Add proper Openssl.SSLSession.getId() implementation

Motivation:

The current implementation not returns the real session as byte[] representation.

Modifications:

Create a proper Openssl.SSLSession.get() implementation which returns the real session as byte[].

Result:

More correct implementation
This commit is contained in:
Norman Maurer 2014-11-06 09:02:57 +01:00 committed by Norman Maurer
parent 8282b12b6a
commit 6bfc68c785

View File

@ -703,7 +703,6 @@ public final class OpenSslEngine extends SSLEngine {
if (session == null) {
session = new SSLSession() {
// SSLSession implementation seems to not need to be thread-safe so no need for volatile etc.
private byte[] id;
private X509Certificate[] x509PeerCerts;
// lazy init for memory reasons
@ -711,9 +710,11 @@ public final class OpenSslEngine extends SSLEngine {
@Override
public byte[] getId() {
// these are lazy created to reduce memory overhead but cached for performance reasons.
// We don't cache that to keep memory usage to a minimum.
byte[] id = SSL.getSessionId(ssl);
if (id == null) {
id = String.valueOf(ssl).getBytes();
// The id should never be null, if it was null then the SESSION itself was not valid.
throw new IllegalStateException("SSL session ID not available");
}
return id;
}