Fix one-nio server jvm crash on ssl reconfigure

Author: Artur Bisharyan

src/main/java/one/nio/net/NativeSslSocket.java

@@ -17,10 +17,10 @@
 package one.nio.net;
 
 import java.io.IOException;
-import java.io.RandomAccessFile;
 
 class NativeSslSocket extends NativeSocket {
-    NativeSslContext context;
+    volatile NativeSslContext context;
+    private volatile NativeSslContext previousContext;
     long ssl;
 
     private volatile boolean isEarlyDataAccepted = false;
@@ -39,6 +39,11 @@ public synchronized void close() {
             sslFree(ssl);
             ssl = 0;
         }
+        NativeSslContext prev = previousContext;
+        if (prev != null) {
+            prev.close();
+            previousContext = null;
+        }
         super.close();
     }
 
@@ -64,6 +69,22 @@ public SslContext getSslContext() {
         return context;
     }
 
+    @Override
+    public void setSslContext(SslContext newContext) throws IOException {
+        NativeSslContext nativeCtx = (NativeSslContext) newContext;
+
+        // Close the context from the PREVIOUS reconfigure.
+        // By now it is safe: at least one full volatile writeread cycle has passed
+        NativeSslContext prev = this.previousContext;
+        if (prev != null) {
+            prev.close();
+        }
+
+        NativeSslContext old = this.context;
+        this.context = nativeCtx;
+        this.previousContext = old; // defer context close to next reconfigure/socket close
+    }
+
     @Override
     @SuppressWarnings("unchecked")
     public Object getSslOption(SslOption option) {
@@ -93,6 +114,7 @@ public Object getSslOption(SslOption option) {
         }
         return null;
     }
+
     @Override
     public synchronized native void handshake(String sniHostName) throws IOException;
 
@@ -128,16 +150,22 @@ private boolean sslHandshakeDone() {
     }
 
     private synchronized native byte[] sslPeerCertificate();
+
     private synchronized native Object[] sslPeerCertificateChain();
+
     private synchronized native String sslCertName(int which);
+
     private synchronized native String sslVerifyResult();
 
     private synchronized native boolean sslSessionReused();
+
     private synchronized native int sslSessionTicket();
 
     private synchronized native String sslCurrentCipher();
+
     private synchronized native boolean sslCanUseSendfile();
 
     static native long sslNew(int fd, long ctx, boolean serverMode) throws IOException;
+
     static native void sslFree(long ssl);
 }

src/main/java/one/nio/net/Socket.java

@@ -156,6 +156,7 @@ public void setThinLinearTimeouts(boolean thinLto) {}
     public abstract Socket sslWrap(SslContext context) throws IOException;
     public abstract Socket sslUnwrap();
     public abstract SslContext getSslContext();
+    public void setSslContext(SslContext newContext) throws IOException {}
     public abstract <T> T getSslOption(SslOption<T> option);
 
     public Socket acceptNonBlocking() throws IOException {

src/main/java/one/nio/server/acceptor/AcceptorSupport.java

@@ -58,9 +58,11 @@ public static void reconfigureSocket(Socket socket, AcceptorConfig config) throw
         socket.setReuseAddr(true, config.reusePort);
         socket.setThinLinearTimeouts(config.thinLto);
 
-        SslContext sslContext = socket.getSslContext();
-        if (sslContext != null && config.ssl != null) {
-            sslContext.configure(config.ssl);
+        SslContext oldContext = socket.getSslContext();
+        if (oldContext != null && config.ssl != null) {
+            SslContext newContext = SslContext.create();
+            newContext.configure(config.ssl);
+            socket.setSslContext(newContext);
         }
     }
 }