379 /*
380 * Whether local cipher suites preference in server side should be
381 * honored during handshaking?
382 */
383 private boolean preferLocalCipherSuites = false;
384
385 /*
386 * The maximum expected network packet size for SSL/TLS/DTLS records.
387 */
388 private int maximumPacketSize = 0;
389
390 /*
391 * Is the local name service trustworthy?
392 *
393 * If the local name service is not trustworthy, reverse host name
394 * resolution should not be performed for endpoint identification.
395 */
396 static final boolean trustNameService =
397 Debug.getBooleanProperty("jdk.tls.trustNameService", false);
398
399 //
400 // CONSTRUCTORS AND INITIALIZATION CODE
401 //
402
403 /**
404 * Constructs an SSL connection to a named host at a specified port,
405 * using the authentication context provided. This endpoint acts as
406 * the client, and may rejoin an existing SSL session if appropriate.
407 *
408 * @param context authentication context to use
409 * @param host name of the host with which to connect
410 * @param port number of the server's port
411 */
412 SSLSocketImpl(SSLContextImpl context, String host, int port)
413 throws IOException, UnknownHostException {
414 super();
415 this.host = host;
416 this.serverNames =
417 Utilities.addToSNIServerNameList(this.serverNames, this.host);
418 init(context, false);
1777 }
1778 }
1779 }
1780
1781 /**
1782 * Reads a close_notify or a fatal alert from the input stream.
1783 * Keep reading records until we get a close_notify or until
1784 * the connection is otherwise closed. The close_notify or alert
1785 * might be read by another reader,
1786 * which will then process the close and set the connection state.
1787 */
1788 void waitForClose(boolean rethrow) throws IOException {
1789 if (debug != null && Debug.isOn("ssl")) {
1790 System.out.println(Thread.currentThread().getName() +
1791 ", waiting for close_notify or alert: state "
1792 + getConnectionState());
1793 }
1794
1795 try {
1796 int state;
1797
1798 while (((state = getConnectionState()) != cs_CLOSED) &&
1799 (state != cs_ERROR) && (state != cs_APP_CLOSED)) {
1800
1801 // Ask for app data and then throw it away
1802 try {
1803 readRecord(true);
1804 } catch (SocketTimeoutException e) {
1805 // if time out, ignore the exception and continue
1806 }
1807 }
1808 } catch (IOException e) {
1809 if (debug != null && Debug.isOn("ssl")) {
1810 System.out.println(Thread.currentThread().getName() +
1811 ", Exception while waiting for close " +e);
1812 }
1813 if (rethrow) {
1814 throw e; // pass exception up
1815 }
1816 }
1817 }
1818
1819 //
1820 // EXCEPTION AND ALERT HANDLING
1821 //
1822
1823 /**
1824 * Handle an exception. This method is called by top level exception
1825 * handlers (in read(), write()) to make sure we always shutdown the
1826 * connection correctly and do not pass runtime exception to the
1827 * application.
|
379 /*
380 * Whether local cipher suites preference in server side should be
381 * honored during handshaking?
382 */
383 private boolean preferLocalCipherSuites = false;
384
385 /*
386 * The maximum expected network packet size for SSL/TLS/DTLS records.
387 */
388 private int maximumPacketSize = 0;
389
390 /*
391 * Is the local name service trustworthy?
392 *
393 * If the local name service is not trustworthy, reverse host name
394 * resolution should not be performed for endpoint identification.
395 */
396 static final boolean trustNameService =
397 Debug.getBooleanProperty("jdk.tls.trustNameService", false);
398
399 static final int retryCloseAttempts =
400 Debug.getIntegerProperty("jdk.tls.closeRetries", 5);
401
402 //
403 // CONSTRUCTORS AND INITIALIZATION CODE
404 //
405
406 /**
407 * Constructs an SSL connection to a named host at a specified port,
408 * using the authentication context provided. This endpoint acts as
409 * the client, and may rejoin an existing SSL session if appropriate.
410 *
411 * @param context authentication context to use
412 * @param host name of the host with which to connect
413 * @param port number of the server's port
414 */
415 SSLSocketImpl(SSLContextImpl context, String host, int port)
416 throws IOException, UnknownHostException {
417 super();
418 this.host = host;
419 this.serverNames =
420 Utilities.addToSNIServerNameList(this.serverNames, this.host);
421 init(context, false);
1780 }
1781 }
1782 }
1783
1784 /**
1785 * Reads a close_notify or a fatal alert from the input stream.
1786 * Keep reading records until we get a close_notify or until
1787 * the connection is otherwise closed. The close_notify or alert
1788 * might be read by another reader,
1789 * which will then process the close and set the connection state.
1790 */
1791 void waitForClose(boolean rethrow) throws IOException {
1792 if (debug != null && Debug.isOn("ssl")) {
1793 System.out.println(Thread.currentThread().getName() +
1794 ", waiting for close_notify or alert: state "
1795 + getConnectionState());
1796 }
1797
1798 try {
1799 int state;
1800 int retryCount = 0;
1801
1802 while (((state = getConnectionState()) != cs_CLOSED) &&
1803 (state != cs_ERROR) && (state != cs_APP_CLOSED)) {
1804
1805 // Ask for app data and then throw it away
1806 try {
1807 readRecord(true);
1808 } catch (SocketTimeoutException e) {
1809 // if time out, retry as specified by retryCloseAttempts
1810 if (retryCloseAttempts > 0 && retryCount == retryCloseAttempts) {
1811 if ((debug != null) && Debug.isOn("ssl")) {
1812 System.out.println(
1813 Thread.currentThread().getName() +
1814 ", received Exception: " + e);
1815 }
1816 fatal((byte)(-1), "Did not receive close_notify from peer", e);
1817 }
1818 retryCount++;
1819 }
1820 }
1821 } catch (IOException e) {
1822 if (debug != null && Debug.isOn("ssl")) {
1823 System.out.println(Thread.currentThread().getName() +
1824 ", Exception while waiting for close " +e);
1825 }
1826 if (rethrow) {
1827 throw e; // pass exception up
1828 }
1829 }
1830 }
1831
1832 //
1833 // EXCEPTION AND ALERT HANDLING
1834 //
1835
1836 /**
1837 * Handle an exception. This method is called by top level exception
1838 * handlers (in read(), write()) to make sure we always shutdown the
1839 * connection correctly and do not pass runtime exception to the
1840 * application.
|