andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Set the session id context properly to make client authentication work with open ssl provider.

Browse Source 
Motivation:

When netty is used with open ssl provider and client authentication the following errors can occur:
error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized
error:140A1175:SSL routines:ssl_bytes_to_cipher_list:inappropriate fallback
error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Modifications:

Set the session id context in OpenSslServerContext so that sessions which use client authentication
which are cached have the same context id value.

Result:

Client authentication now works with open ssl provider.
This commit is contained in:
floragunn 2016-05-28 11:00:59 +02:00 committed by Norman Maurer
parent 86f53083e7
commit 528b83e277
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
View File

@ -36,6 +36,7 @@ import static io.netty.util.internal.ObjectUtil.*;
* A server-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation. * A server-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
*/ */
public final class OpenSslServerContext extends OpenSslContext { public final class OpenSslServerContext extends OpenSslContext {
private static final byte[] ID = new byte[] {'n', 'e', 't', 't', 'y'};
private final OpenSslServerSessionContext sessionContext; private final OpenSslServerSessionContext sessionContext;
/** /**
@ -439,6 +440,7 @@ public final class OpenSslServerContext extends OpenSslContext {
} }
} }
sessionContext = new OpenSslServerSessionContext(ctx); sessionContext = new OpenSslServerSessionContext(ctx);
sessionContext.setSessionIdContext(ID);
success = true; success = true;
} finally { } finally {
if (!success) { if (!success) {