Skip to content

Commit

Permalink
SSLSocket.session= needs to delay session initialization after the en…
Browse files Browse the repository at this point in the history
…gine is setup

... hopefully the now removed `session=` warning won't confuse users as we do not
do much except for copy-ing the timeout - although the underlying engine should
now have an explicit hint not to create new sessions!

resolves cases such as jruby/jruby#3765
kares committed Mar 30, 2016
1 parent f12aab2 commit ed95b2c
Showing 1 changed file with 20 additions and 10 deletions.
30 changes: 20 additions & 10 deletions src/main/java/org/jruby/ext/openssl/SSLSocket.java
Original file line number Diff line number Diff line change
@@ -191,7 +191,9 @@ private SSLEngine ossl_ssl_setup(final ThreadContext context)
peerAppData.limit(0);
netData.limit(0);
dummy = ByteBuffer.allocate(0);
return this.engine = engine;
this.engine = engine;
copySessionSetupIfSet();
return engine;
}

@JRubyMethod(name = "io", alias = "to_io")
@@ -1054,23 +1056,31 @@ private SSLSession getSession(final ThreadContext context) {
return session;
}

private transient SSLSession setSession = null;

@JRubyMethod(name = "session=")
public IRubyObject set_session(IRubyObject session) {
final ThreadContext context = getRuntime().getCurrentContext();
// NOTE: we can not fully support this without the SSL provider internals
// but we can assume setting a session= is meant as a forced session re-use
if ( reusableSSLEngine() ) {
engine.setEnableSessionCreation(false);
if ( session instanceof SSLSession ) {
final SSLSession theSession = (SSLSession) session;
if ( ! theSession.equals( getSession(context) ) ) {
getSession(context).set_timeout(context, theSession.timeout(context));
if ( session instanceof SSLSession ) {
setSession = (SSLSession) session;
if ( engine != null ) copySessionSetupIfSet();
}
//warn(context, "WARNING: SSLSocket#session= has not effect");
return context.nil;
}

private void copySessionSetupIfSet() {
if ( setSession != null ) {
if ( reusableSSLEngine() ) {
engine.setEnableSessionCreation(false);
final ThreadContext context = getRuntime().getCurrentContext();
if ( ! setSession.equals( getSession(context) ) ) {
getSession(context).set_timeout(context, setSession.timeout(context));
}
}
return getSession(context);
}
warn(context, "WARNING: SSLSocket#session= has not effect");
return context.nil;
}

@JRubyMethod

0 comments on commit ed95b2c

Please sign in to comment.