You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2022/04/27 10:47:37 UTC
[Bug 66035] SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL
https://bz.apache.org/bugzilla/show_bug.cgi?id=66035
--- Comment #1 from Remy Maucherat <re...@apache.org> ---
The handshake failed and the session id is accessed through your access logging
pattern.
Looking at the Panama code there could be an optimistic use of the
SSL_get_session call (it would return NULL if there's no session because
handshake failed).
The native code seems to have the same problem, since it does:
UNREFERENCED(o);
session = SSL_get_session(ssl_);
session_id = SSL_SESSION_get_id(session, &len);
While other places do:
session = SSL_get_session(ssl_);
if (session) {
return SSL_get_time(session);
} else {
tcn_ThrowException(e, "ssl session is null");
return 0;
}
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org