summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteffen Pingel2011-12-23 05:28:36 (EST)
committer Steffen Pingel2011-12-23 05:28:36 (EST)
commit62cd96c0aaadce09717f5ecd2322b9985feb67e9 (patch)
tree1f6345521a2b172ab4b22510664eb0a95c48848a
parent47ad0a68f6d5fefdf69104255c57cffc13d066b1 (diff)
downloadorg.eclipse.mylyn.commons-62cd96c0aaadce09717f5ecd2322b9985feb67e9.zip
org.eclipse.mylyn.commons-62cd96c0aaadce09717f5ecd2322b9985feb67e9.tar.gz
org.eclipse.mylyn.commons-62cd96c0aaadce09717f5ecd2322b9985feb67e9.tar.bz2
NEW - bug 207175: error "Received fatal alert: bad_record_mac" when
using https with SSLv3 https://bugs.eclipse.org/bugs/show_bug.cgi?id=207175 Change-Id: I8b07cff7648a601c00e43a4f6862198b404f9990
-rw-r--r--org.eclipse.mylyn.commons.core/src/org/eclipse/mylyn/commons/core/net/NetUtil.java34
-rw-r--r--org.eclipse.mylyn.commons.net/src/org/eclipse/mylyn/internal/commons/net/PollingSslProtocolSocketFactory.java9
-rw-r--r--org.eclipse.mylyn.commons.repositories.http.core/src/org/eclipse/mylyn/commons/repositories/http/core/PollingSslProtocolSocketFactory.java31
3 files changed, 49 insertions, 25 deletions
diff --git a/org.eclipse.mylyn.commons.core/src/org/eclipse/mylyn/commons/core/net/NetUtil.java b/org.eclipse.mylyn.commons.core/src/org/eclipse/mylyn/commons/core/net/NetUtil.java
index c3704de..376640e 100644
--- a/org.eclipse.mylyn.commons.core/src/org/eclipse/mylyn/commons/core/net/NetUtil.java
+++ b/org.eclipse.mylyn.commons.core/src/org/eclipse/mylyn/commons/core/net/NetUtil.java
@@ -19,14 +19,23 @@ import java.net.ProxySelector;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
+import java.util.Arrays;
import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
import org.eclipse.core.net.proxy.IProxyData;
import org.eclipse.core.net.proxy.IProxyService;
import org.eclipse.core.runtime.Assert;
+import org.eclipse.core.runtime.IStatus;
+import org.eclipse.core.runtime.Status;
+import org.eclipse.mylyn.commons.core.StatusHandler;
import org.eclipse.mylyn.commons.core.operations.ICancellable;
import org.eclipse.mylyn.commons.core.operations.MonitoredOperation;
import org.eclipse.mylyn.internal.commons.core.CommonsCorePlugin;
+import org.eclipse.osgi.util.NLS;
/**
* Provides network access related utility methods.
@@ -40,6 +49,17 @@ public class NetUtil {
private static final int HTTP_PORT = 80;
+ private SSLSocketFactory socketFactory;
+
+ private final static String[] enabledProtocols;
+
+ private final static AtomicBoolean loggedEnabledProtocolsException = new AtomicBoolean();
+
+ static {
+ String value = System.getProperty("org.eclipse.mylyn.https.protocols"); //$NON-NLS-1$
+ enabledProtocols = (value != null) ? value.split(",") : null; //$NON-NLS-1$
+ }
+
/**
* Invokes {@link Socket#connect(java.net.SocketAddress, int)} on <code>socket</code> to connect to
* <code>address</code>.
@@ -246,4 +266,18 @@ public class NetUtil {
return type == Type.SOCKS ? IProxyData.SOCKS_PROXY_TYPE : IProxyData.HTTP_PROXY_TYPE;
}
+ public static Socket configureSocket(Socket socket) {
+ if (socket instanceof SSLSocket && enabledProtocols != null) {
+ try {
+ ((SSLSocket) socket).setEnabledProtocols(enabledProtocols);
+ } catch (IllegalArgumentException e) {
+ if (!loggedEnabledProtocolsException.getAndSet(true)) {
+ StatusHandler.log(new Status(IStatus.ERROR, CommonsCorePlugin.ID_PLUGIN, NLS.bind(
+ "Failed to configure SSL protocols ''{0}''", Arrays.toString(enabledProtocols)))); //$NON-NLS-1$
+ }
+ }
+ }
+ return socket;
+ }
+
}
diff --git a/org.eclipse.mylyn.commons.net/src/org/eclipse/mylyn/internal/commons/net/PollingSslProtocolSocketFactory.java b/org.eclipse.mylyn.commons.net/src/org/eclipse/mylyn/internal/commons/net/PollingSslProtocolSocketFactory.java
index 02d6fb6..00df541 100644
--- a/org.eclipse.mylyn.commons.net/src/org/eclipse/mylyn/internal/commons/net/PollingSslProtocolSocketFactory.java
+++ b/org.eclipse.mylyn.commons.net/src/org/eclipse/mylyn/internal/commons/net/PollingSslProtocolSocketFactory.java
@@ -35,6 +35,7 @@ import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.eclipse.core.runtime.IStatus;
+import org.eclipse.mylyn.commons.core.net.NetUtil;
import org.eclipse.mylyn.commons.net.SslCertificateException;
/**
@@ -98,16 +99,16 @@ public class PollingSslProtocolSocketFactory implements SecureProtocolSocketFact
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException,
UnknownHostException {
- return getSocketFactory().createSocket(socket, host, port, autoClose);
+ return NetUtil.configureSocket(getSocketFactory().createSocket(socket, host, port, autoClose));
}
public Socket createSocket(String remoteHost, int remotePort) throws IOException, UnknownHostException {
- return getSocketFactory().createSocket(remoteHost, remotePort);
+ return NetUtil.configureSocket(getSocketFactory().createSocket(remoteHost, remotePort));
}
public Socket createSocket(String remoteHost, int remotePort, InetAddress clientHost, int clientPort)
throws IOException, UnknownHostException {
- return getSocketFactory().createSocket(remoteHost, remotePort, clientHost, clientPort);
+ return NetUtil.configureSocket(getSocketFactory().createSocket(remoteHost, remotePort, clientHost, clientPort));
}
public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
@@ -117,7 +118,7 @@ public class PollingSslProtocolSocketFactory implements SecureProtocolSocketFact
}
int timeout = params.getConnectionTimeout();
- final Socket socket = getSocketFactory().createSocket();
+ final Socket socket = NetUtil.configureSocket(getSocketFactory().createSocket());
socket.bind(new InetSocketAddress(localAddress, localPort));
MonitoredRequest.connect(socket, new InetSocketAddress(host, port), timeout);
return socket;
diff --git a/org.eclipse.mylyn.commons.repositories.http.core/src/org/eclipse/mylyn/commons/repositories/http/core/PollingSslProtocolSocketFactory.java b/org.eclipse.mylyn.commons.repositories.http.core/src/org/eclipse/mylyn/commons/repositories/http/core/PollingSslProtocolSocketFactory.java
index 52b6191..c247814 100644
--- a/org.eclipse.mylyn.commons.repositories.http.core/src/org/eclipse/mylyn/commons/repositories/http/core/PollingSslProtocolSocketFactory.java
+++ b/org.eclipse.mylyn.commons.repositories.http.core/src/org/eclipse/mylyn/commons/repositories/http/core/PollingSslProtocolSocketFactory.java
@@ -29,6 +29,7 @@ import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;
+import org.eclipse.core.runtime.Assert;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.Status;
import org.eclipse.mylyn.commons.core.StatusHandler;
@@ -83,38 +84,26 @@ class PollingSslProtocolSocketFactory implements LayeredSchemeSocketFactory {
}
public Socket createSocket(HttpParams params) throws IOException {
- return getSocketFactory().createSocket();
+ return NetUtil.configureSocket(getSocketFactory().createSocket());
}
public Socket connectSocket(Socket sock, InetSocketAddress remoteAddress, InetSocketAddress localAddress,
HttpParams params) throws IOException, UnknownHostException, ConnectTimeoutException {
+ Assert.isNotNull(params);
- if (params == null) {
- throw new IllegalArgumentException("Parameters may not be null"); //$NON-NLS-1$
- }
-
- final Socket socket = getSocketFactory().createSocket();
-
+ final Socket socket = NetUtil.configureSocket(getSocketFactory().createSocket());
int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
-
socket.bind(localAddress);
NetUtil.connect(socket, remoteAddress, connTimeout, MonitoredOperation.getCurrentOperation());
return socket;
}
- /**
- * From SSLSocketFactory
- */
- public boolean isSecure(Socket sock) throws IllegalArgumentException {
- if (sock == null) {
- throw new IllegalArgumentException("Socket may not be null"); //$NON-NLS-1$
- }
- // This instanceof check is in line with createSocket() above.
- if (!(sock instanceof SSLSocket)) {
- throw new IllegalArgumentException("Socket not created by this factory"); //$NON-NLS-1$
+ public boolean isSecure(Socket socket) throws IllegalArgumentException {
+ Assert.isNotNull(socket);
+ if (!(socket instanceof SSLSocket)) {
+ throw new IllegalArgumentException("Socket is not secure: " + socket.getClass()); //$NON-NLS-1$
}
- // This check is performed last since it calls the argument object.
- if (sock.isClosed()) {
+ if (socket.isClosed()) {
throw new IllegalArgumentException("Socket is closed"); //$NON-NLS-1$
}
return true;
@@ -122,7 +111,7 @@ class PollingSslProtocolSocketFactory implements LayeredSchemeSocketFactory {
public Socket createLayeredSocket(Socket socket, String target, int port, boolean autoClose) throws IOException,
UnknownHostException {
- return getSocketFactory().createSocket(socket, target, port, autoClose);
+ return NetUtil.configureSocket(getSocketFactory().createSocket(socket, target, port, autoClose));
}
public SSLSocketFactory getSocketFactory() throws IOException {