From 5a372f0cb1a05fcbdbb513fc46034f64bd0ce0e8 Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Mon, 13 Jul 2020 16:17:16 +0200 Subject: [PATCH] jdk.tls.client.enableSessionTicketExtension must be respected by OPENSSL and OPENSSL_REFCNT SslProviders (#10401) Motivation: jdk.tls.client.enableSessionTicketExtension property must be respect by OPENSSL and OPENSSL_REFCNT SslProvider to ensure a consistent behavior. Due a bug this was not the case and it only worked for OPENSSL_REFCNT but not for OPENSSL. Modifications: Move the property check into static method that is used by both Result: Correctly respect jdk.tls.client.enableSessionTicketExtension --- .../handler/ssl/ReferenceCountedOpenSslClientContext.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java index 6b945506b9..3ab1d39244 100644 --- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java @@ -73,9 +73,6 @@ public final class ReferenceCountedOpenSslClientContext extends ReferenceCounted try { sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword, keyManagerFactory, keyStore); - if (ENABLE_SESSION_TICKET) { - sessionContext.setTicketKeys(); - } success = true; } finally { if (!success) { @@ -170,6 +167,9 @@ public final class ReferenceCountedOpenSslClientContext extends ReferenceCounted throw new SSLException("unable to setup trustmanager", e); } OpenSslClientSessionContext context = new OpenSslClientSessionContext(thiz, keyMaterialProvider); + if (ENABLE_SESSION_TICKET) { + context.setTicketKeys(); + } keyMaterialProvider = null; return context; } finally {