I checked that test and you are correct it fails. I could easily add mEngine.isInboundDone() check and bypass decoding and the same for encoding. However, I pose this question. Should we really support this behavior in the SSLFilter; couldn't that lead to situations where someone is expecting an encrypted session without knowing it was removed? I removed the attribute to enable and disable SSL because that was inherently insecure and prone to concurrent/race conditions.
The best thing we could probably do is throw Close exceptions when receiving or writing to the closed SSLFilter. On Fri, Jan 14, 2022 at 12:30 PM Emmanuel Lécharny <[email protected]> wrote: > Hi Jonathan, > > I'm reviewing the SSL code in Mina 2.2 and we have an issue in a > specific use case, ie ConnectorTest.testTCPWithSSL: > - the client establishes a SSL connection > - it sends some data (all is ok) > - the client removes the SSL filter (but keep the connection opened) > - it tries to send clear text messages and the Sslhandler is trying to > uncrypt them > > The pb is probably in the test where the server does not remove the > SslFilter from the chain. Note that this test is @disabled in 2.1.X (and > I'm positive that this test has the same issue in 2.1.X) > > I think we either have to fix the test (removing the SslFilter from the > server when we remove it from the client) or @ignore the test. > -- > *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE > T. +33 (0)4 89 97 36 50 > P. +33 (0)6 08 33 32 61 > [email protected] https://www.busit.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
