< prev index next >

src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java

Print this page

        

*** 36,46 **** import java.net.SocketAddress; import java.net.SocketException; import java.net.UnknownHostException; import java.nio.ByteBuffer; import java.util.List; - import java.util.concurrent.locks.ReentrantLock; import java.util.function.BiFunction; import javax.net.ssl.HandshakeCompletedListener; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLParameters; --- 36,45 ----
*** 83,95 **** private String peerHost; private boolean autoClose; private boolean isConnected = false; private volatile boolean tlsIsClosed = false; - private final ReentrantLock socketLock = new ReentrantLock(); - private final ReentrantLock handshakeLock = new ReentrantLock(); - /* * Is the local name service trustworthy? * * If the local name service is not trustworthy, reverse host name * resolution should not be performed for endpoint identification. --- 82,91 ----
*** 294,354 **** public String[] getSupportedCipherSuites() { return CipherSuite.namesOf(sslContext.getSupportedCipherSuites()); } @Override ! public String[] getEnabledCipherSuites() { ! socketLock.lock(); ! try { ! return CipherSuite.namesOf( ! conContext.sslConfig.enabledCipherSuites); ! } finally { ! socketLock.unlock(); ! } } @Override ! public void setEnabledCipherSuites(String[] suites) { ! socketLock.lock(); ! try { ! conContext.sslConfig.enabledCipherSuites = ! CipherSuite.validValuesOf(suites); ! } finally { ! socketLock.unlock(); ! } } @Override public String[] getSupportedProtocols() { return ProtocolVersion.toStringArray( sslContext.getSupportedProtocolVersions()); } @Override ! public String[] getEnabledProtocols() { ! socketLock.lock(); ! try { ! return ProtocolVersion.toStringArray( ! conContext.sslConfig.enabledProtocols); ! } finally { ! socketLock.unlock(); ! } } @Override ! public void setEnabledProtocols(String[] protocols) { if (protocols == null) { throw new IllegalArgumentException("Protocols cannot be null"); } ! socketLock.lock(); ! try { ! conContext.sslConfig.enabledProtocols = ! ProtocolVersion.namesOf(protocols); ! } finally { ! socketLock.unlock(); ! } } @Override public SSLSession getSession() { try { --- 290,329 ---- public String[] getSupportedCipherSuites() { return CipherSuite.namesOf(sslContext.getSupportedCipherSuites()); } @Override ! public synchronized String[] getEnabledCipherSuites() { ! return CipherSuite.namesOf(conContext.sslConfig.enabledCipherSuites); } @Override ! public synchronized void setEnabledCipherSuites(String[] suites) { ! conContext.sslConfig.enabledCipherSuites = ! CipherSuite.validValuesOf(suites); } @Override public String[] getSupportedProtocols() { return ProtocolVersion.toStringArray( sslContext.getSupportedProtocolVersions()); } @Override ! public synchronized String[] getEnabledProtocols() { ! return ProtocolVersion.toStringArray( ! conContext.sslConfig.enabledProtocols); } @Override ! public synchronized void setEnabledProtocols(String[] protocols) { if (protocols == null) { throw new IllegalArgumentException("Protocols cannot be null"); } ! conContext.sslConfig.enabledProtocols = ! ProtocolVersion.namesOf(protocols); } @Override public SSLSession getSession() { try {
*** 364,411 **** return conContext.conSession; } @Override ! public SSLSession getHandshakeSession() { ! socketLock.lock(); ! try { ! return conContext.handshakeContext == null ? ! null : conContext.handshakeContext.handshakeSession; ! } finally { ! socketLock.unlock(); ! } } @Override ! public void addHandshakeCompletedListener( HandshakeCompletedListener listener) { if (listener == null) { throw new IllegalArgumentException("listener is null"); } ! socketLock.lock(); ! try { ! conContext.sslConfig.addHandshakeCompletedListener(listener); ! } finally { ! socketLock.unlock(); ! } } @Override ! public void removeHandshakeCompletedListener( HandshakeCompletedListener listener) { if (listener == null) { throw new IllegalArgumentException("listener is null"); } ! socketLock.lock(); ! try { ! conContext.sslConfig.removeHandshakeCompletedListener(listener); ! } finally { ! socketLock.unlock(); ! } } @Override public void startHandshake() throws IOException { if (!isConnected) { --- 339,371 ---- return conContext.conSession; } @Override ! public synchronized SSLSession getHandshakeSession() { ! return conContext.handshakeContext == null ? ! null : conContext.handshakeContext.handshakeSession; } @Override ! public synchronized void addHandshakeCompletedListener( HandshakeCompletedListener listener) { if (listener == null) { throw new IllegalArgumentException("listener is null"); } ! conContext.sslConfig.addHandshakeCompletedListener(listener); } @Override ! public synchronized void removeHandshakeCompletedListener( HandshakeCompletedListener listener) { if (listener == null) { throw new IllegalArgumentException("listener is null"); } ! conContext.sslConfig.removeHandshakeCompletedListener(listener); } @Override public void startHandshake() throws IOException { if (!isConnected) {
*** 415,426 **** if (conContext.isBroken || conContext.isInboundClosed() || conContext.isOutboundClosed()) { throw new SocketException("Socket has been closed or broken"); } ! handshakeLock.lock(); ! try { // double check the context status if (conContext.isBroken || conContext.isInboundClosed() || conContext.isOutboundClosed()) { throw new SocketException("Socket has been closed or broken"); } --- 375,385 ---- if (conContext.isBroken || conContext.isInboundClosed() || conContext.isOutboundClosed()) { throw new SocketException("Socket has been closed or broken"); } ! synchronized (conContext) { // handshake lock // double check the context status if (conContext.isBroken || conContext.isInboundClosed() || conContext.isOutboundClosed()) { throw new SocketException("Socket has been closed or broken"); }
*** 439,537 **** throw conContext.fatal(Alert.HANDSHAKE_FAILURE, "Couldn't kickstart handshaking", ioe); } catch (Exception oe) { // including RuntimeException handleException(oe); } - } finally { - handshakeLock.unlock(); } } @Override ! public void setUseClientMode(boolean mode) { ! socketLock.lock(); ! try { ! conContext.setUseClientMode(mode); ! } finally { ! socketLock.unlock(); ! } } @Override ! public boolean getUseClientMode() { ! socketLock.lock(); ! try { ! return conContext.sslConfig.isClientMode; ! } finally { ! socketLock.unlock(); ! } } @Override ! public void setNeedClientAuth(boolean need) { ! socketLock.lock(); ! try { ! conContext.sslConfig.clientAuthType = ! (need ? ClientAuthType.CLIENT_AUTH_REQUIRED : ! ClientAuthType.CLIENT_AUTH_NONE); ! } finally { ! socketLock.unlock(); ! } } @Override ! public boolean getNeedClientAuth() { ! socketLock.lock(); ! try { ! return (conContext.sslConfig.clientAuthType == ClientAuthType.CLIENT_AUTH_REQUIRED); - } finally { - socketLock.unlock(); - } } @Override ! public void setWantClientAuth(boolean want) { ! socketLock.lock(); ! try { ! conContext.sslConfig.clientAuthType = ! (want ? ClientAuthType.CLIENT_AUTH_REQUESTED : ! ClientAuthType.CLIENT_AUTH_NONE); ! } finally { ! socketLock.unlock(); ! } } @Override ! public boolean getWantClientAuth() { ! socketLock.lock(); ! try { ! return (conContext.sslConfig.clientAuthType == ClientAuthType.CLIENT_AUTH_REQUESTED); - } finally { - socketLock.unlock(); - } } @Override ! public void setEnableSessionCreation(boolean flag) { ! socketLock.lock(); ! try { ! conContext.sslConfig.enableSessionCreation = flag; ! } finally { ! socketLock.unlock(); ! } } @Override ! public boolean getEnableSessionCreation() { ! socketLock.lock(); ! try { ! return conContext.sslConfig.enableSessionCreation; ! } finally { ! socketLock.unlock(); ! } } @Override public boolean isClosed() { return tlsIsClosed; --- 398,454 ---- throw conContext.fatal(Alert.HANDSHAKE_FAILURE, "Couldn't kickstart handshaking", ioe); } catch (Exception oe) { // including RuntimeException handleException(oe); } } } @Override ! public synchronized void setUseClientMode(boolean mode) { ! conContext.setUseClientMode(mode); } @Override ! public synchronized boolean getUseClientMode() { ! return conContext.sslConfig.isClientMode; } @Override ! public synchronized void setNeedClientAuth(boolean need) { ! conContext.sslConfig.clientAuthType = ! (need ? ClientAuthType.CLIENT_AUTH_REQUIRED : ! ClientAuthType.CLIENT_AUTH_NONE); } @Override ! public synchronized boolean getNeedClientAuth() { ! return (conContext.sslConfig.clientAuthType == ClientAuthType.CLIENT_AUTH_REQUIRED); } @Override ! public synchronized void setWantClientAuth(boolean want) { ! conContext.sslConfig.clientAuthType = ! (want ? ClientAuthType.CLIENT_AUTH_REQUESTED : ! ClientAuthType.CLIENT_AUTH_NONE); } @Override ! public synchronized boolean getWantClientAuth() { ! return (conContext.sslConfig.clientAuthType == ClientAuthType.CLIENT_AUTH_REQUESTED); } @Override ! public synchronized void setEnableSessionCreation(boolean flag) { ! conContext.sslConfig.enableSessionCreation = flag; } @Override ! public synchronized boolean getEnableSessionCreation() { ! return conContext.sslConfig.enableSessionCreation; } @Override public boolean isClosed() { return tlsIsClosed;
*** 616,646 **** } } // Need a lock here so that the user_canceled alert and the // close_notify alert can be delivered together. - conContext.outputRecord.recordLock.lock(); try { ! try { // send a user_canceled alert if needed. if (useUserCanceled) { conContext.warning(Alert.USER_CANCELED); } // send a close_notify alert conContext.warning(Alert.CLOSE_NOTIFY); - } finally { - if (!conContext.isOutboundClosed()) { - conContext.outputRecord.close(); - } - - if ((autoClose || !isLayered()) && !super.isOutputShutdown()) { - super.shutdownOutput(); - } } } finally { ! conContext.outputRecord.recordLock.unlock(); } if (!isInputShutdown()) { bruteForceCloseInput(hasCloseReceipt); } --- 533,560 ---- } } // Need a lock here so that the user_canceled alert and the // close_notify alert can be delivered together. try { ! synchronized (conContext.outputRecord) { // send a user_canceled alert if needed. if (useUserCanceled) { conContext.warning(Alert.USER_CANCELED); } // send a close_notify alert conContext.warning(Alert.CLOSE_NOTIFY); } } finally { ! if (!conContext.isOutboundClosed()) { ! conContext.outputRecord.close(); ! } ! ! if ((autoClose || !isLayered()) && !super.isOutputShutdown()) { ! super.shutdownOutput(); ! } } if (!isInputShutdown()) { bruteForceCloseInput(hasCloseReceipt); }
*** 765,813 **** return conContext.isOutboundClosed() && ((autoClose || !isLayered()) ? super.isOutputShutdown(): true); } @Override ! public InputStream getInputStream() throws IOException { ! socketLock.lock(); ! try { ! if (isClosed()) { ! throw new SocketException("Socket is closed"); ! } ! ! if (!isConnected) { ! throw new SocketException("Socket is not connected"); ! } ! if (conContext.isInboundClosed() || isInputShutdown()) { ! throw new SocketException("Socket input is already shutdown"); ! } ! return appInput; ! } finally { ! socketLock.unlock(); } } private void ensureNegotiated() throws IOException { if (conContext.isNegotiated || conContext.isBroken || conContext.isInboundClosed() || conContext.isOutboundClosed()) { return; } ! handshakeLock.lock(); ! try { // double check the context status if (conContext.isNegotiated || conContext.isBroken || conContext.isInboundClosed() || conContext.isOutboundClosed()) { return; } startHandshake(); - } finally { - handshakeLock.unlock(); } } /** * InputStream for application data as returned by --- 679,719 ---- return conContext.isOutboundClosed() && ((autoClose || !isLayered()) ? super.isOutputShutdown(): true); } @Override ! public synchronized InputStream getInputStream() throws IOException { ! if (isClosed()) { ! throw new SocketException("Socket is closed"); ! } ! if (!isConnected) { ! throw new SocketException("Socket is not connected"); ! } ! if (conContext.isInboundClosed() || isInputShutdown()) { ! throw new SocketException("Socket input is already shutdown"); } + + return appInput; } private void ensureNegotiated() throws IOException { if (conContext.isNegotiated || conContext.isBroken || conContext.isInboundClosed() || conContext.isOutboundClosed()) { return; } ! synchronized (conContext) { // handshake lock // double check the context status if (conContext.isNegotiated || conContext.isBroken || conContext.isInboundClosed() || conContext.isOutboundClosed()) { return; } startHandshake(); } } /** * InputStream for application data as returned by
*** 821,837 **** private ByteBuffer buffer; // Is application data available in the stream? private volatile boolean appDataIsAvailable; - // reading lock - private final ReentrantLock readLock = new ReentrantLock(); - - // closing status - private volatile boolean isClosing; - private volatile boolean hasDepleted; - AppInputStream() { this.appDataIsAvailable = false; this.buffer = ByteBuffer.allocate(4096); } --- 727,736 ----
*** 873,883 **** * If the layer above needs more data, it asks for more, so we * are responsible only for blocking to fill at most one buffer, * and returning "-1" on non-fault EOF status. */ @Override ! public int read(byte[] b, int off, int len) throws IOException { if (b == null) { throw new NullPointerException("the target buffer is null"); } else if (off < 0 || len < 0 || len > b.length - off) { throw new IndexOutOfBoundsException( "buffer length: " + b.length + ", offset; " + off + --- 772,783 ---- * If the layer above needs more data, it asks for more, so we * are responsible only for blocking to fill at most one buffer, * and returning "-1" on non-fault EOF status. */ @Override ! public int read(byte[] b, int off, int len) ! throws IOException { if (b == null) { throw new NullPointerException("the target buffer is null"); } else if (off < 0 || len < 0 || len > b.length - off) { throw new IndexOutOfBoundsException( "buffer length: " + b.length + ", offset; " + off +
*** 901,944 **** if (!conContext.isNegotiated || conContext.isBroken || conContext.isInboundClosed()) { throw new SocketException("Connection or inbound has closed"); } - // Check if the input stream has been depleted. - // - // Note that the "hasDepleted" rather than the isClosing - // filed is checked here, in case the closing process is - // still in progress. - if (hasDepleted) { - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { - SSLLogger.fine("The input stream has been depleted"); - } - - return -1; - } - // Read the available bytes at first. // // Note that the receiving and processing of post-handshake message // are also synchronized with the read lock. ! readLock.lock(); ! try { ! // Double check if the Socket is invalid (error or closed). ! if (conContext.isBroken || conContext.isInboundClosed()) { ! throw new SocketException( ! "Connection or inbound has closed"); ! } ! ! // Double check if the input stream has been depleted. ! if (hasDepleted) { ! if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { ! SSLLogger.fine("The input stream is closing"); ! } ! ! return -1; ! } ! int remains = available(); if (remains > 0) { int howmany = Math.min(remains, len); buffer.get(b, off, howmany); --- 801,815 ---- if (!conContext.isNegotiated || conContext.isBroken || conContext.isInboundClosed()) { throw new SocketException("Connection or inbound has closed"); } // Read the available bytes at first. // // Note that the receiving and processing of post-handshake message // are also synchronized with the read lock. ! synchronized (this) { int remains = available(); if (remains > 0) { int howmany = Math.min(remains, len); buffer.get(b, off, howmany);
*** 966,987 **** handleException(e); // dummy for compiler return -1; } - } finally { - // Check if the input stream is closing. - // - // If the deplete() did not hold the lock, clean up the - // input stream here. - try { - if (isClosing) { - readLockedDeplete(); - } - } finally { - readLock.unlock(); - } } } /** * Skip n bytes. --- 837,846 ----
*** 989,1016 **** * This implementation is somewhat less efficient than possible, but * not badly so (redundant copy). We reuse the read() code to keep * things simpler. */ @Override ! public long skip(long n) throws IOException { // dummy array used to implement skip() byte[] skipArray = new byte[256]; - long skipped = 0; ! readLock.lock(); ! try { ! while (n > 0) { ! int len = (int)Math.min(n, skipArray.length); ! int r = read(skipArray, 0, len); ! if (r <= 0) { ! break; ! } ! n -= r; ! skipped += r; } ! } finally { ! readLock.unlock(); } return skipped; } --- 848,870 ---- * This implementation is somewhat less efficient than possible, but * not badly so (redundant copy). We reuse the read() code to keep * things simpler. */ @Override ! public synchronized long skip(long n) throws IOException { // dummy array used to implement skip() byte[] skipArray = new byte[256]; ! long skipped = 0; ! while (n > 0) { ! int len = (int)Math.min(n, skipArray.length); ! int r = read(skipArray, 0, len); ! if (r <= 0) { ! break; } ! n -= r; ! skipped += r; } return skipped; }
*** 1019,1029 **** if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { SSLLogger.finest("Closing input stream"); } try { ! SSLSocketImpl.this.close(); } catch (IOException ioe) { // ignore the exception if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { SSLLogger.warning("input stream close failed", ioe); } --- 873,883 ---- if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { SSLLogger.finest("Closing input stream"); } try { ! shutdownInput(false); } catch (IOException ioe) { // ignore the exception if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { SSLLogger.warning("input stream close failed", ioe); }
*** 1054,1130 **** /** * Try the best to use up the input records so as to close the * socket gracefully, without impact the performance too much. */ ! private void deplete() { ! if (conContext.isInboundClosed() || isClosing) { ! return; ! } ! ! isClosing = true; ! if (readLock.tryLock()) { ! try { ! readLockedDeplete(); ! } finally { ! readLock.unlock(); } - } - } - - /** - * Try to use up the input records. - * - * Please don't call this method unless the readLock is held by - * the current thread. - */ - private void readLockedDeplete() { - // double check - if (hasDepleted || conContext.isInboundClosed()) { - return; - } - - if (!(conContext.inputRecord instanceof SSLSocketInputRecord)) { - return; - } ! SSLSocketInputRecord socketInputRecord = ! (SSLSocketInputRecord)conContext.inputRecord; ! try { ! socketInputRecord.deplete( ! conContext.isNegotiated && (getSoTimeout() > 0)); ! } catch (Exception ex) { ! if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { ! SSLLogger.warning( ! "input stream close depletion failed", ex); } - } finally { - hasDepleted = true; } } } @Override ! public OutputStream getOutputStream() throws IOException { ! socketLock.lock(); ! try { ! if (isClosed()) { ! throw new SocketException("Socket is closed"); ! } ! ! if (!isConnected) { ! throw new SocketException("Socket is not connected"); ! } ! if (conContext.isOutboundDone() || isOutputShutdown()) { ! throw new SocketException("Socket output is already shutdown"); ! } ! return appOutput; ! } finally { ! socketLock.unlock(); } } /** * OutputStream for application data as returned by --- 908,953 ---- /** * Try the best to use up the input records so as to close the * socket gracefully, without impact the performance too much. */ ! private synchronized void deplete() { ! if (!conContext.isInboundClosed()) { ! if (!(conContext.inputRecord instanceof SSLSocketInputRecord)) { ! return; } ! SSLSocketInputRecord socketInputRecord = ! (SSLSocketInputRecord)conContext.inputRecord; ! try { ! socketInputRecord.deplete( ! conContext.isNegotiated && (getSoTimeout() > 0)); ! } catch (IOException ioe) { ! if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { ! SSLLogger.warning( ! "input stream close depletion failed", ioe); ! } } } } } @Override ! public synchronized OutputStream getOutputStream() throws IOException { ! if (isClosed()) { ! throw new SocketException("Socket is closed"); ! } ! if (!isConnected) { ! throw new SocketException("Socket is not connected"); ! } ! if (conContext.isOutboundDone() || isOutputShutdown()) { ! throw new SocketException("Socket output is already shutdown"); } + + return appOutput; } /** * OutputStream for application data as returned by
*** 1199,1287 **** if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { SSLLogger.finest("Closing output stream"); } try { ! SSLSocketImpl.this.close(); } catch (IOException ioe) { // ignore the exception if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { SSLLogger.warning("output stream close failed", ioe); } } } } @Override ! public SSLParameters getSSLParameters() { ! socketLock.lock(); ! try { ! return conContext.sslConfig.getSSLParameters(); ! } finally { ! socketLock.unlock(); ! } } @Override ! public void setSSLParameters(SSLParameters params) { ! socketLock.lock(); ! try { ! conContext.sslConfig.setSSLParameters(params); ! if (conContext.sslConfig.maximumPacketSize != 0) { ! conContext.outputRecord.changePacketSize( ! conContext.sslConfig.maximumPacketSize); ! } ! } finally { ! socketLock.unlock(); } } @Override ! public String getApplicationProtocol() { ! socketLock.lock(); ! try { ! return conContext.applicationProtocol; ! } finally { ! socketLock.unlock(); ! } } @Override ! public String getHandshakeApplicationProtocol() { ! socketLock.lock(); ! try { ! if (conContext.handshakeContext != null) { ! return conContext.handshakeContext.applicationProtocol; ! } ! } finally { ! socketLock.unlock(); } return null; } @Override ! public void setHandshakeApplicationProtocolSelector( BiFunction<SSLSocket, List<String>, String> selector) { ! socketLock.lock(); ! try { ! conContext.sslConfig.socketAPSelector = selector; ! } finally { ! socketLock.unlock(); ! } } @Override ! public BiFunction<SSLSocket, List<String>, String> getHandshakeApplicationProtocolSelector() { ! socketLock.lock(); ! try { ! return conContext.sslConfig.socketAPSelector; ! } finally { ! socketLock.unlock(); ! } } /** * Read the initial handshake records. */ --- 1022,1080 ---- if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { SSLLogger.finest("Closing output stream"); } try { ! shutdownOutput(); } catch (IOException ioe) { // ignore the exception if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { SSLLogger.warning("output stream close failed", ioe); } } } } @Override ! public synchronized SSLParameters getSSLParameters() { ! return conContext.sslConfig.getSSLParameters(); } @Override ! public synchronized void setSSLParameters(SSLParameters params) { ! conContext.sslConfig.setSSLParameters(params); ! if (conContext.sslConfig.maximumPacketSize != 0) { ! conContext.outputRecord.changePacketSize( ! conContext.sslConfig.maximumPacketSize); } } @Override ! public synchronized String getApplicationProtocol() { ! return conContext.applicationProtocol; } @Override ! public synchronized String getHandshakeApplicationProtocol() { ! if (conContext.handshakeContext != null) { ! return conContext.handshakeContext.applicationProtocol; } return null; } @Override ! public synchronized void setHandshakeApplicationProtocolSelector( BiFunction<SSLSocket, List<String>, String> selector) { ! conContext.sslConfig.socketAPSelector = selector; } @Override ! public synchronized BiFunction<SSLSocket, List<String>, String> getHandshakeApplicationProtocolSelector() { ! return conContext.sslConfig.socketAPSelector; } /** * Read the initial handshake records. */
*** 1347,1361 **** buffer = ByteBuffer.allocate(inLen); } try { Plaintext plainText; ! socketLock.lock(); ! try { plainText = decode(buffer); - } finally { - socketLock.unlock(); } if (plainText.contentType == ContentType.APPLICATION_DATA.id && buffer.position() > 0) { return buffer; } --- 1140,1151 ---- buffer = ByteBuffer.allocate(inLen); } try { Plaintext plainText; ! synchronized (this) { plainText = decode(buffer); } if (plainText.contentType == ContentType.APPLICATION_DATA.id && buffer.position() > 0) { return buffer; }
*** 1430,1466 **** /** * Initialize the handshaker and socket streams. * * Called by connect, the layered constructor, and SSLServerSocket. */ ! void doneConnect() throws IOException { ! socketLock.lock(); ! try { ! // In server mode, it is not necessary to set host and serverNames. ! // Otherwise, would require a reverse DNS lookup to get ! // the hostname. ! if (peerHost == null || peerHost.isEmpty()) { ! boolean useNameService = ! trustNameService && conContext.sslConfig.isClientMode; ! useImplicitHost(useNameService); ! } else { ! conContext.sslConfig.serverNames = ! Utilities.addToSNIServerNameList( ! conContext.sslConfig.serverNames, peerHost); ! } ! InputStream sockInput = super.getInputStream(); ! conContext.inputRecord.setReceiverStream(sockInput); ! OutputStream sockOutput = super.getOutputStream(); ! conContext.inputRecord.setDeliverStream(sockOutput); ! conContext.outputRecord.setDeliverStream(sockOutput); ! this.isConnected = true; ! } finally { ! socketLock.unlock(); ! } } private void useImplicitHost(boolean useNameService) { // Note: If the local name service is not trustworthy, reverse // host name resolution should not be performed for endpoint --- 1220,1250 ---- /** * Initialize the handshaker and socket streams. * * Called by connect, the layered constructor, and SSLServerSocket. */ ! synchronized void doneConnect() throws IOException { ! // In server mode, it is not necessary to set host and serverNames. ! // Otherwise, would require a reverse DNS lookup to get the hostname. ! if (peerHost == null || peerHost.isEmpty()) { ! boolean useNameService = ! trustNameService && conContext.sslConfig.isClientMode; ! useImplicitHost(useNameService); ! } else { ! conContext.sslConfig.serverNames = ! Utilities.addToSNIServerNameList( ! conContext.sslConfig.serverNames, peerHost); ! } ! InputStream sockInput = super.getInputStream(); ! conContext.inputRecord.setReceiverStream(sockInput); ! OutputStream sockOutput = super.getOutputStream(); ! conContext.inputRecord.setDeliverStream(sockOutput); ! conContext.outputRecord.setDeliverStream(sockOutput); ! this.isConnected = true; } private void useImplicitHost(boolean useNameService) { // Note: If the local name service is not trustworthy, reverse // host name resolution should not be performed for endpoint
*** 1502,1521 **** // ONLY used by HttpsClient to setup the URI specified hostname // // Please NOTE that this method MUST be called before calling to // SSLSocket.setSSLParameters(). Otherwise, the {@code host} parameter // may override SNIHostName in the customized server name indication. ! public void setHost(String host) { ! socketLock.lock(); ! try { ! this.peerHost = host; ! this.conContext.sslConfig.serverNames = ! Utilities.addToSNIServerNameList( ! conContext.sslConfig.serverNames, host); ! } finally { ! socketLock.unlock(); ! } } /** * Handle an exception. * --- 1286,1300 ---- // ONLY used by HttpsClient to setup the URI specified hostname // // Please NOTE that this method MUST be called before calling to // SSLSocket.setSSLParameters(). Otherwise, the {@code host} parameter // may override SNIHostName in the customized server name indication. ! public synchronized void setHost(String host) { ! this.peerHost = host; ! this.conContext.sslConfig.serverNames = ! Utilities.addToSNIServerNameList( ! conContext.sslConfig.serverNames, host); } /** * Handle an exception. *
< prev index next >