commit | d84f6f57b216ab53dc3a71d30fd2252ce2208c13 | [log] [tgz] |
---|---|---|
author | Adam Vartanian <flooey@gmail.com> | Thu Feb 22 16:23:05 2018 +0000 |
committer | GitHub <noreply@github.com> | Thu Feb 22 16:23:05 2018 +0000 |
tree | df1e6c91edbc6c4885f480683177ebaa87f2e497 | |
parent | 3c9adfda78fc28ad2476fe536f21b2d72b413777 [diff] |
Throw SocketException on ERR_SSL_SYSCALL. (#430) SSLSocketTest#test_SSLSocket_interrupt_readWrapperAndCloseUnderlying is failing periodically on our internal continuous builds, and it appears to be happening due to a race condition. The test is testing what happens when an SSLSocket that's wrapping an underlying Socket is blocked on a read and then underlying socket is closed by another thread. There appears to be a race condition between the OS waking up the reading thread and the write of -1 to java.io.FileDescriptor's private field. If the reading thread wakes up and proceeds past the check of the file descriptor's validity before the field write is visible, then it will attempt to call SSL_read() and get ERR_SSL_SYSCALL, and it responds by returning -1, whereas the test expects SocketException to be thrown (which it does if the file descriptor is invalid). This changes the code to always throw SocketException when ERR_SSL_SYSCALL is reported with a return value of 0, which the BoringSSL docs say happens "if the transport returned EOF", which should mean the file descriptor is closed.
Conscrypt is a Java Security Provider (JSP) that implements parts of the Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE). It uses BoringSSL to provide cryptographical primitives and Transport Layer Security (TLS) for Java applications on Android and OpenJDK.
The core SSL engine has borrowed liberally from the Netty project and their work on netty-tcnative, giving Conscrypt
similar performance.
All Conscrypt artifacts target the Java 6 runtime and are available on Maven central.
You can download the JARs directly from the Maven repositories.
The OpenJDK artifacts are platform-dependent since each embeds a native library for a particular platform. We publish artifacts to Maven Central for the following platforms:
Classifier | OS | Architecture |
---|---|---|
linux-x86_64 | Linux | x86_64 (64-bit) |
osx-x86_64 | Mac | x86_64 (64-bit) |
windows-x86 | Windows | x86 (32-bit) |
windows-x86_64 | Windows | x86_64 (64-bit) |
Use the os-maven-plugin to add the dependency:
<build> <extensions> <extension> <groupId>kr.motd.maven</groupId> <artifactId>os-maven-plugin</artifactId> <version>1.4.1.Final</version> </extension> </extensions> </build> <dependency> <groupId>org.conscrypt</groupId> <artifactId>conscrypt-openjdk</artifactId> <version>1.0.1</version> <classifier>${os.detected.classifier}</classifier> </dependency>
Use the osdetector-gradle-plugin (which is a wrapper around the os-maven-plugin) to add the dependency:
buildscript { repositories { mavenCentral() } dependencies { classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0' } } // Use the osdetector-gradle-plugin apply plugin: "com.google.osdetector" dependencies { compile 'org.conscrypt:conscrypt-jdk:1.0.1:' + osdetector.classifier }
For convenience, we also publish an Uber JAR to Maven Central that contains the shared libraries for all of the published platforms. While the overall size of the JAR is larger than depending on a platform-specific artifact, it greatly simplifies the task of dependency management for most platforms.
To depend on the uber jar, simply use the conscrypt-openjdk-uber
artifacts.
<dependency> <groupId>org.conscrypt</groupId> <artifactId>conscrypt-openjdk-uber</artifactId> <version>1.0.1</version> </dependency>
dependencies { compile 'org.conscrypt:conscrypt-jdk-uber:1.0.1' }
If you are making changes to Conscrypt, see the building instructions.
Here‘s a quick readers’ guide to the code to help folks get started. The high-level modules are Common, Android, OpenJDK, and Platform.
This contains the bulk of the code for both Java and C. This isn't an actual module and builds no artifacts. Rather, the other modules just point to this directory as source.
This module provides the Platform
class for Android and also adds compatibility classes for supporting various versions of Android. This generates an aar
library artifact.
These modules provide the Platform
class for non-Android (OpenJDK-based) systems. It also provides a native library loader supports bundling the shared library with the JAR.
This module contains code that is bundled with the Android operating system. The inclusion in the build is only to ensure that changes to other modules do not accidentally break the Android build.