)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1006)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:966)
at ShouldThrowSSLExceptionWhenPeerClosesSocket.runServerApplication(ShouldThrowSSLExceptionWhenPeerClosesSocket.java:131)
at SSLSocketTemplate.doServerSide(SSLSocketTemplate.java:280)
at SSLSocketTemplate.startServer(SSLSocketTemplate.java:584)
at SSLSocketTemplate.bootup(SSLSocketTemplate.java:498)
at SSLSocketTemplate.run(SSLSocketTemplate.java:83)
at ShouldThrowSSLExceptionWhenPeerClosesSocket.main(ShouldThrowSSLExceptionWhenPeerClosesSocket.java:292)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
at java.base/java.lang.Thread.run(Thread.java:831)
Suppressed: java.net.SocketException: An established connection was aborted by the software in your host machine
at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:325)
at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350)
at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803)
at java.base/java.net.Socket$SocketInputStream.read(Socket.java:976)
at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:478)
at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:472)
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1501)
at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1696)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:460)
... 15 more
os.flush(); | ||
} catch (SSLProtocolException | SSLHandshakeException sslhe) { | ||
throw sslhe; | ||
} catch (SSLException ssle) { | ||
} catch (SocketException se) { | ||
// the expected exception, ignore it | ||
System.err.println("server exception: " + ssle); | ||
System.err.println("server exception: " + se); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The test failed with on Linux/Windows/MacOSX:
javax.net.ssl.SSLHandshakeException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:369)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:134)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1501)
at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1696)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:460)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:915)
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1285)
at java.base/sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:242)
at java.base/sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:321)
at java.base/sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:325)
at java.base/sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:159)
at java.base/java.io.OutputStreamWriter.flush(OutputStreamWriter.java:248)
at java.base/java.io.BufferedWriter.flush(BufferedWriter.java:257)
at SocketExceptionForSocketIssues.test(SocketExceptionForSocketIssues.java:79)
at SocketExceptionForSocketIssues.main(SocketExceptionForSocketIssues.java:45)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
at java.base/java.lang.Thread.run(Thread.java:831)
Suppressed: java.net.SocketException: Broken pipe
at java.base/sun.nio.ch.NioSocketImpl.implWrite(NioSocketImpl.java:420)
at java.base/sun.nio.ch.NioSocketImpl.write(NioSocketImpl.java:440)
at java.base/sun.nio.ch.NioSocketImpl$2.write(NioSocketImpl.java:826)
at java.base/java.net.Socket$SocketOutputStream.write(Socket.java:1045)
at java.base/sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:81)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:400)
... 22 more
888162a
to
573406d
Compare
/issue remove JDK-8259516 |
@cliveverghese |
/test tier1 |
@cliveverghese you need to get approval to run the tests in tier1 for commits up until 573406d |
/test tier2 |
@cliveverghese the test group tier2 does not exist |
Hi, Thank you for the feedback. I have verified that tier1 and tier2 tests pass on Windows, MacOS and Linux. |
Thank you! I will address the closed test failures. I will post you when the update is ready. |
/csr needed |
@XueleiFan this pull request will not be integrated until the CSR request JDK-8259847 for issue JDK-8259662 has been approved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good to me now. I will take care of the closed test update. Please finalize the CSR request before integration.
@cliveverghese this pull request can not be integrated into git checkout 8259662
git fetch https://git.openjdk.java.net/jdk master
git merge FETCH_HEAD
# resolve conflicts and follow the instructions given by git merge
git commit -m "Merge master"
git push |
@cliveverghese This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 1 new commit pushed to the
Please see this link for an up-to-date comparison between the source branch of this pull request and the As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@dfuch, @rhalade, @XueleiFan) but any other Committer may sponsor as well. ➡️ To flag this PR as ready for integration with the above commit message, type |
/integrate |
@cliveverghese |
/sponsor |
@XueleiFan @cliveverghese Since your change was applied there have been 21 commits pushed to the
Your commit was automatically rebased without conflicts. Pushed as commit 63f8fc8. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
Redo for 8237578: JDK-8214339 (SSLSocketImpl wraps SocketException) appears to not be fully fixed
This also fixes JDK-8259516: Alerts sent by peer may not be received correctly during TLS handshake
Progress
Issue
Reviewers
Download
$ git fetch https://git.openjdk.java.net/jdk pull/2057/head:pull/2057
$ git checkout pull/2057