Correctly clear the error stack in all cases when using ReferenceCountedOpenSslEngine. (#7941)

Motivation:

We missed to correctly clear the error stack in one case when using the ReferenceCountedOpenSslEngine. Because of this it was possible to pick up an error on an unrelated operation.

Modifications:

- Correctly clear the stack
- Add verification of empty error stack to tests.

Result:

Not possible to observe unrelated errors.
This commit is contained in:
Norman Maurer 2018-05-15 19:44:02 +02:00 committed by GitHub
parent 1d09efeeb2
commit ed54ab034d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 4 deletions

View File

@ -1093,8 +1093,6 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
}
private SSLEngineResult sslReadErrorResult(int err, int bytesConsumed, int bytesProduced) throws SSLException {
String errStr = SSL.getErrorString(err);
// Check if we have a pending handshakeException and if so see if we need to consume all pending data from the
// BIO first or can just shutdown and throw it now.
// This is needed so we ensure close_notify etc is correctly send to the remote peer.
@ -1103,11 +1101,14 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
if (handshakeException == null && handshakeState != HandshakeState.FINISHED) {
// we seems to have data left that needs to be transfered and so the user needs
// call wrap(...). Store the error so we can pick it up later.
handshakeException = new SSLHandshakeException(errStr);
handshakeException = new SSLHandshakeException(SSL.getErrorString(err));
}
// We need to clear all errors so we not pick up anything that was left on the stack on the next
// operation. Note that shutdownWithError(...) will cleanup the stack as well so its only needed here.
SSL.clearError();
return new SSLEngineResult(OK, NEED_WRAP, bytesConsumed, bytesProduced);
}
throw shutdownWithError("SSL_read", errStr);
throw shutdownWithError("SSL_read", SSL.getErrorString(err));
}
private void closeAll() throws SSLException {

View File

@ -21,7 +21,9 @@ import io.netty.handler.ssl.ApplicationProtocolConfig.SelectedListenerFailureBeh
import io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.internal.tcnative.SSL;
import io.netty.util.internal.PlatformDependent;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;
@ -82,6 +84,12 @@ public class OpenSslEngineTest extends SSLEngineTest {
assumeTrue(OpenSsl.isAvailable());
}
@Override
public void tearDown() throws InterruptedException {
super.tearDown();
Assert.assertEquals("SSL error stack not correctly consumed", 0, SSL.getLastErrorNumber());
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {