Merge pull request #234 from cconlon/socketConnect
SSLSocket: remove unnecessary connect() override, log and close socket on doHandshake SSLExceptionpull/235/head
JacobBarthelmeh
GitHub
commit
fd51ab9a19
|
|
@ -52,16 +52,17 @@ if ("${WOLFSSL_PKG_TYPE}" MATCHES "normal")
|
||||||
-DHAVE_CRL -DHAVE_OCSP -DHAVE_CRL_MONITOR
|
-DHAVE_CRL -DHAVE_OCSP -DHAVE_CRL_MONITOR
|
||||||
-DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER
|
-DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER
|
||||||
-DHAVE_PK_CALLBACKS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN
|
-DHAVE_PK_CALLBACKS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN
|
||||||
-DHAVE_SNI -DHAVE_ALPN -DNO_RC4 -DHAVE_ENCRYPT_THEN_MAC
|
-DWOLFSSL_CERT_REQ -DHAVE_SNI -DHAVE_ALPN -DNO_RC4
|
||||||
-DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS -DHAVE_DH_DEFAULT_PARAMS
|
-DHAVE_ENCRYPT_THEN_MAC -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS
|
||||||
-DNO_ERROR_QUEUE -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING
|
-DHAVE_DH_DEFAULT_PARAMS -DNO_ERROR_QUEUE -DWOLFSSL_EITHER_SIDE
|
||||||
-DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID
|
-DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT
|
||||||
-DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_ALWAYS_VERIFY_CB
|
-DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL
|
||||||
-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS
|
-DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_VERIFY_CB_ALL_CERTS
|
||||||
-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET
|
-DWOLFSSL_EXTRA_ALERTS -DHAVE_EXT_CACHE
|
||||||
-DWOLFSSL_AKID_NAME -DHAVE_CTS -DNO_DES3 -DGCM_TABLE_4BIT
|
-DWOLFSSL_FORCE_CACHE_ON_TICKET -DWOLFSSL_AKID_NAME -DHAVE_CTS
|
||||||
-DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT
|
-DNO_DES3 -DGCM_TABLE_4BIT -DTFM_TIMING_RESISTANT
|
||||||
-DHAVE_AESGCM -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8
|
-DECC_TIMING_RESISTANT -DHAVE_AESGCM -DSIZEOF_LONG=4
|
||||||
|
-DSIZEOF_LONG_LONG=8
|
||||||
|
|
||||||
# For gethostbyname()
|
# For gethostbyname()
|
||||||
-DHAVE_NETDB_H
|
-DHAVE_NETDB_H
|
||||||
|
|
@ -156,12 +157,12 @@ elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
|
||||||
-DNO_RC4 -DNO_MD4 -DNO_MD5 -DNO_DES3 -DNO_DSA -DNO_RABBIT
|
-DNO_RC4 -DNO_MD4 -DNO_MD5 -DNO_DES3 -DNO_DSA -DNO_RABBIT
|
||||||
|
|
||||||
-DWOLFSSL_JNI -DHAVE_EX_DATA -DHAVE_OCSP -DHAVE_CRL_MONITOR
|
-DWOLFSSL_JNI -DHAVE_EX_DATA -DHAVE_OCSP -DHAVE_CRL_MONITOR
|
||||||
-DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DHAVE_SNI -DHAVE_ALPN
|
-DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DWOLFSSL_CERT_REQ
|
||||||
-DWOLFSSL_ENCRYPTED_KEYS -DNO_ERROR_QUEUE -DWOLFSSL_EITHER_SIDE
|
-DHAVE_SNI -DHAVE_ALPN -DWOLFSSL_ENCRYPTED_KEYS -DNO_ERROR_QUEUE
|
||||||
-DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID
|
-DWOLFSSL_EITHER_SIDE -DWOLFSSL_PSS_LONG_SALT
|
||||||
-DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_EXTRA_ALERTS
|
-DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL
|
||||||
-DWOLFSSL_FORCE_CACHE_ON_TICKET -DWOLFSSL_AKID_NAME -DHAVE_CTS
|
-DWOLFSSL_EXTRA_ALERTS -DWOLFSSL_FORCE_CACHE_ON_TICKET
|
||||||
-DKEEP_PEER_CERT -DSESSION_CERTS
|
-DWOLFSSL_AKID_NAME -DHAVE_CTS -DKEEP_PEER_CERT -DSESSION_CERTS
|
||||||
-DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8
|
-DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8
|
||||||
|
|
||||||
# For gethostbyname()
|
# For gethostbyname()
|
||||||
|
|
|
||||||
|
|
@ -1456,6 +1456,8 @@ public class WolfSSLSocket extends SSLSocket {
|
||||||
@Override
|
@Override
|
||||||
public synchronized void startHandshake() throws IOException {
|
public synchronized void startHandshake() throws IOException {
|
||||||
int ret;
|
int ret;
|
||||||
|
int err = 0;
|
||||||
|
String errStr = "";
|
||||||
|
|
||||||
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||||
"entered startHandshake(), trying to get handshakeLock");
|
"entered startHandshake(), trying to get handshakeLock");
|
||||||
|
|
@ -1506,19 +1508,25 @@ public class WolfSSLSocket extends SSLSocket {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
ret = EngineHelper.doHandshake(0, this.getSoTimeout());
|
ret = EngineHelper.doHandshake(0, this.getSoTimeout());
|
||||||
|
err = ssl.getError(ret);
|
||||||
|
errStr = WolfSSL.getErrorString(err);
|
||||||
|
|
||||||
|
/* close socket if the handshake is unsuccessful */
|
||||||
} catch (SocketTimeoutException e) {
|
} catch (SocketTimeoutException e) {
|
||||||
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||||
"got socket timeout in doHandshake()");
|
"got socket timeout in doHandshake()");
|
||||||
/* close socket if the handshake is unsuccessful */
|
close();
|
||||||
|
throw e;
|
||||||
|
|
||||||
|
} catch (SSLException e) {
|
||||||
|
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||||
|
"native handshake failed in doHandshake(): error code: " +
|
||||||
|
err + ", TID " + Thread.currentThread().getId() + ")");
|
||||||
close();
|
close();
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||||
int err = ssl.getError(ret);
|
|
||||||
String errStr = WolfSSL.getErrorString(err);
|
|
||||||
|
|
||||||
/* close socket if the handshake is unsuccessful */
|
|
||||||
close();
|
close();
|
||||||
throw new SSLHandshakeException(errStr + " (error code: " +
|
throw new SSLHandshakeException(errStr + " (error code: " +
|
||||||
err + ", TID " + Thread.currentThread().getId() + ")");
|
err + ", TID " + Thread.currentThread().getId() + ")");
|
||||||
|
|
@ -2070,51 +2078,7 @@ public class WolfSSLSocket extends SSLSocket {
|
||||||
/**
|
/**
|
||||||
* Connects the underlying Socket associated with this SSLSocket.
|
* Connects the underlying Socket associated with this SSLSocket.
|
||||||
*
|
*
|
||||||
* @param endpoint address of peer to connect underlying Socket to
|
* Also called by super.connect(SocketAddress).
|
||||||
*
|
|
||||||
* @throws IOException upon error connecting Socket
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public synchronized void connect(SocketAddress endpoint)
|
|
||||||
throws IOException {
|
|
||||||
|
|
||||||
InetSocketAddress address = null;
|
|
||||||
|
|
||||||
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
|
||||||
"entered connect(SocketAddress endpoint)");
|
|
||||||
|
|
||||||
if (!(endpoint instanceof InetSocketAddress)) {
|
|
||||||
throw new IllegalArgumentException("endpoint is not of type " +
|
|
||||||
"InetSocketAddress");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (this.socket != null) {
|
|
||||||
this.socket.connect(endpoint);
|
|
||||||
} else {
|
|
||||||
super.connect(endpoint);
|
|
||||||
}
|
|
||||||
|
|
||||||
address = (InetSocketAddress)endpoint;
|
|
||||||
|
|
||||||
/* register host/port for session resumption in case where
|
|
||||||
createSocket() was called without host/port, but
|
|
||||||
SSLSocket.connect() was explicitly called with SocketAddress */
|
|
||||||
if (address != null && EngineHelper != null) {
|
|
||||||
EngineHelper.setHostAndPort(
|
|
||||||
address.getAddress().getHostAddress(),
|
|
||||||
address.getPort());
|
|
||||||
EngineHelper.setPeerAddress(address.getAddress());
|
|
||||||
}
|
|
||||||
|
|
||||||
/* if user is calling after WolfSSLSession creation, register
|
|
||||||
socket fd with native wolfSSL */
|
|
||||||
if (ssl != null) {
|
|
||||||
checkAndInitSSLSocket();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Connects the underlying Socket associated with this SSLSocket.
|
|
||||||
*
|
*
|
||||||
* @param endpoint address of peer to connect underlying socket to
|
* @param endpoint address of peer to connect underlying socket to
|
||||||
* @param timeout timeout value to set for underlying Socket connection
|
* @param timeout timeout value to set for underlying Socket connection
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue