You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2018/03/15 13:25:39 UTC
svn commit: r1826812 - in /tomcat/trunk:
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
webapps/docs/changelog.xml
Author: remm
Date: Thu Mar 15 13:25:39 2018
New Revision: 1826812
URL: http://svn.apache.org/viewvc?rev=1826812&view=rev
Log:
While trying for 62177, noticed that JSSE didn't complain while OpenSSL was throwing ISEs. Ignore SSL session access instead of throwing an ISE.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1826812&r1=1826811&r2=1826812&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Thu Mar 15 13:25:39 2018
@@ -1078,12 +1078,11 @@ public final class OpenSSLEngine extends
@Override
public byte[] getId() {
- byte[] id;
+ byte[] id = null;
synchronized (OpenSSLEngine.this) {
- if (destroyed) {
- throw new IllegalStateException(sm.getString("engine.noSession"));
+ if (!destroyed) {
+ id = SSL.getSessionId(ssl);
}
- id = SSL.getSessionId(ssl);
}
return id;
@@ -1099,10 +1098,9 @@ public final class OpenSSLEngine extends
// We need to multiply by 1000 as OpenSSL uses seconds and we need milliseconds.
long creationTime = 0;
synchronized (OpenSSLEngine.this) {
- if (destroyed) {
- throw new IllegalStateException(sm.getString("engine.noSession"));
+ if (!destroyed) {
+ creationTime = SSL.getTime(ssl);
}
- creationTime = SSL.getTime(ssl);
}
return creationTime * 1000L;
}
@@ -1316,10 +1314,9 @@ public final class OpenSSLEngine extends
String applicationProtocol = OpenSSLEngine.this.applicationProtocol;
if (applicationProtocol == null) {
synchronized (OpenSSLEngine.this) {
- if (destroyed) {
- throw new IllegalStateException(sm.getString("engine.noSession"));
+ if (!destroyed) {
+ applicationProtocol = SSL.getNextProtoNegotiated(ssl);
}
- applicationProtocol = SSL.getNextProtoNegotiated(ssl);
}
if (applicationProtocol == null) {
applicationProtocol = fallbackApplicationProtocol;
@@ -1330,12 +1327,11 @@ public final class OpenSSLEngine extends
OpenSSLEngine.this.applicationProtocol = applicationProtocol = "";
}
}
- String version;
+ String version = null;
synchronized (OpenSSLEngine.this) {
- if (destroyed) {
- throw new IllegalStateException(sm.getString("engine.noSession"));
+ if (!destroyed) {
+ version = SSL.getVersion(ssl);
}
- version = SSL.getVersion(ssl);
}
if (applicationProtocol.isEmpty()) {
return version;
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1826812&r1=1826811&r2=1826812&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Mar 15 13:25:39 2018
@@ -82,6 +82,9 @@
<fix>
Improve debug logging for HTTP/2 pushed streams. (markt)
</fix>
+ <fix>
+ The OpenSSL engine SSL session will now ignore invalid accesses. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="jdbc-pool">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org