Commit 79227386 authored by Guus der Kinderen's avatar Guus der Kinderen

OF-793: Improve exception message

When a peer sends a non-encrypted data where we expected encrypted,
a confusing exception is logged. This commit wraps that exception,
giving a clear explanation.

This typically occurs during a failed TLS handshake, where the peers
should be closing the connection without sending data, but does not
so (typically, the exceptions that are logged indicate that
</failure or </stream is received in plain text).
parent a67661c3
...@@ -136,7 +136,16 @@ public class TLSWrapper { ...@@ -136,7 +136,16 @@ public class TLSWrapper {
public ByteBuffer unwrap(ByteBuffer net, ByteBuffer app) throws SSLException { public ByteBuffer unwrap(ByteBuffer net, ByteBuffer app) throws SSLException {
ByteBuffer out = app; ByteBuffer out = app;
out = resizeApplicationBuffer(out);// guarantees enough room for unwrap out = resizeApplicationBuffer(out);// guarantees enough room for unwrap
tlsEngineResult = tlsEngine.unwrap(net, out); try {
tlsEngineResult = tlsEngine.unwrap( net, out );
} catch ( SSLException e ) {
if ( e.getMessage().startsWith( "Unsupported record version Unknown-" ) ) {
throw new SSLException( "We appear to have received plain text data where we expected encrypted data. A common cause for this is a peer sending us a plain-text error message when it shouldn't send a message, but close the socket instead).", e );
}
else {
throw e;
}
}
log("server unwrap: ", tlsEngineResult); log("server unwrap: ", tlsEngineResult);
if (tlsEngineResult.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { if (tlsEngineResult.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
// If the result indicates that we have outstanding tasks to do, go // If the result indicates that we have outstanding tasks to do, go
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment