RFR: 8268965: TCP Connection Reset when connecting simple socket to SSL server [v2]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Wed Jul 7 17:24:51 UTC 2021


On Wed, 7 Jul 2021 10:15:19 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:

>> Please review the fix for JDK-8268965.
>> 
>> The new jtreg test is added for the described issue.
>> sun/security/ssl and javax/net/ssl tests are passed
>
> Alexey Bakhtin has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add read lock for inputRecord.deplete

src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java line 1789:

> 1787:                     appInput.readLock.unlock();
> 1788:                 }
> 1789:             }

The blocking on close() may be not good in practice. I would use tryLock() rather than lock() so as to avoid closure blocking.  tryLock() is not perfect, but it may be better than blocking the close().

BTW, you could use the intanceof pattern matching so as to avoid the cast (See https://openjdk.java.net/jeps/394).


            if (conContext.inputRecord instanceof
                                SSLSocketInputRecord inputRecord && isConnected) {
                 if (appInput.readLock.tryLock()) {
                    try {
                        inputRecord.deplete(false);
                    } finally {
                       appInput.readLock.unlock();
                    }
                 }
              }

-------------

PR: https://git.openjdk.java.net/jdk/pull/4520



More information about the security-dev mailing list