andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[#915] [#923] Expanded scope of the handshake locks in SSLHandler to avoid possible negotiation after the first SSLEngine wrap

Browse Source
This commit is contained in:
Aaron 2013-01-10 09:57:37 -08:00 committed by Norman Maurer
parent 223209864a
commit ca7702f38c
1 changed files with 78 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/org/jboss/netty/handler/ssl/SslHandler.java
View File

@ -402,6 +402,7 @@ public class SslHandler extends FrameDecoder
* succeeds or fails. * succeeds or fails.
*/ */
public ChannelFuture handshake() { public ChannelFuture handshake() {
synchronized (handshakeLock) {
if (handshaken && !isEnableRenegotiation()) { if (handshaken && !isEnableRenegotiation()) {
throw new IllegalStateException("renegotiation disabled"); throw new IllegalStateException("renegotiation disabled");
} }
@ -411,10 +412,10 @@ public class SslHandler extends FrameDecoder
ChannelFuture handshakeFuture; ChannelFuture handshakeFuture;
Exception exception = null; Exception exception = null;
synchronized (handshakeLock) {
if (handshaking) { if (handshaking) {
return this.handshakeFuture; return this.handshakeFuture;
} else { }
handshaking = true; handshaking = true;
try { try {
engine.beginHandshake(); engine.beginHandshake();
@ -437,8 +438,6 @@ public class SslHandler extends FrameDecoder
handshakeFuture = this.handshakeFuture = failedFuture(channel, e); handshakeFuture = this.handshakeFuture = failedFuture(channel, e);
exception = e; exception = e;
} }
}
}
if (exception == null) { // Began handshake successfully. if (exception == null) { // Began handshake successfully.
try { try {
@ -470,9 +469,9 @@ public class SslHandler extends FrameDecoder
Channels.close(ctx, future(channel)); Channels.close(ctx, future(channel));
} }
} }
return handshakeFuture; return handshakeFuture;
} }
}
/** /**
* @deprecated Use {@link #handshake()} instead. * @deprecated Use {@link #handshake()} instead.
@ -1282,6 +1281,7 @@ public class SslHandler extends FrameDecoder
} }
private void handleRenegotiation(HandshakeStatus handshakeStatus) { private void handleRenegotiation(HandshakeStatus handshakeStatus) {
synchronized (handshakeLock) {
if (handshakeStatus == HandshakeStatus.NOT_HANDSHAKING || if (handshakeStatus == HandshakeStatus.NOT_HANDSHAKING ||
handshakeStatus == HandshakeStatus.FINISHED) { handshakeStatus == HandshakeStatus.FINISHED) {
// Not handshaking // Not handshaking
@ -1294,7 +1294,6 @@ public class SslHandler extends FrameDecoder
} }
final boolean renegotiate; final boolean renegotiate;
synchronized (handshakeLock) {
if (handshaking) { if (handshaking) {
// Renegotiation in progress or failed already. // Renegotiation in progress or failed already.
// i.e. Renegotiation check has been done already below. // i.e. Renegotiation check has been done already below.
@ -1315,7 +1314,6 @@ public class SslHandler extends FrameDecoder
// Prevent reentrance of this method. // Prevent reentrance of this method.
handshaking = true; handshaking = true;
} }
}
if (renegotiate) { if (renegotiate) {
// Renegotiate. // Renegotiate.
@ -1331,6 +1329,7 @@ public class SslHandler extends FrameDecoder
Channels.close(ctx, succeededFuture(ctx.getChannel())); Channels.close(ctx, succeededFuture(ctx.getChannel()));
} }
} }
}
private void runDelegatedTasks() { private void runDelegatedTasks() {
for (;;) { for (;;) {