close socket if handshake fails

wolfSSL · Jun 14, 2024 · b0e7bf3 · b0e7bf3
1 parent 318af35
commit b0e7bf3
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java b/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java
@@ -1297,6 +1297,20 @@ public synchronized SSLSession getSession() {
             /* Log error, but continue. Session returned will be empty */
             WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
                 "Handshake attempt failed in SSLSocket.getSession()");
+
+            /* close SSLSocket */
+            if (this.socket != null && !this.socket.isClosed()) {
+                try {
+                    close();
+                } catch (Exception ex) {
+                    WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                        "close attempt failed in SSLSocket.getSession(): " +
+                        ex);
+                }
+            }
+            /* return invalid session object with cipher suite
+             * "SSL_NULL_WITH_NULL_NULL" */
+            return new WolfSSLImplementSSLSession(this.authStore);
         }
 
         return EngineHelper.getSession();
@@ -1446,13 +1460,17 @@ public synchronized void startHandshake() throws IOException {
             } catch (SocketTimeoutException e) {
                 WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
                     "got socket timeout in doHandshake()");
+                /* close socket if the handshake is unsuccessful */
+                close();
                 throw e;
             }
 
             if (ret != WolfSSL.SSL_SUCCESS) {
                 int err = ssl.getError(ret);
                 String errStr = WolfSSL.getErrorString(err);
 
+                /* close socket if the handshake is unsuccessful */
+                close();
                 throw new SSLHandshakeException(errStr + " (error code: " +
                     err + ", TID " + Thread.currentThread().getId() + ")");
             }