This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push: new ce00057 Fix BZ 65368 - better handling of closed TLS connection ce00057 is described below commit ce00057fab7d407159f51f2dcadee875314f7fe4 Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Jun 10 16:56:25 2021 +0100 Fix BZ 65368 - better handling of closed TLS connection https://bz.apache.org/bugzilla/show_bug.cgi?id=65368 --- java/org/apache/tomcat/util/net/SecureNioChannel.java | 8 ++++++++ webapps/docs/changelog.xml | 9 +++++++++ 2 files changed, 17 insertions(+) diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java b/java/org/apache/tomcat/util/net/SecureNioChannel.java index 277193b..de47904 100644 --- a/java/org/apache/tomcat/util/net/SecureNioChannel.java +++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java @@ -651,6 +651,14 @@ public class SecureNioChannel extends NioChannel { sm.getString("channel.nio.ssl.unwrapFailResize", unwrap.getStatus())); } } + } else if (unwrap.getStatus() == Status.CLOSED && netInBuffer.position() == 0 && read > 0) { + // Clean TLS close on input side but there is application data + // to process. Can't tell if the client closed the connection + // mid-request or if the client is performing a half-close after + // a complete request. Assume it is a half-close and allow + // processing to continue. If the connection has been closed + // mid-request then the next attempt to read will trigger an + // EOF. } else { // Something else went wrong throw new IOException(sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus())); diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 389d08a..55ed106 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -105,6 +105,15 @@ issues do not "pop up" wrt. others). --> <section name="Tomcat 10.0.8 (markt)" rtext="in development"> + <subsection name="Coyote"> + <changelog> + <fix> + <bug>65368</bug>: Improve handling of clean closes of inbound TLS + connections. Treat them the same way as clean closes of non-TLS + connections rather than as unknown errors. (markt) + </fix> + </changelog> + </subsection> <subsection name="Other"> <changelog> <add> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org