[undertow-dev] OpenSSL
Stuart Douglas
sdouglas at redhat.com
Sun Feb 12 21:41:44 EST 2017
Looks like a bug came in with a recent refactor. I just pushed a fix
upstream if you want to try it.
One thing that is still not working is client cert renegotiation. I am
still working on it, but OpenSSL does not seem to be requesting the
client certificate when renegotiating, so you need to ask for the
client ceritificate in the initial handshake.
Stuart
On Mon, Feb 13, 2017 at 7:15 AM, Kim Rasmussen <kr at asseco.dk> wrote:
> Hi,
>
> I am trying to play around with the beta of the OpenSSL native engine at:
> https://github.com/wildfly/wildfly-openssl together with undertow 1.4.10 -
> running on windows with openssl 1.0.2k libraries.
>
> But, I am not having a whole lot of luck.... meaning in general it seems to
> work fine, but there is no SSLSession available, and thus no client
> certificates, info about ciphers etc. - also since the session is not
> present, Undertow sets the request scheme to "http" and not "https".
>
> I have looked at it a bit, and I can see that the OpenSSLEngine seems to
> always return null when calling getSession(), so it does look like the
> engine is at fault.
> The SSL engine has a ConcurrentHashMap of sessions, which is initialized
> when OpenSSLSessionContext.sessionCreatedCallback() is called - but it looks
> like it never is.
>
> Do anyone else have it working with SSL sessions being available ? or know
> of something obvious that I am doing wrong ?
>
> Thanks.
> /Kim
>
> --
> Med venlig hilsen / Best regards
>
> Kim Rasmussen
> Partner, IT Architect
>
> Asseco Denmark A/S
> Kronprinsessegade 54
> DK-1306 Copenhagen K
> Mobile: +45 26 16 40 23
> Ph.: +45 33 36 46 60
> Fax: +45 33 36 46 61
>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
More information about the undertow-dev
mailing list