From 2832caf009496f8bf557898f42f6a081afcec62a Mon Sep 17 00:00:00 2001
From: suvidya <suvidya.daftardar@virtualinstruments.com>
Date: Tue, 23 Oct 2018 01:03:55 -0700
Subject: [PATCH] Close sockets on receiving exceptions during SSL runHandshake
 phase.

Without this, it may leak sockets that hold the connection until the server decides to kill it based on its idle channel configuration.
Possible reasons this may arise are data mangling over the wire, bad certificate fingerprint,etc - these issues result in SSL handshake failure at the 'unwrap' phase of OpenSSLEngine, which gets thrown all the way up without the OpenSSLSocket getting a chance to close it gracefully.

If enough sockets are leaked, it may result in serious issues like denial of service.
---
 java/src/main/java/org/wildfly/openssl/OpenSSLSocket.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/java/src/main/java/org/wildfly/openssl/OpenSSLSocket.java b/java/src/main/java/org/wildfly/openssl/OpenSSLSocket.java
index a5c6ecac..c8b927bb 100644
--- a/java/src/main/java/org/wildfly/openssl/OpenSSLSocket.java
+++ b/java/src/main/java/org/wildfly/openssl/OpenSSLSocket.java
@@ -349,7 +349,11 @@ private void runHandshake() throws IOException {
                                 }
 
                         }
-                    } finally {
+                    } catch (IOException | RuntimeException e) {
+                        this.close();
+                        throw e;
+                    }
+                    finally {
                         if(freeIndirect) {
                             indirectPooled.close();
                         }