This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 644d59a Fix semantics of get and set EnableSessionCreation
644d59a is described below
commit 644d59a717b3a5017d07a6d67eab364e3fc89527
Author: Alexander Scheel <asch...@redhat.com>
AuthorDate: Mon Mar 2 17:16:33 2020 -0500
Fix semantics of get and set EnableSessionCreation
Per the javadocs for SSLEngine, setEnableSessionCreation controls
whether or not new sessions are allowed to be created, or whether this
SSLEngine is restricted to resuming existing sessions. The default is
true, i.e., allow new sessions to be created. Because the OpenSSL
SSLEngine implementation does not limit the creation of new sessions,
getEnableSessionCreation should always return true, not false, and the
set operation should only yield an exception when the parameter is
false.
Signed-off-by: Alexander Scheel <asch...@redhat.com>
---
java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 7 ++++---
webapps/docs/changelog.xml | 5 +++++
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 2b5e31f..486f9ea 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -19,6 +19,7 @@ engine.engineClosed=Engine is closed
engine.failedCipherSuite=Failed to enable cipher suite [{0}]
engine.inboundClose=Inbound closed before receiving peer's close_notify
engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <=
offset + length <= srcs.length [{2}])
+engine.noRestrictSessionCreation=OpenSslEngine does not permit restricting the
engine to only resuming existing sessions
engine.noSSLContext=No SSL context
engine.noSession=SSL session ID not available
engine.nullBuffer=Null buffer
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 04f8558..3607b01 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -1117,14 +1117,15 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
@Override
public void setEnableSessionCreation(boolean b) {
- if (b) {
- throw new UnsupportedOperationException();
+ if (!b) {
+ String msg = sm.getString("engine.noRestrictSessionCreation");
+ throw new UnsupportedOperationException(msg);
}
}
@Override
public boolean getEnableSessionCreation() {
- return false;
+ return true;
}
@Override
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e0dcf68..75b8809 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -129,6 +129,11 @@
and allow the other channels using the connection to continue. Based on
a suggestion from Alejandro Anadon. (markt)
</fix>
+ <fix>
+ Correct the semantics of <code>getEnableSessionCreation</code> and
+ <code>setEnableSessionCreation</code> for <code>OpenSSLEngine</code>.
+ Pull request provided by Alexander Scheel. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
