Details
-
Bug
-
Resolution: Done
-
Major
-
1.4.18.Final
-
None
Description
io.undertow.protocols.ssl.SslConduit.doUnwrap(ByteBuffer[], int, int) tries to close itself if an exception occurs and then rethrows the original exception. close itself throws if the TLS negotiation failed as in issue 1155, hiding the original exception.
Close exception:
[TRACE] [jb:io.undertow.request.io]: Exception closing read side of SSL channel javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561) at io.undertow.protocols.ssl.ALPNHackSSLEngine.closeInbound(ALPNHackSSLEngine.java:279) at io.undertow.server.protocol.http.ALPNLimitingSSLEngine.closeInbound(ALPNLimitingSSLEngine.java:161) at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:612) at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java:986) at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java:1081) at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:802) at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:648) at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63) at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1048) at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:592) at org.xnio.nio.WorkerThread.run(WorkerThread.java:472)
