Bug ID: JDK-8259572 [test] Fix SSL tests after JDK-8237578 to properly handle SocketExceptions

Type: Bug
Component: security-libs
Sub-Component: javax.net.ssl

Priority: P4
Status: Resolved
Resolution: Won't Fix

Submitted: 2021-01-11
Updated: 2021-02-26
Resolved: 2021-01-11

JDK-8237578 exposes some SocketExceptions directly which were previously wrapped inside an  SSLException. The change updated one test to take this new behaviour into account (i.e. TrustTrustedCert.java) but apparently missed other tests. 

The fix for the other tests is similar like the fix for TrustTrustedCert.java in JDK-8237578:

-        } catch (SSLException ssle) {
+        } catch (SSLException | SocketException se) {
             if (!expectFail) {
-                throw ssle;
+                throw se;
             }   // Otherwise, ignore.
         }

Adding some more context from a private email thread: Notice that Clive is working on "JDK-8259516: Alerts sent by peer may not be received correctly during TLS handshake" which was intended as an add-on for JDK-8237578, but now that JDK-8237578 will be backed out, might be integrated right into the new version of the change and will already fix one test scenario which failed with plain JDK-8237578. I'm not sure if this change needs an CSR because it actually restores behavior which was common before. In the end JDK-8237578 and JDK-8214339 were raised by Apache HttpClient as regression introduced by the TLS 1.3 implementation. JDK-8214339 which was the first, incomplete attempt to fix the regressions introduced by JDK-8237578 didn't require an CSR either.
11-01-2021
Instead of fixing the tests we will backout JDK-8237578 instead and redo the change such that it won't affect any tests. See JDK-8259582
11-01-2021
[~dfuchs] raises a good question. I have not followed the change closely enough to know if the behavior change is justified, but it seems like there should have been a CSR filed for this.
11-01-2021
The following open tests failed in the jdk-17+5-227-tier2 CI job set: java/net/httpclient/InvalidSSLContextTest.java javax/net/ssl/SSLSession/TestEnabledProtocols.java
11-01-2021
[~simonis] - I'm seeing one test failing in the JDK17 CI that might not be covered by your proposed fix: sun/net/InetAddress/nameservice/dns/CNameTest.java Update: it turns out that failure is due to: JDK-8236409 (dns) Some test depend on resolving external host names
11-01-2021
Note that java/net/httpclient/InvalidSSLContextTest.java has also been seen failing. If many SSL tests are failing - could the original change possibly cause regressions in existing applications too?
11-01-2021

Relates :	JDK-8259662 - Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl
Relates :	JDK-8262436 - SSL test failures caused by java.net.SocketException
Relates :	JDK-8259582 - Backout JDK-8237578 until all affected tests have been fixed