fix Handshake already has been started.

[swissiety]

closes #197

[marianobarrios]

Hi Markus. Thanks for this report and patch.

As far as I can see, this is a problem with using a specific SSLEngine, from Android. The behavior of SSLEngines is not very well specified, so this is a matter of fitting to the known implementations. In the current test suite we use the standard one, and one from the Netty project (a bit). Giving the innumerable possible usage patters, I would really want to reproduce the bug before implementing the fix (otherwise we risk a regression in any refactoring). Any help from your side here would be very much appreciated (unfortunately, I have no experience with Android, so I may be a little slow here).

[swissiety]

Sounds reasonable - I would appreciate that, too!
Btw. while stepping through the code with the debugger I observed, that sometimes it worked without the patch - but found no pattern except more time / maybe some race condition. So my first approach would be to write a testcase, that has a separated/divided/split transmission of the handshake. I would subclass the NullEngine and throw an exception on a subsequent beginHandshake() call as the underlying SslEngine.
Does anything exist already, where I can hook into to divide a handshake transmission into multiple parts so that select would trigger multiple times for the handshake?

From the documentation of beginHandshake() - especially the last paragraph:

    /**
     * Initiates handshaking (initial or renegotiation) on this SSLEngine.
     * <P>
     * This method is not needed for the initial handshake, as the
     * {@code wrap()} and {@code unwrap()} methods will
     * implicitly call this method if handshaking has not already begun.
     * <P>
     * Note that the peer may also request a session renegotiation with
     * this {@code SSLEngine} by sending the appropriate
     * session renegotiate handshake message.
     * <P>
     * Unlike the {@link SSLSocket#startHandshake()
     * SSLSocket#startHandshake()} method, this method does not block
     * until handshaking is completed.
     * <P>
     * To force a complete SSL/TLS/DTLS session renegotiation, the current
     * session should be invalidated prior to calling this method.
     * <P>
     * Some protocols may not support multiple handshakes on an existing
     * engine and may throw an {@code SSLException}.
     *
     * @throws  SSLException
     *          if a problem was encountered while signaling the
     *          {@code SSLEngine} to begin a new handshake.
     *          See the class description for more information on
     *          engine closure.
     * @throws  IllegalStateException if the client/server mode
     *          has not yet been set.
     * @see     SSLSession#invalidate()
     */
    public abstract void beginHandshake() throws SSLException;

[marianobarrios]

I see. It makes sense. I took the freedom to re-implement the changes adding a comment and improving variable names: #201