Throw a special SSLException if a non SSL/TLS record was detected. See #437
This commit is contained in:
parent
18fb438949
commit
9a1344c3ae
@ -0,0 +1,35 @@
|
||||
/*
|
||||
* Copyright 2012 The Netty Project
|
||||
*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jboss.netty.handler.ssl;
|
||||
|
||||
import javax.net.ssl.SSLException;
|
||||
|
||||
/**
|
||||
* Special {@link SSLException} which will get thrown if a packet is
|
||||
* received that not looks like a TLS/SSL record. A user can check for
|
||||
* this {@link NotSslRecordException} and so detect if one peer tries to
|
||||
* use secure and the other plain connection.
|
||||
*
|
||||
*
|
||||
*/
|
||||
public class NotSslRecordException extends SSLException {
|
||||
|
||||
private static final long serialVersionUID = -4316784434770656841L;
|
||||
|
||||
public NotSslRecordException(String reason) {
|
||||
super(reason);
|
||||
}
|
||||
}
|
@ -635,7 +635,7 @@ public class SslHandler extends FrameDecoder
|
||||
|
||||
if (!sslv2) {
|
||||
// Bad data - discard the buffer and raise an exception.
|
||||
SSLException e = new SSLException(
|
||||
NotSslRecordException e = new NotSslRecordException(
|
||||
"not an SSL/TLS record: " + ChannelBuffers.hexDump(buffer));
|
||||
buffer.skipBytes(buffer.readableBytes());
|
||||
throw e;
|
||||
|
@ -0,0 +1,43 @@
|
||||
/*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jboss.netty.handler.ssl;
|
||||
|
||||
import java.util.Random;
|
||||
|
||||
import org.jboss.netty.buffer.ChannelBuffer;
|
||||
import org.jboss.netty.buffer.ChannelBuffers;
|
||||
import org.jboss.netty.example.securechat.SecureChatSslContextFactory;
|
||||
import org.jboss.netty.handler.codec.embedder.CodecEmbedderException;
|
||||
import org.jboss.netty.handler.codec.embedder.DecoderEmbedder;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
public class SslHandlerTest {
|
||||
|
||||
private final Random random = new Random();
|
||||
|
||||
@Test
|
||||
public void testDetectNonSslRecord() {
|
||||
byte[] data = new byte[1024];
|
||||
random.nextBytes(data);
|
||||
|
||||
DecoderEmbedder<ChannelBuffer> em = new DecoderEmbedder<ChannelBuffer>(new SslHandler(SecureChatSslContextFactory.getServerContext().createSSLEngine()));
|
||||
try {
|
||||
em.offer(ChannelBuffers.wrappedBuffer(data));
|
||||
Assert.fail();
|
||||
} catch (CodecEmbedderException e) {
|
||||
Assert.assertTrue(e.getCause() instanceof NotSslRecordException);
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user