From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Thu, 21 Aug 2008 08:36:43 +0000 (+0000)
Subject: Update patch for 45528
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=3947a8d1ffe11ae69387cc61654ec858a4a57a32;p=tomcat7.0

Update patch for 45528

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@687645 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
index 104154b01..42a9c9104 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
@@ -26,7 +26,6 @@ import java.net.InetAddress;
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.SocketException;
-import java.net.SocketTimeoutException;
 import java.security.KeyStore;
 import java.security.SecureRandom;
 import java.security.cert.CRL;
@@ -696,7 +695,7 @@ public class JSSESocketFactory
      * Configures the given SSL server socket with the requested cipher suites,
      * protocol versions, and need for client authentication
      */
-    private void initServerSocket(ServerSocket ssocket) throws IOException {
+    private void initServerSocket(ServerSocket ssocket) {
 
         SSLServerSocket socket = (SSLServerSocket) ssocket;
 
@@ -714,7 +713,7 @@ public class JSSESocketFactory
     }
 
     /**
-     * Checks that the cetificate is compatible with the enabled cipher suites.
+     * Checks that the certificate is compatible with the enabled cipher suites.
      * If we don't check now, the JIoEndpoint can enter a nasty logging loop.
      * See bug 45528.
      */
@@ -723,10 +722,11 @@ public class JSSESocketFactory
         ServerSocket socket = sslProxy.createServerSocket();
         initServerSocket(socket);
 
-        // Set the timeout to 1ms as all we care about is if it throws an
-        // exception on accept. 
-        socket.setSoTimeout(1);
         try {
+            // Set the timeout to 1ms as all we care about is if it throws an
+            // SSLException on accept. 
+            socket.setSoTimeout(1);
+
             socket.accept();
             // Will never get here - no client can connect to an unbound port
         } catch (SSLException ssle) {
@@ -735,10 +735,22 @@ public class JSSESocketFactory
                     "jsse.invalid_ssl_conf", ssle.getMessage()));
             ioe.initCause(ssle);
             throw ioe;
-        } catch (SocketTimeoutException ste) {
-            // Expected if all is well - do nothing
+        } catch (Exception e) {
+            /*
+             * Possible ways of getting here
+             * socket.accept() throws a SecurityException
+             * socket.setSoTimeout() throws a SocketException
+             * socket.accept() throws some other exception (after a JDK change)
+             *      In these cases the test won't work so carry on - essentially
+             *      the behaviour before this patch
+             * socket.accept() throws a SocketTimeoutException
+             *      In this case all is well so carry on
+             */
         } finally {
-            socket.close();
+            // Should be open here but just in case
+            if (!socket.isClosed()) {
+                socket.close();
+            }
         }
         
     }