RFR: 8237578: JDK-8214339 (SSLSocketImpl wraps SocketException) appears to not be fully fixed [v4]

Clive Verghese cverghese at openjdk.java.net
Sat Jan 9 04:56:14 UTC 2021 

On Fri, 8 Jan 2021 21:20:15 GMT, Clive Verghese <cverghese at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java line 452:
>> 
>>> 450:             } catch (SocketException se) {
>>> 451:                 // don't change exception in case of SocketException
>>> 452:                 throw se;
>> 
>> Maybe, the fatal alter could be sent before thrown the socket exception.
>
> The client is sending the fatal, 
> 
> However, the server, since it's producing the message, It's not reading from the socket to see that the client sent the `bad_certificate` 
> 
> SERVER                                                                  CLIENT
> *                                <------------                       CLIENT_HELLO
> CLIENT_HELLO_CONSUMER
> SERVER_HELLO_PRODUCER            ------------->                     SERVER_HELLO_CONSUMER
> CERTIFICATE_PRODUCER             ------------->                     CERTIFICATE_CONSUMER
> CERTIFICATE_STATUS               ------------->                     Still in CERTIFICATE_CONSUMER
> START SERVER_KEY_EXCHANGE_PRODUCER
> *                                <-------------                    CERTIFICATE_CONSUMER sends bad_certificate alert
> *                                <-------------                    CLIENT_CLOSES_SOCKET
> SERVER_KEY_EXCHANGE_PRODUCER
> attempts to write to socket      --------||||
> (broken_pipe exception)
> 
> Server throws a SocketException(broken_pipe) exception instead of SSLException(bad_certificate) or SSLHandshakeException(bad_certificate)
> 
> When in the producer, the server does not read from the socket, and hence does not process the bad_certificate alert from the client
> 
> The SERVER_KEY_EXCHANGE produce then attempts to write to the socket, which encounters the broken pipe. 
> 
> We could, in the SSLSocketImpl::handleException, attempt to check if there is a message available in the socket. If so, read the message and throw the appropriate exception. 
> 
> I could open a follow up JBS issue to address this. 
> 
> A draft for the fix is 
> https://github.com/cliveverghese/jdk/commit/93dba96940d12e930e84e86b6a7f7b4dc918a450

I have created a follow-up JBS issue for the issue,
https://bugs.openjdk.java.net/browse/JDK-8259516

The fix for that is available https://github.com/cliveverghese/jdk/commit/a1bc71141b54f90d9d75bd80f6e8068315e78002

I will wait for this to be merged to create the pull request for JDK-8259516.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1968

More information about the security-dev mailing list