SSLEngine.wrap(...) returns NOT_HANDSHAKING even when the alert was not consumed yet in latest JDK12 release (possible regression).
Norman Maurer
norman.maurer at googlemail.com
Mon Mar 4 20:15:08 UTC 2019
Any comments here ?
Bye
Norman
> On 28. Feb 2019, at 09:24, Norman Maurer <norman.maurer at googlemail.com> wrote:
>
> Hi all,
>
> I think I found a possible regression / bug in the latest JDK12 release when trying to upgrade the Netty CI server to test with the latest JDK12 release. The problem is that SSLEngine.wrap(…) returns NOT_HANDSHAKING even when there are bytes left that should be consumed (the alert itself). My understanding is that it should only return “NOT_HANDSHAKING” once we also consumed the alert. Please correct me if I wrong tho.
>
> I pushed a reproducer for this here:
>
> https://github.com/normanmaurer/jdk12_ssl_engine_unwrap_bug <https://github.com/normanmaurer/jdk12_ssl_engine_unwrap_bug>
>
> When running this on the latest JDK12 release (and later JDK versions) it will fail with an AssertionError, while everything works as expected when using earlier Java versions.
>
> Here is the Java version I used to reproduce:
>
> # java -version
> openjdk version "12" 2019-03-19
> OpenJDK Runtime Environment (build 12+33)
> OpenJDK 64-Bit Server VM (build 12+33, mixed mode, sharing)
>
>
> It seems like this was not always the case for Java12 tho, as I can not reproduce it with this version:
>
> #java -version
> openjdk version "12-ea" 2019-03-19
> OpenJDK Runtime Environment (build 12-ea+27)
> OpenJDK 64-Bit Server VM (build 12-ea+27, mixed mode, sharing)
>
> I don't have all the “in between” releases on my machine atm so I can not tell exactly on which release this “broke” :/
>
> Thanks
> Norman
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190304/f4594be1/attachment.htm>
More information about the security-dev
mailing list