Set the session id context properly to make client authentication work with open ssl provider.

Motivation: When netty is used with open ssl provider and client authentication the following errors can occur: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized error:140A1175:SSL routines:ssl_bytes_to_cipher_list:inappropriate fallback error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Modifications: Set the session id context in OpenSslServerContext so that sessions which use client authentication which are cached have the same context id value. Result: Client authentication now works with open ssl provider.
2016-05-28 11:00:59 +02:00 · 2016-05-28 11:00:59 +02:00 · 528b83e277
commit 528b83e277
parent 86f53083e7
1 changed files with 2 additions and 0 deletions
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
@ -36,6 +36,7 @@ import static io.netty.util.internal.ObjectUtil.*;
 * A server-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
 */
 public final class OpenSslServerContext extends OpenSslContext {
+    private static final byte[] ID = new byte[] {'n', 'e', 't', 't', 'y'};
    private final OpenSslServerSessionContext sessionContext;

    /**
@ -439,6 +440,7 @@ public final class OpenSslServerContext extends OpenSslContext {
                }
            }
            sessionContext = new OpenSslServerSessionContext(ctx);
+            sessionContext.setSessionIdContext(ID);
            success = true;
        } finally {
            if (!success) {