RFR: 8293176: SSLEngine handshaker does not send an alert after a bad parameters
Daniel Jeliński
djelinski at openjdk.org
Fri Aug 4 08:39:46 UTC 2023
Please review this patch that ensures that all exceptions thrown by SSLEngine delegated tasks are translated to alerts.
All exceptions should already be translated to SSLExceptions and alerts by the time we exit from context.dispatch; these exceptions are rethrown by `conContext.fatal` without modification. With this patch the remaining exceptions are translated to `internal_error` alerts.
SSLSocket implements similar handling in SSLSocketImpl#startHandshake. SSLSocket rethrows `SocketException`s without modification, and translates other `IOException`s to `handshake_failure` alerts. SSLEngine does not need to handle `SocketException`s, and IMO `internal_error` is a better choice here.
Tier1-3 tests pass.
-------------
Commit messages:
- Add test, send alert
Changes: https://git.openjdk.org/jdk/pull/15148/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15148&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8293176
Stats: 99 lines in 2 files changed: 98 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/15148.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/15148/head:pull/15148
PR: https://git.openjdk.org/jdk/pull/15148
More information about the security-dev
mailing list