You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Trustin Lee (JIRA)" <ji...@apache.org> on 2007/01/28 05:01:49 UTC

[jira] Commented: (DIRMINA-326) Cached SSLSessions won't be reused by the SSLFilter if in client mode.

    [ https://issues.apache.org/jira/browse/DIRMINA-326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12468094 ] 

Trustin Lee commented on DIRMINA-326:
-------------------------------------

Please allow us fix this issue along with DIRMINA-325 in 2.0-M1 because it need changes (addition) of the API.

> Cached SSLSessions won't be reused by the SSLFilter if in client mode.
> ----------------------------------------------------------------------
>
>                 Key: DIRMINA-326
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-326
>             Project: MINA
>          Issue Type: Bug
>          Components: Filter
>    Affects Versions: 1.0.0
>            Reporter: Wolter Eldering
>             Fix For: 2.0.0-M1
>
>
> SSLSessions won't be reused by the SSLFilter if in client mode.
> In client mode SSLContext.createSSLEngine() will always create a new SSLSession.
> The only way to reuse cached SSLSessions in client mode is to use the SSLContext.createSSLEngine(String peerHost, int peerPort) factory method.
> Index: filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java
> ===================================================================
> --- filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java     (revision 487691)
> +++ filter-ssl/src/main/java/org/apache/mina/filter/support/SSLHandler.java     (working copy)
> @@ -36,6 +36,7 @@
>  import org.apache.mina.filter.SSLFilter;
>  import org.apache.mina.util.Queue;
>  import org.apache.mina.util.SessionLog;
> +import java.net.InetSocketAddress;
>  
>  /**
>   * A helper class using the SSLEngine API to decrypt/encrypt data.
> @@ -110,7 +111,12 @@
>              return;
>          }
>  
> -        sslEngine = ctx.createSSLEngine();
> +         InetSocketAddress hint = (InetSocketAddress) session.getAttribute(SSLFilter.SESSION_HINT);
> +         if (hint == null) {
> +           sslEngine = ctx.createSSLEngine();
> +        } else {
> +            sslEngine = ctx.createSSLEngine(hint.getHostName(), hint.getPort());
> +         }
>          sslEngine.setUseClientMode( parent.isUseClientMode() );
>  
>          if ( parent.isWantClientAuth() )
> Index: filter-ssl/src/main/java/org/apache/mina/filter/SSLFilter.java
> ===================================================================
> --- filter-ssl/src/main/java/org/apache/mina/filter/SSLFilter.java      (revision 487691)
> +++ filter-ssl/src/main/java/org/apache/mina/filter/SSLFilter.java      (working copy)
> @@ -101,6 +101,9 @@
>       * doesn't emit any events related with SSL session flow control.
>       */
>      public static final String USE_NOTIFICATION = SSLFilter.class.getName() + ".UseNotification";
> +
> +    public static final String SESSION_HINT = SSLFilter.class.getName() + ".SessionHint";
> +
>      
>      /**
>       * A special message object which is emitted with a {@link IoHandler#messageReceived(IoSession, Object)}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.