Ensure we always wrap if there is something left to be send to the remote peer (#11535)

Motivation:

We need to ensure we call wrap as long as there is something left to be send to the remote peer in cases of non-application data (like for example alerts).

Modifications:

Check the pending data and based on it return NEED_WRAP even when the handshake was done.

Result:

Always produce alerts etc
This commit is contained in:
Norman Maurer 2021-08-02 10:12:35 +02:00 committed by GitHub
parent 82418dafec
commit 8bcc27a169
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1972,10 +1972,16 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
private SSLEngineResult.HandshakeStatus mayFinishHandshake(SSLEngineResult.HandshakeStatus status) private SSLEngineResult.HandshakeStatus mayFinishHandshake(SSLEngineResult.HandshakeStatus status)
throws SSLException { throws SSLException {
if (status == NOT_HANDSHAKING && handshakeState != HandshakeState.FINISHED) { if (status == NOT_HANDSHAKING) {
// If the status was NOT_HANDSHAKING and we not finished the handshake we need to call if (handshakeState != HandshakeState.FINISHED) {
// SSL_do_handshake() again // If the status was NOT_HANDSHAKING and we not finished the handshake we need to call
return handshake(); // SSL_do_handshake() again
return handshake();
}
if (!isDestroyed() && SSL.bioLengthNonApplication(networkBIO) > 0) {
// We have something left that needs to be wrapped.
return NEED_WRAP;
}
} }
return status; return status;
} }