Fix another bug in the proxy (#419)

The promise should be set outside the try block because if we want warning only, we still want the promise to be set even if the clientCertificate.checkValidity() throws an error.
2026-01-03 11:45:39 +00:00 · 2019-12-18 16:24:23 -05:00
parent ffe3eb1548
commit bfd61ef867
1 changed files with 3 additions and 2 deletions
--- a/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java
+++ b/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java
@@ -113,8 +113,6 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
                              sslHandler.engine().getSession().getPeerCertificates()[0];
                      try {
                        clientCertificate.checkValidity();
-                        Promise<X509Certificate> unusedPromise =
-                            clientCertificatePromise.setSuccess(clientCertificate);
                      } catch (CertificateNotYetValidException | CertificateExpiredException e) {
                        logger.atWarning().withCause(e).log(
                            "Client certificate is not valid.\nHash: %s",
@@ -123,8 +121,11 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
                          Promise<X509Certificate> unusedPromise =
                              clientCertificatePromise.setFailure(e);
                          ChannelFuture unusedFuture2 = channel.close();
+                          return;
                        }
                      }
+                      Promise<X509Certificate> unusedPromise =
+                          clientCertificatePromise.setSuccess(clientCertificate);
                    } else {
                      Promise<X509Certificate> unusedPromise =
                          clientCertificatePromise.setFailure(future.cause());