[tomcat] branch master updated: Fix semantics of get and set EnableSessionCreation

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new 39a46bc  Fix semantics of get and set EnableSessionCreation
39a46bc is described below

commit 39a46bcc08bfd48970cd04eb129c6dff6b233bc4
Author: Alexander Scheel <asch...@redhat.com>
AuthorDate: Mon Mar 2 17:16:33 2020 -0500

    Fix semantics of get and set EnableSessionCreation
    
    Per the javadocs for SSLEngine, setEnableSessionCreation controls
    whether or not new sessions are allowed to be created, or whether this
    SSLEngine is restricted to resuming existing sessions. The default is
    true, i.e., allow new sessions to be created. Because the OpenSSL
    SSLEngine implementation does not limit the creation of new sessions,
    getEnableSessionCreation should always return true, not false, and the
    set operation should only yield an exception when the parameter is
    false.
    
    Signed-off-by: Alexander Scheel <asch...@redhat.com>
---
 java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
 java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java      | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties 
b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 2b5e31f..486f9ea 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -19,6 +19,7 @@ engine.engineClosed=Engine is closed
 engine.failedCipherSuite=Failed to enable cipher suite [{0}]
 engine.inboundClose=Inbound closed before receiving peer's close_notify
 engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <= 
offset + length <= srcs.length [{2}])
+engine.noRestrictSessionCreation=OpenSslEngine does not permit restricting the 
engine to only resuming existing sessions
 engine.noSSLContext=No SSL context
 engine.noSession=SSL session ID not available
 engine.nullBuffer=Null buffer
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 04f8558..3607b01 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -1117,14 +1117,15 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
 
     @Override
     public void setEnableSessionCreation(boolean b) {
-        if (b) {
-            throw new UnsupportedOperationException();
+        if (!b) {
+            String msg = sm.getString("engine.noRestrictSessionCreation");
+            throw new UnsupportedOperationException(msg);
         }
     }
 
     @Override
     public boolean getEnableSessionCreation() {
-        return false;
+        return true;
     }
 
     @Override


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org