Change RawSocket.secureServer and RawSoccket.secure to fail on paused subscriptions

sdk/lib/io/secure_socket.dart

 // Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 part of dart.io;
 
 /**
  * A high-level class for communicating securely over a TCP socket, using
  * TLS and SSL. The [SecureSocket] exposes both a [Stream] and an
  * [IOSink] interface, making it ideal for using together with
@@ skipping 245 matching lines @@
   }
 
   /**
    * Takes an already connected [socket] and starts client side TLS
    * handshake to make the communication secure. When the returned
    * future completes the [RawSecureSocket] has completed the TLS
    * handshake. Using this function requires that the other end of the
    * connection is prepared for TLS handshake.
    *
    * If the [socket] already has a subscription, pass the existing
-   * subscription in the [subscription] parameter. The secure socket
-   * will take over the subscription and process any subsequent
-   * events. In most cases calling `pause` on this subscription before
-   * starting TLS handshake is the right thing to do.
+   * subscription in the [subscription] parameter. The [secure]
+   * operation will take over the subscription by replacing the
+   * handlers with it own secure processing. The caller must not touch
+   * this subscription anymore. Passing a paused subscription is an
+   * error.
    *
    * If the [host] argument is passed it will be used as the host name
    * for the TLS handshake. If [host] is not passed the host name from
    * the [socket] will be used. The [host] can be either a [String] or
    * an [InternetAddress].
    *
    * Calling this function will _not_ cause a DNS host lookup. If the
    * [host] passed is a [String] the [InternetAddress] for the
    * resulting [SecureSocket] will have this passed in [host] as its
    * host value and the internet address of the already connected
@@ skipping 23 matching lines @@
   }
 
   /**
    * Takes an already connected [socket] and starts server side TLS
    * handshake to make the communication secure. When the returned
    * future completes the [RawSecureSocket] has completed the TLS
    * handshake. Using this function requires that the other end of the
    * connection is going to start the TLS handshake.
    *
    * If the [socket] already has a subscription, pass the existing
-   * subscription in the [subscription] parameter. The secure socket
-   * will take over the subscription and process any subsequent
-   * events.
+   * subscription in the [subscription] parameter. The [secureServer]
+   * operation will take over the subscription by replacing the
+   * handlers with it own secure processing. The caller must not touch
+   * this subscription anymore. Passing a paused subscription is an
+   * error.
    *
    * If some of the data of the TLS handshake has already been read
    * from the socket this data can be passed in the [bufferedData]
    * parameter. This data will be processed before any other data
    * available on the socket.
    *
    * See [RawSecureServerSocket.bind] for more information on the
    * arguments.
    *
    */
@@ skipping 202 matching lines @@
       _socket = rawSocket;
       _socket.readEventsEnabled = true;
       _socket.writeEventsEnabled = false;
       if (_socketSubscription == null) {
         // If a current subscription is provided use this otherwise
         // create a new one.
         _socketSubscription = _socket.listen(_eventDispatcher,
                                              onError: _reportError,
                                              onDone: _doneHandler);
       } else {
+        if (_socketSubscription.isPaused) {
+          throw new StateError("Subscription passed to TLS upgrade is paused");
+        }
         _socketSubscription
             ..onData(_eventDispatcher)
             ..onError(_reportError)
             ..onDone(_doneHandler);
       }
       _secureFilter.connect(address.host,
                             (address as dynamic)._in_addr,
                             port,
                             is_server,
                             certificateName,
@@ skipping 710 matching lines @@
 /**
  * An exception that happens in the handshake phase of establishing
  * a secure network connection, when looking up or verifying a
  * certificate.
  */
 class CertificateException extends TlsException {
   const CertificateException([String message = "",
                             OSError osError = null])
      : super._("CertificateException", message, osError);
 }