From: "Kim Rasmussen" <kr(a)asseco.dk>
To: "Stuart Douglas" <sdouglas(a)redhat.com>
Cc: "Undertow Developers" <undertow-dev(a)lists.jboss.org>
Sent: Monday, February 13, 2017 7:26:02 AM
Subject: Re: [undertow-dev] OpenSSL
Is there a snapshot repository available somewhere if I prefer to avoid
doing the native builds ?
No worries regarding renegotiating the client certificate - I have
found that the only truly reliable way of asking for client cert, is to set
"need/wantClientAuth" to true at the start - that gives fewest problems
with various clients.
It is in my opinion only in the last few years that wantClientAuth have
started to work reliably with the browsers without various side-effects in
the client GUI.
Great work again, thanks
2017-02-13 3:41 GMT+01:00 Stuart Douglas <sdouglas(a)redhat.com>:
> Looks like a bug came in with a recent refactor. I just pushed a fix
> upstream if you want to try it.
> One thing that is still not working is client cert renegotiation. I am
> still working on it, but OpenSSL does not seem to be requesting the
> client certificate when renegotiating, so you need to ask for the
> client ceritificate in the initial handshake.
> On Mon, Feb 13, 2017 at 7:15 AM, Kim Rasmussen <kr(a)asseco.dk> wrote:
> > Hi,
> > I am trying to play around with the beta of the OpenSSL native engine at:
> > https://github.com/wildfly/wildfly-openssl
together with undertow
> 1.4.10 -
> > running on windows with openssl 1.0.2k libraries.
> > But, I am not having a whole lot of luck.... meaning in general it seems
> > work fine, but there is no SSLSession available, and thus no client
> > certificates, info about ciphers etc. - also since the session is not
> > present, Undertow sets the request scheme to "http" and not
> > I have looked at it a bit, and I can see that the OpenSSLEngine seems to
> > always return null when calling getSession(), so it does look like the
> > engine is at fault.
> > The SSL engine has a ConcurrentHashMap of sessions, which is initialized
> > when OpenSSLSessionContext.sessionCreatedCallback() is called - but it
> > like it never is.
> > Do anyone else have it working with SSL sessions being available ? or
> > of something obvious that I am doing wrong ?
> > Thanks.
> > /Kim
> > --
> > Med venlig hilsen / Best regards
> > Kim Rasmussen
> > Partner, IT Architect
> > Asseco Denmark A/S
> > Kronprinsessegade 54
> > DK-1306 Copenhagen K
> > Mobile: +45 26 16 40 23
> > Ph.: +45 33 36 46 60
> > Fax: +45 33 36 46 61
> > _______________________________________________
> > undertow-dev mailing list
> > undertow-dev(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/undertow-dev
Med venlig hilsen / Best regards
Partner, IT Architect
*Asseco Denmark A/S*
DK-1306 Copenhagen K
Mobile: +45 26 16 40 23
Ph.: +45 33 36 46 60
Fax: +45 33 36 46 61
undertow-dev mailing list
Sent from my Hosaka Ono-Sendai Cyberspace 7
Michal Karm Babacek
☕ JBoss QE
Red Hat Czech | GMT+1
☎ +420 737 778 560 (cell)
☎ +420 532 294 547 (⇖forwarded⇖)
freenode: #wildfly #mod_cluster #fedora-devel