[undertow-dev] OpenSSL
Karm Michal Babacek
karm at redhat.com
Wed Feb 15 12:19:10 EST 2017
----- Original Message -----
> From: "Kim Rasmussen" <kr at asseco.dk>
> To: "Stuart Douglas" <sdouglas at redhat.com>
> Cc: "Undertow Developers" <undertow-dev at lists.jboss.org>
> Sent: Monday, February 13, 2017 7:26:02 AM
> Subject: Re: [undertow-dev] OpenSSL
>
> Awesome thanks.
> Is there a snapshot repository available somewhere if I prefer to avoid
> doing the native builds ?
>
Best regards from mod_cluster community :-)
wildfly-openssl https://ci.modcluster.io/job/wildfly-openssl-windows/2/
openssl 1.0.2h https://ci.modcluster.io/job/openssl-windows/
Have fun
-K-
> No worries regarding renegotiating the client certificate - I have always
> found that the only truly reliable way of asking for client cert, is to set
> "need/wantClientAuth" to true at the start - that gives fewest problems
> with various clients.
> It is in my opinion only in the last few years that wantClientAuth have
> started to work reliably with the browsers without various side-effects in
> the client GUI.
>
> Great work again, thanks
> /Kim
>
> 2017-02-13 3:41 GMT+01:00 Stuart Douglas <sdouglas at redhat.com>:
>
> > Looks like a bug came in with a recent refactor. I just pushed a fix
> > upstream if you want to try it.
> >
> > One thing that is still not working is client cert renegotiation. I am
> > still working on it, but OpenSSL does not seem to be requesting the
> > client certificate when renegotiating, so you need to ask for the
> > client ceritificate in the initial handshake.
> >
> > Stuart
> >
> > On Mon, Feb 13, 2017 at 7:15 AM, Kim Rasmussen <kr at asseco.dk> wrote:
> > > Hi,
> > >
> > > I am trying to play around with the beta of the OpenSSL native engine at:
> > > https://github.com/wildfly/wildfly-openssl together with undertow
> > 1.4.10 -
> > > running on windows with openssl 1.0.2k libraries.
> > >
> > > But, I am not having a whole lot of luck.... meaning in general it seems
> > to
> > > work fine, but there is no SSLSession available, and thus no client
> > > certificates, info about ciphers etc. - also since the session is not
> > > present, Undertow sets the request scheme to "http" and not "https".
> > >
> > > I have looked at it a bit, and I can see that the OpenSSLEngine seems to
> > > always return null when calling getSession(), so it does look like the
> > > engine is at fault.
> > > The SSL engine has a ConcurrentHashMap of sessions, which is initialized
> > > when OpenSSLSessionContext.sessionCreatedCallback() is called - but it
> > looks
> > > like it never is.
> > >
> > > Do anyone else have it working with SSL sessions being available ? or
> > know
> > > of something obvious that I am doing wrong ?
> > >
> > > Thanks.
> > > /Kim
> > >
> > > --
> > > Med venlig hilsen / Best regards
> > >
> > > Kim Rasmussen
> > > Partner, IT Architect
> > >
> > > Asseco Denmark A/S
> > > Kronprinsessegade 54
> > > DK-1306 Copenhagen K
> > > Mobile: +45 26 16 40 23
> > > Ph.: +45 33 36 46 60
> > > Fax: +45 33 36 46 61
> > >
> > >
> > > _______________________________________________
> > > undertow-dev mailing list
> > > undertow-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/undertow-dev
> >
>
>
>
> --
> Med venlig hilsen / Best regards
>
> *Kim Rasmussen*
> Partner, IT Architect
>
> *Asseco Denmark A/S*
> Kronprinsessegade 54
> DK-1306 Copenhagen K
> Mobile: +45 26 16 40 23
> Ph.: +45 33 36 46 60
> Fax: +45 33 36 46 61
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
--
Sent from my Hosaka Ono-Sendai Cyberspace 7
--
Michal Karm Babacek
☕ JBoss QE
Red Hat Czech | GMT+1
☎ +420 737 778 560 (cell)
☎ +420 532 294 547 (⇖forwarded⇖)
freenode: #wildfly #mod_cluster #fedora-devel
⚙ http://modcluster.io ✉ karm at redhat.com
More information about the undertow-dev
mailing list