From bfd61ef86787d62f0b851226b04af83e9dee3b26 Mon Sep 17 00:00:00 2001 From: Lai Jiang Date: Wed, 18 Dec 2019 16:24:23 -0500 Subject: [PATCH] Fix another bug in the proxy (#419) The promise should be set outside the try block because if we want warning only, we still want the promise to be set even if the clientCertificate.checkValidity() throws an error. --- .../registry/networking/handler/SslServerInitializer.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java b/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java index 5be1af53a..dc0525fca 100644 --- a/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java +++ b/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java @@ -113,8 +113,6 @@ public class SslServerInitializer extends ChannelInitializer< sslHandler.engine().getSession().getPeerCertificates()[0]; try { clientCertificate.checkValidity(); - Promise unusedPromise = - clientCertificatePromise.setSuccess(clientCertificate); } catch (CertificateNotYetValidException | CertificateExpiredException e) { logger.atWarning().withCause(e).log( "Client certificate is not valid.\nHash: %s", @@ -123,8 +121,11 @@ public class SslServerInitializer extends ChannelInitializer< Promise unusedPromise = clientCertificatePromise.setFailure(e); ChannelFuture unusedFuture2 = channel.close(); + return; } } + Promise unusedPromise = + clientCertificatePromise.setSuccess(clientCertificate); } else { Promise unusedPromise = clientCertificatePromise.setFailure(future.cause());