8274736: Concurrent read/close of SSLSockets causes SSLSessions to be…

… invalidated unnecessarily Reviewed-by: mdoerr Backport-of: 8822d41fdcc2c2d568badd72635dc587d21dbd63
openjdk · Dec 20, 2021 · ec89f1b6c317932e937291f43e68d04ff77204b8 · ec89f1b · openjdk-notifier · Dec 20, 2021
1 parent b07b90f
commit ec89f1b6c317932e937291f43e68d04ff77204b8
Showing with 435 additions and 6 deletions.

+7 −1 src/java.base/share/classes/sun/security/ssl/TransportContext.java

+13 −5 test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java

+415 −0 test/jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java
diff --git a/src/java.base/share/classes/sun/security/ssl/TransportContext.java b/src/java.base/share/classes/sun/security/ssl/TransportContext.java
@@ -26,6 +26,7 @@
 package sun.security.ssl;
 
 import java.io.IOException;
+import java.net.SocketException;
 import java.security.AccessControlContext;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
@@ -365,7 +366,12 @@ SSLException fatal(Alert alert, String diagnostic,
 
         // invalidate the session
         if (conSession != null) {
-            conSession.invalidate();
+            // In the case of a low-layer transport error, we want to prevent
+            // the session from being invalidated since this is not a TLS-level
+            // error event.
+            if (!(cause instanceof SocketException)) {
+                conSession.invalidate();
+            }
         }
 
         if (handshakeContext != null &&

diff --git a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
@@ -209,22 +209,22 @@ protected void configureServerSocket(SSLServerSocket socket) {
     /*
      * Is the server ready to serve?
      */
-    private final CountDownLatch serverCondition = new CountDownLatch(1);
+    protected final CountDownLatch serverCondition = new CountDownLatch(1);
 
     /*
      * Is the client ready to handshake?
      */
-    private final CountDownLatch clientCondition = new CountDownLatch(1);
+    protected final CountDownLatch clientCondition = new CountDownLatch(1);
 
     /*
      * What's the server port?  Use any free port by default
      */
-    private volatile int serverPort = 0;
+    protected volatile int serverPort = 0;
 
     /*
      * Define the server side of the test.
      */
-    private void doServerSide() throws Exception {
+    protected void doServerSide() throws Exception {
         // kick start the server side service
         SSLContext context = createServerSSLContext();
         SSLServerSocketFactory sslssf = context.getServerSocketFactory();
@@ -470,7 +470,15 @@ public static SSLContext createSSLContext(
      * Both sides can throw exceptions, but do you have a preference
      * as to which side should be the main thread.
      */
-    private static final boolean separateServerThread = false;
+    private final boolean separateServerThread;
+
+    public SSLSocketTemplate() {
+        this(false);
+    }
+
+    public SSLSocketTemplate(boolean sepSrvThread) {
+        this.separateServerThread = sepSrvThread;
+    }
 
     /*
      * Boot up the testing, used to drive remainder of the test.