Respect jdk.tls.client.enableSessionTicketExtension and jdk.tls.server.enableSessionTicketExtension when using native SSL impl (#10296)

Motivation:

We should respect jdk.tls.client.enableSessionTicketExtension and jdk.tls.server.enableSessionTicketExtension when using the native SSL implementation as well to make the usage of it easier and more consistent. These properties were introduced by JDK13:

https://seanjmullan.org/blog/2019/08/05/jdk13

Modifications:

Check if the properties are set to true and if so enable tickets

Result:

Easier to enable tickets and be more consistent
This commit is contained in:
Norman Maurer 2020-05-15 10:01:09 +02:00 committed by GitHub
parent 75df58a7e1
commit 69db5bff71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 0 deletions

View File

@ -17,6 +17,7 @@ package io.netty.handler.ssl;
import io.netty.internal.tcnative.CertificateCallback;
import io.netty.util.internal.SuppressJava6Requirement;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import io.netty.internal.tcnative.SSL;
@ -56,6 +57,8 @@ public final class ReferenceCountedOpenSslClientContext extends ReferenceCounted
OpenSslKeyMaterialManager.KEY_TYPE_EC,
OpenSslKeyMaterialManager.KEY_TYPE_EC_RSA,
OpenSslKeyMaterialManager.KEY_TYPE_EC_EC)));
private static final boolean ENABLE_SESSION_TICKET =
SystemPropertyUtil.getBoolean("jdk.tls.client.enableSessionTicketExtension", false);
private final OpenSslSessionContext sessionContext;
ReferenceCountedOpenSslClientContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
@ -70,6 +73,9 @@ public final class ReferenceCountedOpenSslClientContext extends ReferenceCounted
try {
sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
keyCertChain, key, keyPassword, keyManagerFactory, keyStore);
if (ENABLE_SESSION_TICKET) {
sessionContext.setTicketKeys();
}
success = true;
} finally {
if (!success) {

View File

@ -23,6 +23,7 @@ import io.netty.internal.tcnative.SniHostNameMatcher;
import io.netty.util.CharsetUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SuppressJava6Requirement;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
@ -51,6 +52,9 @@ public final class ReferenceCountedOpenSslServerContext extends ReferenceCounted
private static final byte[] ID = {'n', 'e', 't', 't', 'y'};
private final OpenSslServerSessionContext sessionContext;
private static final boolean ENABLE_SESSION_TICKET =
SystemPropertyUtil.getBoolean("jdk.tls.server.enableSessionTicketExtension", false);
ReferenceCountedOpenSslServerContext(
X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
@ -75,6 +79,9 @@ public final class ReferenceCountedOpenSslServerContext extends ReferenceCounted
try {
sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
keyCertChain, key, keyPassword, keyManagerFactory, keyStore);
if (ENABLE_SESSION_TICKET) {
sessionContext.setTicketKeys();
}
success = true;
} finally {
if (!success) {