From 528b83e27738af887955665a0ba82e081c7d8729 Mon Sep 17 00:00:00 2001 From: floragunn Date: Sat, 28 May 2016 11:00:59 +0200 Subject: [PATCH] Set the session id context properly to make client authentication work with open ssl provider. Motivation: When netty is used with open ssl provider and client authentication the following errors can occur: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized error:140A1175:SSL routines:ssl_bytes_to_cipher_list:inappropriate fallback error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Modifications: Set the session id context in OpenSslServerContext so that sessions which use client authentication which are cached have the same context id value. Result: Client authentication now works with open ssl provider. --- .../main/java/io/netty/handler/ssl/OpenSslServerContext.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java index 04031fecdb..ed0bc914a6 100644 --- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java @@ -36,6 +36,7 @@ import static io.netty.util.internal.ObjectUtil.*; * A server-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation. */ public final class OpenSslServerContext extends OpenSslContext { + private static final byte[] ID = new byte[] {'n', 'e', 't', 't', 'y'}; private final OpenSslServerSessionContext sessionContext; /** @@ -439,6 +440,7 @@ public final class OpenSslServerContext extends OpenSslContext { } } sessionContext = new OpenSslServerSessionContext(ctx); + sessionContext.setSessionIdContext(ID); success = true; } finally { if (!success) {