From 1c3afda78a9dcfa7e5aadc4c31910002a567ab8f Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Mon, 5 Nov 2018 16:47:40 +0100 Subject: Add more debug logging to TlsCryptoSocket --- jrt/src/com/yahoo/jrt/TlsCryptoSocket.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java index 96aca622af4..93403f188df 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java @@ -44,6 +44,7 @@ public class TlsCryptoSocket implements CryptoSocket { // Note: Dummy buffer as unwrap requires a full size application buffer even though no application data is unwrapped this.handshakeDummyBuffer = ByteBuffer.allocate(nullSession.getApplicationBufferSize()); this.handshakeState = HandshakeState.NOT_STARTED; + log.fine(() -> "Initialized with " + sslEngine.toString()); } // inject pre-read data into the read pipeline (typically called by MaybeTlsCryptoSocket) @@ -67,6 +68,7 @@ public class TlsCryptoSocket implements CryptoSocket { private HandshakeState processHandshakeState(HandshakeState state) throws IOException { switch (state) { case NOT_STARTED: + log.fine(() -> "Initiating handshake"); sslEngine.beginHandshake(); break; case NEED_WRITE: @@ -82,6 +84,7 @@ public class TlsCryptoSocket implements CryptoSocket { } while (true) { + log.fine(() -> "SSLEngine.getHandshakeStatus(): " + sslEngine.getHandshakeStatus()); switch (sslEngine.getHandshakeStatus()) { case NOT_HANDSHAKING: if (wrapBuffer.bytes() > 0) return HandshakeState.NEED_WRITE; @@ -90,6 +93,7 @@ public class TlsCryptoSocket implements CryptoSocket { SSLSession session = sslEngine.getSession(); sessionApplicationBufferSize = session.getApplicationBufferSize(); sessionPacketBufferSize = session.getPacketBufferSize(); + log.fine(() -> String.format("Handshake complete: protocol=%s, cipherSuite=%s", session.getProtocol(), session.getCipherSuite())); return HandshakeState.COMPLETED; case NEED_TASK: sslEngine.getDelegatedTask().run(); -- cgit v1.2.3 From c91312a1a2e005224af729f951cb2c71b98c9ac0 Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Mon, 5 Nov 2018 16:48:30 +0100 Subject: Verify handshake is complete in write() + flush() --- jrt/src/com/yahoo/jrt/TlsCryptoSocket.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java index 93403f188df..39cd9f6c4f2 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java @@ -154,6 +154,7 @@ public class TlsCryptoSocket implements CryptoSocket { @Override public int write(ByteBuffer src) throws IOException { + verifyHandshakeCompleted(); if (flush() == FlushResult.NEED_WRITE) return 0; int totalBytesWrapped = 0; int bytesWrapped; @@ -166,6 +167,7 @@ public class TlsCryptoSocket implements CryptoSocket { @Override public FlushResult flush() throws IOException { + verifyHandshakeCompleted(); channelWrite(); return wrapBuffer.bytes() > 0 ? FlushResult.NEED_WRITE : FlushResult.DONE; } -- cgit v1.2.3