View | Details | Raw Unified | Return to bug 60461
Collapse All | Expand All

(-)java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java (-19 / +35 lines)
Lines 1039-1048 Link Here
1039
        // Last accessed time
1039
        // Last accessed time
1040
        private long lastAccessedTime = -1;
1040
        private long lastAccessedTime = -1;
1041
1041
1042
        // Cache to protect from async access
1043
        private byte[] id = SSL.getSessionId(ssl);
1044
        private long creationTime = SSL.getTime(ssl);
1045
1042
        @Override
1046
        @Override
1043
        public byte[] getId() {
1047
        public byte[] getId() {
1044
            // We don't cache that to keep memory usage to a minimum.
1045
            byte[] id = SSL.getSessionId(ssl);
1046
            if (id == null) {
1048
            if (id == null) {
1047
                // The id should never be null, if it was null then the SESSION itself was not valid.
1049
                // The id should never be null, if it was null then the SESSION itself was not valid.
1048
                throw new IllegalStateException(sm.getString("engine.noSession"));
1050
                throw new IllegalStateException(sm.getString("engine.noSession"));
Lines 1058-1064 Link Here
1058
        @Override
1060
        @Override
1059
        public long getCreationTime() {
1061
        public long getCreationTime() {
1060
            // We need to multiply by 1000 as OpenSSL uses seconds and we need milliseconds.
1062
            // We need to multiply by 1000 as OpenSSL uses seconds and we need milliseconds.
1061
            return SSL.getTime(ssl) * 1000L;
1063
            return creationTime * 1000L;
1062
        }
1064
        }
1063
1065
1064
        @Override
1066
        @Override
Lines 1140-1158 Link Here
1140
            // these are lazy created to reduce memory overhead
1142
            // these are lazy created to reduce memory overhead
1141
            Certificate[] c = peerCerts;
1143
            Certificate[] c = peerCerts;
1142
            if (c == null) {
1144
            if (c == null) {
1143
                if (SSL.isInInit(ssl) != 0) {
1144
                    throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1145
                }
1146
                byte[][] chain = SSL.getPeerCertChain(ssl);
1147
                byte[] clientCert;
1145
                byte[] clientCert;
1148
                if (!clientMode) {
1146
                byte[][] chain;
1149
                    // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate.
1147
                synchronized (OpenSSLEngine.this) {
1150
                    // We use SSL_get_peer_certificate to get it in this case and add it to our array later.
1148
                    if (destroyed || SSL.isInInit(ssl) != 0) {
1151
                    //
1149
                        throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1152
                    // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html
1150
                    }
1153
                    clientCert = SSL.getPeerCertificate(ssl);
1151
                    chain = SSL.getPeerCertChain(ssl);
1154
                } else {
1152
                    if (!clientMode) {
1155
                    clientCert = null;
1153
                        // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate.
1154
                        // We use SSL_get_peer_certificate to get it in this case and add it to our array later.
1155
                        //
1156
                        // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html
1157
                        clientCert = SSL.getPeerCertificate(ssl);
1158
                    } else {
1159
                        clientCert = null;
1160
                    }
1156
                }
1161
                }
1157
                if (chain == null && clientCert == null) {
1162
                if (chain == null && clientCert == null) {
1158
                    return null;
1163
                    return null;
Lines 1193-1202 Link Here
1193
            // these are lazy created to reduce memory overhead
1198
            // these are lazy created to reduce memory overhead
1194
            X509Certificate[] c = x509PeerCerts;
1199
            X509Certificate[] c = x509PeerCerts;
1195
            if (c == null) {
1200
            if (c == null) {
1196
                if (SSL.isInInit(ssl) != 0) {
1201
                byte[][] chain;
1197
                    throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1202
                synchronized (OpenSSLEngine.this) {
1203
                    if (destroyed || SSL.isInInit(ssl) != 0) {
1204
                        throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1205
                    }
1206
                    chain = SSL.getPeerCertChain(ssl);
1198
                }
1207
                }
1199
                byte[][] chain = SSL.getPeerCertChain(ssl);
1200
                if (chain == null) {
1208
                if (chain == null) {
1201
                    throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1209
                    throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1202
                }
1210
                }
Lines 1241-1247 Link Here
1241
                return INVALID_CIPHER;
1249
                return INVALID_CIPHER;
1242
            }
1250
            }
1243
            if (cipher == null) {
1251
            if (cipher == null) {
1244
                String c = OpenSSLCipherConfigurationParser.openSSLToJsse(SSL.getCipherForSSL(ssl));
1252
                String ciphers;
1253
                synchronized (OpenSSLEngine.this) {
1254
                    if (destroyed) {
1255
                        return INVALID_CIPHER;
1256
                    }
1257
                    ciphers = SSL.getCipherForSSL(ssl);
1258
                }
1259
                String c = OpenSSLCipherConfigurationParser.openSSLToJsse(ciphers);
1245
                if (c != null) {
1260
                if (c != null) {
1246
                    cipher = c;
1261
                    cipher = c;
1247
                }
1262
                }
Lines 1251-1256 Link Here
1251
1266
1252
        @Override
1267
        @Override
1253
        public String getProtocol() {
1268
        public String getProtocol() {
1269
            // No sync as ALPN is called when opening the connection
1254
            String applicationProtocol = OpenSSLEngine.this.applicationProtocol;
1270
            String applicationProtocol = OpenSSLEngine.this.applicationProtocol;
1255
            if (applicationProtocol == null) {
1271
            if (applicationProtocol == null) {
1256
                applicationProtocol = SSL.getNextProtoNegotiated(ssl);
1272
                applicationProtocol = SSL.getNextProtoNegotiated(ssl);

Return to bug 60461