Skip to content

Report better accept handshake errors instead of "General SSLEngine problem" #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 4, 2015
Merged

Report better accept handshake errors instead of "General SSLEngine problem" #37

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 15 additions & 6 deletions src/main/java/org/jruby/ext/openssl/SSLSocket.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,19 @@ private static RaiseException newSSLError(Ruby runtime, String message) {
return SSL.newSSLError(runtime, message);
}

private static RaiseException newSSLErrorFromHandshake(Ruby runtime, SSLHandshakeException exception) {
// SSLHandshakeException is always a wrap around another exception that
// is the actual cause. In some cases the diagnostic message from the original
// exception is also lost and the handshake exception reads "General SSLEngine problem"
// Follow the cause chain until we get the real message and use that to ensure
// we raise an exception that contains the real reason for failure
Exception cause = exception;
while (cause.getCause() != null && (cause instanceof SSLHandshakeException)) {
cause = (Exception) cause.getCause();
}
return SSL.newSSLError(runtime, cause);
}

private SSLContext sslContext;
private SSLEngine engine;
private RubyIO io;
Expand Down Expand Up @@ -203,11 +216,7 @@ private IRubyObject connectCommon(final ThreadContext context, boolean blocking)
// unlike server side, client should close outbound channel even if
// we have remaining data to be sent.
forceClose();
Exception cause = e;
while (cause.getCause() != null && (cause instanceof SSLHandshakeException)) {
cause = (Exception) cause.getCause();
}
throw newSSLError(runtime, cause);
throw newSSLErrorFromHandshake(runtime, e);
}
catch (NoSuchAlgorithmException e) {
forceClose();
Expand Down Expand Up @@ -267,7 +276,7 @@ public SSLSocket acceptCommon(final ThreadContext context, boolean blocking) {
doHandshake(blocking);
}
catch (SSLHandshakeException e) {
throw newSSLError(runtime, e);
throw newSSLErrorFromHandshake(runtime, e);
}
catch (NoSuchAlgorithmException e) {
throw newSSLError(runtime, e);
Expand Down