This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 3938c2f Fix semantics of get and set EnableSessionCreation
3938c2f is described below
commit 3938c2fc163bed7c382795a50c70af1f5ca1b25e
Author: Alexander Scheel <asch...@redhat.com>
AuthorDate: Mon Mar 2 17:16:33 2020 -0500
Fix semantics of get and set EnableSessionCreation
Per the javadocs for SSLEngine, setEnableSessionCreation controls
whether or not new sessions are allowed to be created, or whether this
SSLEngine is restricted to resuming existing sessions. The default is
true, i.e., allow new sessions to be created. Because the OpenSSL
SSLEngine implementation does not limit the creation of new sessions,
getEnableSessionCreation should always return true, not false, and the
set operation should only yield an exception when the parameter is
false.
Signed-off-by: Alexander Scheel <asch...@redhat.com>
---
java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 7 ++++---
webapps/docs/changelog.xml | 5 +++++
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 2b5e31f..486f9ea 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -19,6 +19,7 @@ engine.engineClosed=Engine is closed
engine.failedCipherSuite=Failed to enable cipher suite [{0}]
engine.inboundClose=Inbound closed before receiving peer's close_notify
engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <=
offset + length <= srcs.length [{2}])
+engine.noRestrictSessionCreation=OpenSslEngine does not permit restricting the
engine to only resuming existing sessions
engine.noSSLContext=No SSL context
engine.noSession=SSL session ID not available
engine.nullBuffer=Null buffer
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 04f8558..3607b01 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -1117,14 +1117,15 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
@Override
public void setEnableSessionCreation(boolean b) {
- if (b) {
- throw new UnsupportedOperationException();
+ if (!b) {
+ String msg = sm.getString("engine.noRestrictSessionCreation");
+ throw new UnsupportedOperationException(msg);
}
}
@Override
public boolean getEnableSessionCreation() {
- return false;
+ return true;
}
@Override
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 52ff0ff..38c436d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,11 @@
and allow the other channels using the connection to continue. Based on
a suggestion from Alejandro Anadon. (markt)
</fix>
+ <fix>
+ Correct the semantics of <code>getEnableSessionCreation</code> and
+ <code>setEnableSessionCreation</code> for <code>OpenSSLEngine</code>.
+ Pull request provided by Alexander Scheel. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
