Re: [undertow-dev] OpenSSL
Looks like a bug came in with a recent refactor. I just pushed a fix
upstream if you want to try it.
One thing that is still not working is client cert renegotiation. I am
still working on it, but OpenSSL does not seem to be requesting the
client certificate when renegotiating, so you need to ask for the
client ceritificate in the initial handshake.
Stuart
On Mon, Feb 13, 2017 at 7:15 AM, Kim Rasmussen <kr(a)asseco.dk> wrote:
Hi,
I am trying to play around with the beta of the OpenSSL native engine at:
https://github.com/wildfly/wildfly-openssl together with undertow 1.4.10 -
running on windows with openssl 1.0.2k libraries.
But, I am not having a whole lot of luck.... meaning in general it seems to
work fine, but there is no SSLSession available, and thus no client
certificates, info about ciphers etc. - also since the session is not
present, Undertow sets the request scheme to "http" and not "https".
I have looked at it a bit, and I can see that the OpenSSLEngine seems to
always return null when calling getSession(), so it does look like the
engine is at fault.
The SSL engine has a ConcurrentHashMap of sessions, which is initialized
when OpenSSLSessionContext.sessionCreatedCallback() is called - but it looks
like it never is.
Do anyone else have it working with SSL sessions being available ? or know
of something obvious that I am doing wrong ?
Thanks.
/Kim
--
Med venlig hilsen / Best regards
Kim Rasmussen
Partner, IT Architect
Asseco Denmark A/S
Kronprinsessegade 54
DK-1306 Copenhagen K
Mobile: +45 26 16 40 23
Ph.: +45 33 36 46 60
Fax: +45 33 36 46 61
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev