mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-27 14:54:52 +02:00
8242008: SSLSession inconsistencies
Reviewed-by: jnimeh, xuelei
This commit is contained in:
Anthony Scarpino
parent
cc05419e1a
commit
ed18906c08
5 changed files with 361 additions and 28 deletions
|
|
@ -481,11 +481,16 @@ final class Finished {
|
|||
SSLHandshake.FINISHED.id, SSLHandshake.FINISHED);
|
||||
shc.conContext.inputRecord.expectingFinishFlight();
|
||||
} else {
|
||||
if (shc.handshakeSession.isRejoinable() &&
|
||||
!shc.handshakeSession.isStatelessable(shc)) {
|
||||
((SSLSessionContextImpl)shc.sslContext.
|
||||
engineGetServerSessionContext()).put(
|
||||
shc.handshakeSession);
|
||||
// Set the session's context based on stateless/cache status
|
||||
if (shc.handshakeSession.isStatelessable(shc)) {
|
||||
shc.handshakeSession.setContext((SSLSessionContextImpl)
|
||||
shc.sslContext.engineGetServerSessionContext());
|
||||
} else {
|
||||
if (shc.handshakeSession.isRejoinable()) {
|
||||
((SSLSessionContextImpl)shc.sslContext.
|
||||
engineGetServerSessionContext()).put(
|
||||
shc.handshakeSession);
|
||||
}
|
||||
}
|
||||
shc.conContext.conSession = shc.handshakeSession.finish();
|
||||
shc.conContext.protocolVersion = shc.negotiatedProtocol;
|
||||
|
|
@ -857,6 +862,9 @@ final class Finished {
|
|||
shc.conContext.serverVerifyData = fm.verifyData;
|
||||
}
|
||||
|
||||
// Make sure session's context is set
|
||||
shc.handshakeSession.setContext((SSLSessionContextImpl)
|
||||
shc.sslContext.engineGetServerSessionContext());
|
||||
shc.conContext.conSession = shc.handshakeSession.finish();
|
||||
|
||||
// update the context
|
||||
|
|
@ -1074,14 +1082,6 @@ final class Finished {
|
|||
shc.negotiatedProtocol);
|
||||
}
|
||||
|
||||
// Save the session if possible and not stateless
|
||||
if (!shc.statelessResumption && !shc.isResumption &&
|
||||
shc.handshakeSession.isRejoinable()) {
|
||||
SSLSessionContextImpl sessionContext = (SSLSessionContextImpl)
|
||||
shc.sslContext.engineGetServerSessionContext();
|
||||
sessionContext.put(shc.handshakeSession);
|
||||
}
|
||||
|
||||
try {
|
||||
// update the application traffic read keys.
|
||||
SecretKey readSecret = kd.deriveKey(
|
||||
|
|
|
|||
|
|
@ -317,13 +317,9 @@ final class SSLSessionImpl extends ExtendedSSLSession {
|
|||
this.protocolVersion =
|
||||
ProtocolVersion.valueOf(Short.toUnsignedInt(buf.getShort()));
|
||||
|
||||
if (protocolVersion.useTLS13PlusSpec()) {
|
||||
this.sessionId = new SessionId(false, null);
|
||||
} else {
|
||||
// The CH session id may reset this if it's provided
|
||||
this.sessionId = new SessionId(true,
|
||||
hc.sslContext.getSecureRandom());
|
||||
}
|
||||
// The CH session id may reset this if it's provided
|
||||
this.sessionId = new SessionId(true,
|
||||
hc.sslContext.getSecureRandom());
|
||||
|
||||
this.cipherSuite =
|
||||
CipherSuite.valueOf(Short.toUnsignedInt(buf.getShort()));
|
||||
|
|
@ -396,8 +392,8 @@ final class SSLSessionImpl extends ExtendedSSLSession {
|
|||
identificationProtocol = null;
|
||||
} else {
|
||||
b = new byte[i];
|
||||
identificationProtocol =
|
||||
buf.get(b, 0, i).asCharBuffer().toString();
|
||||
buf.get(b);
|
||||
identificationProtocol = new String(b);
|
||||
}
|
||||
|
||||
// SNI
|
||||
|
|
@ -452,7 +448,8 @@ final class SSLSessionImpl extends ExtendedSSLSession {
|
|||
this.host = new String();
|
||||
} else {
|
||||
b = new byte[i];
|
||||
this.host = buf.get(b).toString();
|
||||
buf.get(b, 0, i);
|
||||
this.host = new String(b);
|
||||
}
|
||||
this.port = Short.toUnsignedInt(buf.getShort());
|
||||
|
||||
|
|
@ -500,7 +497,8 @@ final class SSLSessionImpl extends ExtendedSSLSession {
|
|||
// Length of pre-shared key algorithm (one byte)
|
||||
i = buf.get();
|
||||
b = new byte[i];
|
||||
String alg = buf.get(b, 0, i).asCharBuffer().toString();
|
||||
buf.get(b, 0 , i);
|
||||
String alg = new String(b);
|
||||
// Get length of encoding
|
||||
i = Short.toUnsignedInt(buf.getShort());
|
||||
// Get encoding
|
||||
|
|
@ -627,8 +625,8 @@ final class SSLSessionImpl extends ExtendedSSLSession {
|
|||
// List of SNIServerName
|
||||
hos.putInt16(requestedServerNames.size());
|
||||
if (requestedServerNames.size() > 0) {
|
||||
for (SNIServerName host : requestedServerNames) {
|
||||
b = host.getEncoded();
|
||||
for (SNIServerName sn : requestedServerNames) {
|
||||
b = sn.getEncoded();
|
||||
hos.putInt8(b.length);
|
||||
hos.write(b, 0, b.length);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -447,8 +447,10 @@ final class SessionTicketExtension {
|
|||
return;
|
||||
}
|
||||
|
||||
// Regardless of session ticket contents, client allows stateless
|
||||
shc.statelessResumption = true;
|
||||
|
||||
if (buffer.remaining() == 0) {
|
||||
shc.statelessResumption = true;
|
||||
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
|
||||
SSLLogger.fine("Client accepts session tickets.");
|
||||
}
|
||||
|
|
@ -461,10 +463,13 @@ final class SessionTicketExtension {
|
|||
if (b != null) {
|
||||
shc.resumingSession = new SSLSessionImpl(shc, b);
|
||||
shc.isResumption = true;
|
||||
shc.statelessResumption = true;
|
||||
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
|
||||
SSLLogger.fine("Valid stateless session ticket found");
|
||||
}
|
||||
} else {
|
||||
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
|
||||
SSLLogger.fine("Invalid stateless session ticket found");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue