--- a/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Fri Dec 04 10:23:07 2009 -0800
+++ b/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Mon Dec 07 21:16:41 2009 -0800
@@ -907,7 +907,13 @@
handshaker.process_record(r, expectingFinished);
expectingFinished = false;
- if (handshaker.isDone()) {
+ if (handshaker.invalidated) {
+ handshaker = null;
+ // if state is cs_RENEGOTIATE, revert it to cs_DATA
+ if (connectionState == cs_RENEGOTIATE) {
+ connectionState = cs_DATA;
+ }
+ } else if (handshaker.isDone()) {
sess = handshaker.getSession();
handshaker = null;
connectionState = cs_DATA;
@@ -925,6 +931,7 @@
t.start();
}
}
+
if (needAppData || connectionState != cs_DATA) {
continue;
} else {
@@ -1083,11 +1090,12 @@
connectionState = cs_RENEGOTIATE;
}
if (roleIsServer) {
- handshaker = new ServerHandshaker
- (this, sslContext, enabledProtocols, doClientAuth);
+ handshaker = new ServerHandshaker(this, sslContext,
+ enabledProtocols, doClientAuth,
+ connectionState == cs_RENEGOTIATE, protocolVersion);
} else {
- handshaker = new ClientHandshaker
- (this, sslContext, enabledProtocols);
+ handshaker = new ClientHandshaker(this, sslContext,
+ enabledProtocols, protocolVersion);
}
handshaker.enabledCipherSuites = enabledCipherSuites;
handshaker.setEnableSessionCreation(enableSessionCreation);
@@ -1192,6 +1200,10 @@
break;
case cs_DATA:
+ if (!Handshaker.renegotiable) {
+ throw new SSLHandshakeException("renegotiation is not allowed");
+ }
+
// initialize the handshaker, move to cs_RENEGOTIATE
initHandshaker();
break;