Commit c2740984 authored by Guus der Kinderen's avatar Guus der Kinderen

OF-973: When STARTTLS negotion fails, send nothing

Nothing should be transmitted when STARTTLS negotiation fails, not even
a stream close.
parent 581d07aa
......@@ -473,6 +473,16 @@ public class SocketConnection implements Connection {
return backupDeliverer;
}
/**
* Closes the connection without sending any data (not even a stream end-tag).
*/
public void forceClose() {
close( true );
}
/**
* Closes the connection after trying to send a stream end tag.
*/
@Override
public void close() {
close( false );
......@@ -554,7 +564,7 @@ public class SocketConnection implements Connection {
Log.debug("Closing connection: " + this + " that started sending data at: " +
new Date(writeTimestamp));
}
close(true); // force
forceClose();
return true;
}
else {
......@@ -567,7 +577,7 @@ public class SocketConnection implements Connection {
if (Log.isDebugEnabled()) {
Log.debug("Closing connection that has been idle: " + this);
}
close(true); // force
forceClose();
return true;
}
}
......
......@@ -87,9 +87,9 @@ abstract class SocketReadingMode {
socketReader.connection.startTLS(false);
}
catch (SSLHandshakeException e) {
// RFC3620, section 5.4.3.2 "STARTTLS Failure" - close the socket *without* sending a <failure/> element.
// RFC3620, section 5.4.3.2 "STARTTLS Failure" - close the socket *without* sending any more data (<failure/> nor </stream>).
Log.info( "STARTTLS negotiation (with: {}) failed.", socketReader.connection, e );
socketReader.connection.close();
socketReader.connection.forceClose();
return false;
}
catch (IOException | RuntimeException e) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment