Major Description
Mina's SslFilter wraps Mina's SslHandler, which itself wraps Java's SSLEngine.
SslFilter does not catch runtime exceptions that are thrown by SSLEngine - I am unsure if this is by design.
Ideally, we'd prevent the engine to get into a state where it can throw such exceptions, but I'm not sure if that's completely feasible.
None-the-less, I'm here providing an improvement that prevents at least one occurrence of an unchecked exception from being thrown (instead, my patch preemptively throws an SSLException that is then caught by the exception handling that's already in place).
An alternative to this fix could be an additional catch block, that handles unchecked exceptions.
The scenario that is causing the unchecked exception that is caught by this patch, is this:
- client connects, causes an SslFilter to be initialized, which causes the SSLEngine to begin its handshake
- server shuts down the input (for instance, for inactivity, or as a side-effect of resource starvation)
- client sends data
The corresponding stack trace starts with this:
java.lang.IllegalStateException: Internal error
at sun.security.ssl.SSLEngineImpl.initHandshaker(SSLEngineImpl.java:470)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1007)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
Inspiration for this fix was obtain from the Jetty project, notably, this change: https://github.com/eclipse/jetty.project/issues/1228