RFR: 8293176: SSLEngine handshaker does not send an alert after a bad parameters [v2]
Daniel Jeliński
djelinski at openjdk.org
Wed Sep 27 07:37:32 UTC 2023
On Fri, 11 Aug 2023 21:38:04 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> Please review this patch that ensures that all exceptions thrown by SSLEngine delegated tasks are translated to alerts.
>>
>> All exceptions should already be translated to SSLExceptions and alerts by the time we exit from context.dispatch; these exceptions are rethrown by `conContext.fatal` without modification. With this patch the remaining exceptions are translated to `internal_error` alerts.
>>
>> SSLSocket implements similar handling in SSLSocketImpl#startHandshake. SSLSocket rethrows `SocketException`s without modification, and translates other `IOException`s to `handshake_failure` alerts. SSLEngine does not need to handle `SocketException`s, and IMO `internal_error` is a better choice here.
>>
>> Tier1-3 tests pass.
>
> Daniel Jeliński has updated the pull request incrementally with two additional commits since the last revision:
>
> - Fix exception handling
> - Fix indentation
Thanks for the reviews!
-------------
PR Comment: https://git.openjdk.org/jdk/pull/15148#issuecomment-1736857972
More information about the security-dev
mailing list