Closed kofemann closed 11 years ago
Hi Tigran,
If we can accept non-standard packets, isn't it preferable to do that than break clients?
I'll give your script a whirl and see if we can actually accept the erroneous clients. If other parts break, then we can just merge the pull as-is.
Brian
Ok, I have updated patch to accept bigger proxies. Passed my tests with jumbo proxies. I guess this is not SSLv3 spec compliant, but OK for us.
Thank you very much! Pulling this right now; it should appear in the upcoming JGlobus 2.0.5.
in some cases we get proxy certificates which produces too big SSL records resulting to:
java.lang.NegativeArraySizeException: null at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readToken(GSIGssInputStream.java:79) ~[cog-jglobus-1.8.0-1.jar:na] at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readHandshakeToken(GSIGssInputStream.java:59) ~[cog-jglobus-1.8.0-1.jar:na] at org.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken(GSIGssSocket.java:65) ~[cog-jglobus-1.8.0-1.jar:na] at org.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:127) ~[cog-jglobus-1.8.0-1.jar:na] at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:147) ~[cog-jglobus-1.8.0-1.jar:na]
While problem observed with jglobus-1.8 it still exist in 2.0. This simple fix validated record size and throws IOException allowed size is excided.