Merge pull request #234 from cconlon/socketConnect

SSLSocket: remove unnecessary connect() override, log and close socket on doHandshake SSLException
wolfSSL · Nov 21, 2024 · fd51ab9 · fd51ab9
2 parents 99bd194 + c6fbb8e
commit fd51ab9
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 66 deletions.
diff --git a/IDE/Android/app/src/main/cpp/CMakeLists.txt b/IDE/Android/app/src/main/cpp/CMakeLists.txt
@@ -52,16 +52,17 @@ if ("${WOLFSSL_PKG_TYPE}" MATCHES "normal")
                 -DHAVE_CRL -DHAVE_OCSP -DHAVE_CRL_MONITOR
                 -DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER
                 -DHAVE_PK_CALLBACKS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN
-                -DHAVE_SNI -DHAVE_ALPN -DNO_RC4 -DHAVE_ENCRYPT_THEN_MAC
-                -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS -DHAVE_DH_DEFAULT_PARAMS
-                -DNO_ERROR_QUEUE -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING
-                -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID
-                -DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_ALWAYS_VERIFY_CB
-                -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS
-                -DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET
-                -DWOLFSSL_AKID_NAME -DHAVE_CTS -DNO_DES3 -DGCM_TABLE_4BIT
-                -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT
-                -DHAVE_AESGCM -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8
+                -DWOLFSSL_CERT_REQ -DHAVE_SNI -DHAVE_ALPN -DNO_RC4
+                -DHAVE_ENCRYPT_THEN_MAC -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS
+                -DHAVE_DH_DEFAULT_PARAMS -DNO_ERROR_QUEUE -DWOLFSSL_EITHER_SIDE
+                -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT
+                -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL
+                -DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_VERIFY_CB_ALL_CERTS
+                -DWOLFSSL_EXTRA_ALERTS -DHAVE_EXT_CACHE
+                -DWOLFSSL_FORCE_CACHE_ON_TICKET -DWOLFSSL_AKID_NAME -DHAVE_CTS
+                -DNO_DES3 -DGCM_TABLE_4BIT -DTFM_TIMING_RESISTANT
+                -DECC_TIMING_RESISTANT -DHAVE_AESGCM -DSIZEOF_LONG=4
+                -DSIZEOF_LONG_LONG=8
 
                 # For gethostbyname()
                 -DHAVE_NETDB_H
@@ -156,12 +157,12 @@ elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
                 -DNO_RC4 -DNO_MD4 -DNO_MD5 -DNO_DES3 -DNO_DSA -DNO_RABBIT
 
                 -DWOLFSSL_JNI -DHAVE_EX_DATA -DHAVE_OCSP -DHAVE_CRL_MONITOR
-                -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DHAVE_SNI -DHAVE_ALPN
-                -DWOLFSSL_ENCRYPTED_KEYS -DNO_ERROR_QUEUE -DWOLFSSL_EITHER_SIDE
-                -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID
-                -DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_EXTRA_ALERTS
-                -DWOLFSSL_FORCE_CACHE_ON_TICKET -DWOLFSSL_AKID_NAME -DHAVE_CTS
-                -DKEEP_PEER_CERT -DSESSION_CERTS
+                -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DWOLFSSL_CERT_REQ
+                -DHAVE_SNI -DHAVE_ALPN -DWOLFSSL_ENCRYPTED_KEYS -DNO_ERROR_QUEUE
+                -DWOLFSSL_EITHER_SIDE -DWOLFSSL_PSS_LONG_SALT
+                -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL
+                -DWOLFSSL_EXTRA_ALERTS -DWOLFSSL_FORCE_CACHE_ON_TICKET
+                -DWOLFSSL_AKID_NAME -DHAVE_CTS -DKEEP_PEER_CERT -DSESSION_CERTS
                 -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8
 
                 # For gethostbyname()

diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java b/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java
@@ -1456,6 +1456,8 @@ public synchronized void removeHandshakeCompletedListener(
     @Override
     public synchronized void startHandshake() throws IOException {
         int ret;
+        int err = 0;
+        String errStr = "";
 
         WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
             "entered startHandshake(), trying to get handshakeLock");
@@ -1506,19 +1508,25 @@ public synchronized void startHandshake() throws IOException {
 
             try {
                 ret = EngineHelper.doHandshake(0, this.getSoTimeout());
+                err = ssl.getError(ret);
+                errStr = WolfSSL.getErrorString(err);
+
+            /* close socket if the handshake is unsuccessful */
             } catch (SocketTimeoutException e) {
                 WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
                     "got socket timeout in doHandshake()");
-                /* close socket if the handshake is unsuccessful */
+                close();
+                throw e;
+
+            } catch (SSLException e) {
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    "native handshake failed in doHandshake(): error code: " +
+                    err + ", TID " + Thread.currentThread().getId() + ")");
                 close();
                 throw e;
             }
 
             if (ret != WolfSSL.SSL_SUCCESS) {
-                int err = ssl.getError(ret);
-                String errStr = WolfSSL.getErrorString(err);
-
-                /* close socket if the handshake is unsuccessful */
                 close();
                 throw new SSLHandshakeException(errStr + " (error code: " +
                     err + ", TID " + Thread.currentThread().getId() + ")");
@@ -2070,51 +2078,7 @@ public void bind(SocketAddress bindpoint) throws IOException {
     /**
      * Connects the underlying Socket associated with this SSLSocket.
      *
-     * @param endpoint address of peer to connect underlying Socket to
-     *
-     * @throws IOException upon error connecting Socket
-     */
-    @Override
-    public synchronized void connect(SocketAddress endpoint)
-        throws IOException {
-
-        InetSocketAddress address = null;
-
-        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-            "entered connect(SocketAddress endpoint)");
-
-        if (!(endpoint instanceof InetSocketAddress)) {
-            throw new IllegalArgumentException("endpoint is not of type " +
-                "InetSocketAddress");
-        }
-
-        if (this.socket != null) {
-            this.socket.connect(endpoint);
-        } else {
-            super.connect(endpoint);
-        }
-
-        address = (InetSocketAddress)endpoint;
-
-        /* register host/port for session resumption in case where
-           createSocket() was called without host/port, but
-           SSLSocket.connect() was explicitly called with SocketAddress */
-        if (address != null && EngineHelper != null) {
-            EngineHelper.setHostAndPort(
-                address.getAddress().getHostAddress(),
-                address.getPort());
-            EngineHelper.setPeerAddress(address.getAddress());
-        }
-
-        /* if user is calling after WolfSSLSession creation, register
-           socket fd with native wolfSSL */
-        if (ssl != null) {
-            checkAndInitSSLSocket();
-        }
-    }
-
-    /**
-     * Connects the underlying Socket associated with this SSLSocket.
+     * Also called by super.connect(SocketAddress).
      *
      * @param endpoint address of peer to connect underlying socket to
      * @param timeout timeout value to set for underlying Socket connection