On Wed, 31 Mar 2021 20:52:57 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
> As described in the bug, by connecting the SSLEngine with a misbehaving peer > SSL implementation, it can get into a state where it calling `wrap` reports > getStatus == OK, getHandshakeStatus === NEED_WRAP but still doesn't produce > any further output. It happens when the output bound is not empty. > > It is caused by a mismatching condition in the SSLEngineOutputRecord. The > use hasAlert() method should be replaced with isEmpty(). Otherwise, there is > conflicts of the closing status while checking with OutputRecord.isEmpty() in > TransportContext.getHandshakeStatus() implementation. It is safe to remove > hasAlert() method, as we don't allow creation of new output record if the > closure is in progress, thus isEmpty() could be used instead. > > The patch passed the test provided by the bug submitter. This pull request has now been integrated. Changeset: 1a37bce5 Author: Xue-Lei Andrew Fan <xue...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/1a37bce5afc55ad13d1406a989dbf58992746204 Stats: 54 lines in 4 files changed: 10 ins; 14 del; 30 mod 8263779: SSLEngine reports NEED_WRAP continuously without producing any further output Reviewed-by: wetmore ------------- PR: https://git.openjdk.java.net/jdk/pull/3292
