Add proper Openssl.SSLSession.getId() implementation

Motivation:

The current implementation not returns the real session as byte[] representation.

Modifications:

Create a proper Openssl.SSLSession.get() implementation which returns the real session as byte[].

Result:

More correct implementation
This commit is contained in:
Norman Maurer 2014-11-06 09:02:57 +01:00 committed by Norman Maurer
parent fb3b16d9d4
commit 7423db0b8e

View File

@ -703,7 +703,6 @@ public final class OpenSslEngine extends SSLEngine {
if (session == null) { if (session == null) {
session = new SSLSession() { session = new SSLSession() {
// SSLSession implementation seems to not need to be thread-safe so no need for volatile etc. // SSLSession implementation seems to not need to be thread-safe so no need for volatile etc.
private byte[] id;
private X509Certificate[] x509PeerCerts; private X509Certificate[] x509PeerCerts;
// lazy init for memory reasons // lazy init for memory reasons
@ -711,9 +710,11 @@ public final class OpenSslEngine extends SSLEngine {
@Override @Override
public byte[] getId() { public byte[] getId() {
// these are lazy created to reduce memory overhead but cached for performance reasons. // We don't cache that to keep memory usage to a minimum.
byte[] id = SSL.getSessionId(ssl);
if (id == null) { if (id == null) {
id = String.valueOf(ssl).getBytes(); // The id should never be null, if it was null then the SESSION itself was not valid.
throw new IllegalStateException("SSL session ID not available");
} }
return id; return id;
} }