RFR: 8237578: JDK-8214339 (SSLSocketImpl wraps SocketException) appears to not be fully fixed
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Thu Jan 7 23:44:00 UTC 2021
On Wed, 6 Jan 2021 23:28:34 GMT, Clive Verghese <cverghese at openjdk.org> wrote:
> This PR aims to revert some more cases where SocketExceptions are improperly being wrapped as SSLException. Some work for this was done in [JDK-8235263](https://bugs.openjdk.java.net/browse/JDK-8235263), but that change did not cover all the cases.
>
> As it was mentioned in JDK-8235263, some applications rely on receiving SocketException to decide if the connection should be retried. An example of this would be Apache HTTP client. This PR should ideally fix https://issues.apache.org/jira/browse/HTTPCLIENT-2032
Changes requested by xuelei (Reviewer).
src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java line 1678:
> 1676: // Don't close the Socket in case of timeouts, interrupts or SocketException.
> 1677: if (cause instanceof InterruptedIOException ||
> 1678: cause instanceof SocketException) {
Maybe we still need to shutdown the connection with a fatal alter for socket exception, otherwise there might be socket leaks. Instead, the socket exception could be thrown after the fatal alert.
src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java line 452:
> 450: } catch (SocketException se) {
> 451: // don't change exception in case of SocketException
> 452: throw se;
Maybe, the fatal alter could be sent before thrown the socket exception.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1968
More information about the security-dev
mailing list