Commit c0c1eaa7 authored by Guus der Kinderen's avatar Guus der Kinderen

Merge pull request #466 from guusdk/OF-1009

OF-1009: Ignore the exception indicating an error
parents a9815e8a de8b98ff
......@@ -28,6 +28,7 @@ import org.jivesoftware.util.JiveGlobals;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import java.io.IOException;
import java.io.InputStream;
......@@ -219,7 +220,16 @@ public class TLSStreamHandler {
case NEED_UNWRAP:
if (rbc.read(incomingNetBB) == -1) {
tlsEngine.closeInbound();
try {
tlsEngine.closeInbound();
} catch (javax.net.ssl.SSLException ex) {
// OF-1009 Process these as a 'normal' handshake rejection - it's the peer closing the connection abruptly.
if ("Inbound closed before receiving peer's close_notify: possible truncation attack?".equals( ex.getMessage() ) ) {
throw new SSLHandshakeException( "The peer closed the connection while performing a TLS handshake." );
}
throw ex;
}
return initialHSComplete;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment