Integrated: 8293176: SSLEngine handshaker does not send an alert after a bad parameters
Daniel Jeliński
djelinski at openjdk.org
Wed Sep 27 07:37:34 UTC 2023
On Fri, 4 Aug 2023 08:17:39 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> Please review this patch that ensures that all exceptions thrown by SSLEngine delegated tasks are translated to alerts.
>
> All exceptions should already be translated to SSLExceptions and alerts by the time we exit from context.dispatch; these exceptions are rethrown by `conContext.fatal` without modification. With this patch the remaining exceptions are translated to `internal_error` alerts.
>
> SSLSocket implements similar handling in SSLSocketImpl#startHandshake. SSLSocket rethrows `SocketException`s without modification, and translates other `IOException`s to `handshake_failure` alerts. SSLEngine does not need to handle `SocketException`s, and IMO `internal_error` is a better choice here.
>
> Tier1-3 tests pass.
This pull request has now been integrated.
Changeset: fee9d336
Author: Daniel Jeliński <djelinski at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/fee9d3362c76a046bb5160b90536545e7e9a5ce9
Stats: 99 lines in 2 files changed: 98 ins; 0 del; 1 mod
8293176: SSLEngine handshaker does not send an alert after a bad parameters
Reviewed-by: mdonovan, jnimeh
-------------
PR: https://git.openjdk.org/jdk/pull/15148
More information about the security-dev
mailing list