Respect jdk.tls.client.enableSessionTicketExtension and jdk.tls.server.enableSessionTicketExtension when using native SSL impl (#10296)
Motivation: We should respect jdk.tls.client.enableSessionTicketExtension and jdk.tls.server.enableSessionTicketExtension when using the native SSL implementation as well to make the usage of it easier and more consistent. These properties were introduced by JDK13: https://seanjmullan.org/blog/2019/08/05/jdk13 Modifications: Check if the properties are set to true and if so enable tickets Result: Easier to enable tickets and be more consistent
This commit is contained in:
parent
75df58a7e1
commit
69db5bff71
@ -17,6 +17,7 @@ package io.netty.handler.ssl;
|
||||
|
||||
import io.netty.internal.tcnative.CertificateCallback;
|
||||
import io.netty.util.internal.SuppressJava6Requirement;
|
||||
import io.netty.util.internal.SystemPropertyUtil;
|
||||
import io.netty.util.internal.logging.InternalLogger;
|
||||
import io.netty.util.internal.logging.InternalLoggerFactory;
|
||||
import io.netty.internal.tcnative.SSL;
|
||||
@ -56,6 +57,8 @@ public final class ReferenceCountedOpenSslClientContext extends ReferenceCounted
|
||||
OpenSslKeyMaterialManager.KEY_TYPE_EC,
|
||||
OpenSslKeyMaterialManager.KEY_TYPE_EC_RSA,
|
||||
OpenSslKeyMaterialManager.KEY_TYPE_EC_EC)));
|
||||
private static final boolean ENABLE_SESSION_TICKET =
|
||||
SystemPropertyUtil.getBoolean("jdk.tls.client.enableSessionTicketExtension", false);
|
||||
private final OpenSslSessionContext sessionContext;
|
||||
|
||||
ReferenceCountedOpenSslClientContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
|
||||
@ -70,6 +73,9 @@ public final class ReferenceCountedOpenSslClientContext extends ReferenceCounted
|
||||
try {
|
||||
sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
|
||||
keyCertChain, key, keyPassword, keyManagerFactory, keyStore);
|
||||
if (ENABLE_SESSION_TICKET) {
|
||||
sessionContext.setTicketKeys();
|
||||
}
|
||||
success = true;
|
||||
} finally {
|
||||
if (!success) {
|
||||
|
@ -23,6 +23,7 @@ import io.netty.internal.tcnative.SniHostNameMatcher;
|
||||
import io.netty.util.CharsetUtil;
|
||||
import io.netty.util.internal.PlatformDependent;
|
||||
import io.netty.util.internal.SuppressJava6Requirement;
|
||||
import io.netty.util.internal.SystemPropertyUtil;
|
||||
import io.netty.util.internal.logging.InternalLogger;
|
||||
import io.netty.util.internal.logging.InternalLoggerFactory;
|
||||
|
||||
@ -51,6 +52,9 @@ public final class ReferenceCountedOpenSslServerContext extends ReferenceCounted
|
||||
private static final byte[] ID = {'n', 'e', 't', 't', 'y'};
|
||||
private final OpenSslServerSessionContext sessionContext;
|
||||
|
||||
private static final boolean ENABLE_SESSION_TICKET =
|
||||
SystemPropertyUtil.getBoolean("jdk.tls.server.enableSessionTicketExtension", false);
|
||||
|
||||
ReferenceCountedOpenSslServerContext(
|
||||
X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
|
||||
X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
|
||||
@ -75,6 +79,9 @@ public final class ReferenceCountedOpenSslServerContext extends ReferenceCounted
|
||||
try {
|
||||
sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
|
||||
keyCertChain, key, keyPassword, keyManagerFactory, keyStore);
|
||||
if (ENABLE_SESSION_TICKET) {
|
||||
sessionContext.setTicketKeys();
|
||||
}
|
||||
success = true;
|
||||
} finally {
|
||||
if (!success) {
|
||||
|
Loading…
Reference in New Issue
Block a user