Throw a special SSLException if a non SSL/TLS record was detected. See #437

src/main/java/org/jboss/netty/handler/ssl/NotSslRecordException.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2012 The Netty Project
+ *
+ * The Netty Project licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ssl;
+
+import javax.net.ssl.SSLException;
+
+/**
+ * Special {@link SSLException} which will get thrown if a packet is
+ * received that not looks like a TLS/SSL record. A user can check for
+ * this {@link NotSslRecordException} and so detect if one peer tries to
+ * use secure and the other plain connection.
+ *
+ *
+ */
+public class NotSslRecordException extends SSLException {
+
+    private static final long serialVersionUID = -4316784434770656841L;
+
+    public NotSslRecordException(String reason) {
+        super(reason);
+    }
+}

src/main/java/org/jboss/netty/handler/ssl/SslHandler.java

@@ -635,7 +635,7 @@ public class SslHandler extends FrameDecoder
 
                 if (!sslv2) {
                     // Bad data - discard the buffer and raise an exception.
-                    SSLException e = new SSLException(
+                    NotSslRecordException e = new NotSslRecordException(
                             "not an SSL/TLS record: " + ChannelBuffers.hexDump(buffer));
                     buffer.skipBytes(buffer.readableBytes());
                     throw e;

src/test/java/org/jboss/netty/handler/ssl/SslHandlerTest.java

@@ -0,0 +1,43 @@
+ /*
+ * The Netty Project licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ssl;
+
+import java.util.Random;
+
+import org.jboss.netty.buffer.ChannelBuffer;
+import org.jboss.netty.buffer.ChannelBuffers;
+import org.jboss.netty.example.securechat.SecureChatSslContextFactory;
+import org.jboss.netty.handler.codec.embedder.CodecEmbedderException;
+import org.jboss.netty.handler.codec.embedder.DecoderEmbedder;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class SslHandlerTest {
+
+    private final Random random = new Random();
+    
+    @Test
+    public void testDetectNonSslRecord() {
+        byte[] data = new byte[1024];
+        random.nextBytes(data);
+        
+        DecoderEmbedder<ChannelBuffer> em = new DecoderEmbedder<ChannelBuffer>(new SslHandler(SecureChatSslContextFactory.getServerContext().createSSLEngine()));
+        try {
+            em.offer(ChannelBuffers.wrappedBuffer(data));
+            Assert.fail();
+        } catch (CodecEmbedderException e) {
+            Assert.assertTrue(e.getCause() instanceof NotSslRecordException);
+        }
+    }
+}