Ensure we always wrap if there is something left to be send to the remote peer (#11535)

Motivation: We need to ensure we call wrap as long as there is something left to be send to the remote peer in cases of non-application data (like for example alerts). Modifications: Check the pending data and based on it return NEED_WRAP even when the handshake was done. Result: Always produce alerts etc
2021-08-02 10:12:35 +02:00 · 2021-08-02 10:12:35 +02:00 · 8bcc27a169
commit 8bcc27a169
parent 82418dafec
1 changed files with 10 additions and 4 deletions
--- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
+++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java
@ -1972,11 +1972,17 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc

    private SSLEngineResult.HandshakeStatus mayFinishHandshake(SSLEngineResult.HandshakeStatus status)
            throws SSLException {
-        if (status == NOT_HANDSHAKING && handshakeState != HandshakeState.FINISHED) {
+        if (status == NOT_HANDSHAKING) {
+            if (handshakeState != HandshakeState.FINISHED) {
                // If the status was NOT_HANDSHAKING and we not finished the handshake we need to call
                // SSL_do_handshake() again
                return handshake();
            }
+            if (!isDestroyed() && SSL.bioLengthNonApplication(networkBIO) > 0) {
+                // We have something left that needs to be wrapped.
+                return NEED_WRAP;
+            }
+        }
        return status;
    }