RFR: 8293176: SSLEngine handshaker does not send an alert after a bad parameters [v2]
Daniel Jeliński
djelinski at openjdk.org
Fri Aug 11 21:38:04 UTC 2023
> Please review this patch that ensures that all exceptions thrown by SSLEngine delegated tasks are translated to alerts.
>
> All exceptions should already be translated to SSLExceptions and alerts by the time we exit from context.dispatch; these exceptions are rethrown by `conContext.fatal` without modification. With this patch the remaining exceptions are translated to `internal_error` alerts.
>
> SSLSocket implements similar handling in SSLSocketImpl#startHandshake. SSLSocket rethrows `SocketException`s without modification, and translates other `IOException`s to `handshake_failure` alerts. SSLEngine does not need to handle `SocketException`s, and IMO `internal_error` is a better choice here.
>
> Tier1-3 tests pass.
Daniel Jeliński has updated the pull request incrementally with two additional commits since the last revision:
- Fix exception handling
- Fix indentation
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/15148/files
- new: https://git.openjdk.org/jdk/pull/15148/files/4e2d43de..33fee1fc
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=15148&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=15148&range=00-01
Stats: 15 lines in 1 file changed: 0 ins; 0 del; 15 mod
Patch: https://git.openjdk.org/jdk/pull/15148.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/15148/head:pull/15148
PR: https://git.openjdk.org/jdk/pull/15148
More information about the security-dev
mailing list