From 8bcc27a16992d7837601e02448740f88613ffa3f Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Mon, 2 Aug 2021 10:12:35 +0200 Subject: [PATCH] Ensure we always wrap if there is something left to be send to the remote peer (#11535) Motivation: We need to ensure we call wrap as long as there is something left to be send to the remote peer in cases of non-application data (like for example alerts). Modifications: Check the pending data and based on it return NEED_WRAP even when the handshake was done. Result: Always produce alerts etc --- .../handler/ssl/ReferenceCountedOpenSslEngine.java | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java index 9479a38ba5..1323b7eb06 100644 --- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java +++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java @@ -1972,10 +1972,16 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc private SSLEngineResult.HandshakeStatus mayFinishHandshake(SSLEngineResult.HandshakeStatus status) throws SSLException { - if (status == NOT_HANDSHAKING && handshakeState != HandshakeState.FINISHED) { - // If the status was NOT_HANDSHAKING and we not finished the handshake we need to call - // SSL_do_handshake() again - return handshake(); + if (status == NOT_HANDSHAKING) { + if (handshakeState != HandshakeState.FINISHED) { + // If the status was NOT_HANDSHAKING and we not finished the handshake we need to call + // SSL_do_handshake() again + return handshake(); + } + if (!isDestroyed() && SSL.bioLengthNonApplication(networkBIO) > 0) { + // We have something left that needs to be wrapped. + return NEED_WRAP; + } } return status; }