8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily

Yuri Nesterenko · Yuri Nesterenko · commit d959f811c43d · 2022-02-09T12:29:51.000Z
Reviewed-by: dcherepanov
Backport-of: 8822d41fdcc2c2d568badd72635dc587d21dbd63
diff --git a/src/java.base/share/classes/sun/security/ssl/TransportContext.java b/src/java.base/share/classes/sun/security/ssl/TransportContext.java
@@ -26,6 +26,7 @@
 package sun.security.ssl;
 
 import java.io.IOException;
+import java.net.SocketException;
 import java.security.AccessControlContext;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
@@ -338,7 +339,12 @@ SSLException fatal(Alert alert, String diagnostic,
 
         // invalidate the session
         if (conSession != null) {
-            conSession.invalidate();
+            // In the case of a low-layer transport error, we want to prevent
+            // the session from being invalidated since this is not a TLS-level
+            // error event.
+            if (!(cause instanceof SocketException)) {
+                conSession.invalidate();
+            }
         }
 
         if (handshakeContext != null &&
diff --git a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
@@ -209,12 +209,12 @@ protected void configureServerSocket(SSLServerSocket socket) {
     /*
      * Is the server ready to serve?
      */
-    private final CountDownLatch serverCondition = new CountDownLatch(1);
+    protected final CountDownLatch serverCondition = new CountDownLatch(1);
 
     /*
      * Is the client ready to handshake?
      */
-    private final CountDownLatch clientCondition = new CountDownLatch(1);
+    protected final CountDownLatch clientCondition = new CountDownLatch(1);
 
     /*
      * What's the server port?  Use any free port by default
@@ -468,7 +468,15 @@ public static SSLContext createSSLContext(
      * Both sides can throw exceptions, but do you have a preference
      * as to which side should be the main thread.
      */
-    private static final boolean separateServerThread = false;
+    private final boolean separateServerThread;
+
+    public SSLSocketTemplate() {
+        this(false);
+    }
+
+    public SSLSocketTemplate(boolean sepSrvThread) {
+        this.separateServerThread = sepSrvThread;
+    }
 
     /*
      * Boot up the testing, used to drive remainder of the test.
diff --git a/test/jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java b/test/jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java
