<div dir="ltr">Awesome thanks.<div>Is there a snapshot repository available somewhere if I prefer to avoid doing the native builds ?</div><div><br></div><div>No worries regarding renegotiating the client certificate - I have always found that the only truly reliable way of asking for client cert, is to set "need/wantClientAuth" to true at the start - that gives fewest problems with various clients.</div><div>It is in my opinion only in the last few years that wantClientAuth have started to work reliably with the browsers without various side-effects in the client GUI.</div><div><br></div><div>Great work again, thanks</div><div>/Kim</div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-02-13 3:41 GMT+01:00 Stuart Douglas <span dir="ltr"><<a href="mailto:sdouglas@redhat.com" target="_blank">sdouglas@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Looks like a bug came in with a recent refactor. I just pushed a fix<br>
upstream if you want to try it.<br>
<br>
One thing that is still not working is client cert renegotiation. I am<br>
still working on it, but OpenSSL does not seem to be requesting the<br>
client certificate when renegotiating, so you need to ask for the<br>
client ceritificate in the initial handshake.<br>
<br>
Stuart<br>
<div><div class="h5"><br>
On Mon, Feb 13, 2017 at 7:15 AM, Kim Rasmussen <<a href="mailto:kr@asseco.dk">kr@asseco.dk</a>> wrote:<br>
> Hi,<br>
><br>
> I am trying to play around with the beta of the OpenSSL native engine at:<br>
> <a href="https://github.com/wildfly/wildfly-openssl" rel="noreferrer" target="_blank">https://github.com/wildfly/<wbr>wildfly-openssl</a> together with undertow 1.4.10 -<br>
> running on windows with openssl 1.0.2k libraries.<br>
><br>
> But, I am not having a whole lot of luck.... meaning in general it seems to<br>
> work fine, but there is no SSLSession available, and thus no client<br>
> certificates, info about ciphers etc. - also since the session is not<br>
> present, Undertow sets the request scheme to "http" and not "https".<br>
><br>
> I have looked at it a bit, and I can see that the OpenSSLEngine seems to<br>
> always return null when calling getSession(), so it does look like the<br>
> engine is at fault.<br>
> The SSL engine has a ConcurrentHashMap of sessions, which is initialized<br>
> when OpenSSLSessionContext.<wbr>sessionCreatedCallback() is called - but it looks<br>
> like it never is.<br>
><br>
> Do anyone else have it working with SSL sessions being available ? or know<br>
> of something obvious that I am doing wrong ?<br>
><br>
> Thanks.<br>
> /Kim<br>
><br>
> --<br>
> Med venlig hilsen / Best regards<br>
><br>
> Kim Rasmussen<br>
> Partner, IT Architect<br>
><br>
> Asseco Denmark A/S<br>
> Kronprinsessegade 54<br>
> DK-1306 Copenhagen K<br>
> Mobile: +45 26 16 40 23<br>
> Ph.: +45 33 36 46 60<br>
> Fax: +45 33 36 46 61<br>
><br>
><br>
</div></div>> ______________________________<wbr>_________________<br>
> undertow-dev mailing list<br>
> <a href="mailto:undertow-dev@lists.jboss.org">undertow-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/undertow-dev</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><span style="font-family:arial,sans-serif;font-size:13px;border-collapse:collapse"><div><span style="font-family:verdana,sans-serif;font-size:13px">Med venlig hilsen / Best regards</span></div><div><p><b><span lang="EN-GB" style="font-size:10pt"><font color="#000066"><font face="verdana, sans-serif"><span style="color:rgb(34,34,34);background-color:rgb(255,255,255)">Kim Rasmussen</span></font></font></span></b><b><span lang="EN-GB" style="color:rgb(0,51,102)"><font face="verdana, sans-serif"><br></font></span></b><span lang="EN-GB" style="font-size:10pt;color:rgb(102,102,102)"><font face="verdana, sans-serif">Partner, IT Architect</font></span></p><p><b><span lang="EN-GB" style="font-size:10pt;color:rgb(102,102,102)"><font face="verdana, sans-serif">Asseco Denmark A/S</font></span></b><span lang="EN-GB" style="font-size:10pt;color:rgb(102,102,102)"><font face="verdana, sans-serif"><b><br></b>Kronprinsessegade 54<br>DK-1306 Copenhagen K<br>Mobile: +45 26 16 40 23<br>Ph.: +45 33 36 46 60<br>Fax: +45 33 36 46 61</font></span></p></div></span></div>
</div>