View | Details | Raw Unified | Return to bug 60461
Collapse All | Expand All

(-)java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java (-19 / +45 lines)
Lines 1041-1048 Link Here
1041
1041
1042
        @Override
1042
        @Override
1043
        public byte[] getId() {
1043
        public byte[] getId() {
1044
            // We don't cache that to keep memory usage to a minimum.
1044
            byte[] id;
1045
            byte[] id = SSL.getSessionId(ssl);
1045
            synchronized (OpenSSLEngine.this) {
1046
                if (destroyed) {
1047
                    throw new IllegalStateException(sm.getString("engine.noSession"));
1048
                }
1049
                id = SSL.getSessionId(ssl);
1050
            }
1046
            if (id == null) {
1051
            if (id == null) {
1047
                // The id should never be null, if it was null then the SESSION itself was not valid.
1052
                // The id should never be null, if it was null then the SESSION itself was not valid.
1048
                throw new IllegalStateException(sm.getString("engine.noSession"));
1053
                throw new IllegalStateException(sm.getString("engine.noSession"));
Lines 1058-1064 Link Here
1058
        @Override
1063
        @Override
1059
        public long getCreationTime() {
1064
        public long getCreationTime() {
1060
            // We need to multiply by 1000 as OpenSSL uses seconds and we need milliseconds.
1065
            // We need to multiply by 1000 as OpenSSL uses seconds and we need milliseconds.
1061
            return SSL.getTime(ssl) * 1000L;
1066
            long creationTime = 0;
1067
            synchronized (OpenSSLEngine.this) {
1068
                if (destroyed) {
1069
                    throw new IllegalStateException(sm.getString("engine.noSession"));
1070
                }
1071
                creationTime = SSL.getTime(ssl);
1072
            }
1073
            return creationTime * 1000L;
1062
        }
1074
        }
1063
1075
1064
        @Override
1076
        @Override
Lines 1140-1158 Link Here
1140
            // these are lazy created to reduce memory overhead
1152
            // these are lazy created to reduce memory overhead
1141
            Certificate[] c = peerCerts;
1153
            Certificate[] c = peerCerts;
1142
            if (c == null) {
1154
            if (c == null) {
1143
                if (SSL.isInInit(ssl) != 0) {
1144
                    throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1145
                }
1146
                byte[][] chain = SSL.getPeerCertChain(ssl);
1147
                byte[] clientCert;
1155
                byte[] clientCert;
1148
                if (!clientMode) {
1156
                byte[][] chain;
1149
                    // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate.
1157
                synchronized (OpenSSLEngine.this) {
1150
                    // We use SSL_get_peer_certificate to get it in this case and add it to our array later.
1158
                    if (destroyed || SSL.isInInit(ssl) != 0) {
1151
                    //
1159
                        throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1152
                    // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html
1160
                    }
1153
                    clientCert = SSL.getPeerCertificate(ssl);
1161
                    chain = SSL.getPeerCertChain(ssl);
1154
                } else {
1162
                    if (!clientMode) {
1155
                    clientCert = null;
1163
                        // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate.
1164
                        // We use SSL_get_peer_certificate to get it in this case and add it to our array later.
1165
                        //
1166
                        // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html
1167
                        clientCert = SSL.getPeerCertificate(ssl);
1168
                    } else {
1169
                        clientCert = null;
1170
                    }
1156
                }
1171
                }
1157
                if (chain == null && clientCert == null) {
1172
                if (chain == null && clientCert == null) {
1158
                    return null;
1173
                    return null;
Lines 1193-1202 Link Here
1193
            // these are lazy created to reduce memory overhead
1208
            // these are lazy created to reduce memory overhead
1194
            X509Certificate[] c = x509PeerCerts;
1209
            X509Certificate[] c = x509PeerCerts;
1195
            if (c == null) {
1210
            if (c == null) {
1196
                if (SSL.isInInit(ssl) != 0) {
1211
                byte[][] chain;
1197
                    throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1212
                synchronized (OpenSSLEngine.this) {
1213
                    if (destroyed || SSL.isInInit(ssl) != 0) {
1214
                        throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1215
                    }
1216
                    chain = SSL.getPeerCertChain(ssl);
1198
                }
1217
                }
1199
                byte[][] chain = SSL.getPeerCertChain(ssl);
1200
                if (chain == null) {
1218
                if (chain == null) {
1201
                    throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1219
                    throw new SSLPeerUnverifiedException(sm.getString("engine.unverifiedPeer"));
1202
                }
1220
                }
Lines 1241-1247 Link Here
1241
                return INVALID_CIPHER;
1259
                return INVALID_CIPHER;
1242
            }
1260
            }
1243
            if (cipher == null) {
1261
            if (cipher == null) {
1244
                String c = OpenSSLCipherConfigurationParser.openSSLToJsse(SSL.getCipherForSSL(ssl));
1262
                String ciphers;
1263
                synchronized (OpenSSLEngine.this) {
1264
                    if (destroyed) {
1265
                        return INVALID_CIPHER;
1266
                    }
1267
                    ciphers = SSL.getCipherForSSL(ssl);
1268
                }
1269
                String c = OpenSSLCipherConfigurationParser.openSSLToJsse(ciphers);
1245
                if (c != null) {
1270
                if (c != null) {
1246
                    cipher = c;
1271
                    cipher = c;
1247
                }
1272
                }
Lines 1251-1256 Link Here
1251
1276
1252
        @Override
1277
        @Override
1253
        public String getProtocol() {
1278
        public String getProtocol() {
1279
            // No sync as ALPN is called when opening the connection
1254
            String applicationProtocol = OpenSSLEngine.this.applicationProtocol;
1280
            String applicationProtocol = OpenSSLEngine.this.applicationProtocol;
1255
            if (applicationProtocol == null) {
1281
            if (applicationProtocol == null) {
1256
                applicationProtocol = SSL.getNextProtoNegotiated(ssl);
1282
                applicationProtocol = SSL.getNextProtoNegotiated(ssl);

Return to bug 60461