mina-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Berg, Daniel" <Daniel.B...@avinor.no>
Subject SV: retrieve SSLSession to check the client certificate validity
Date Tue, 23 Jun 2009 14:01:31 GMT

I had the same issue, both sessionCreated and sessionOpened are called before the ssl handshake
is complete - this is handled by the filter as data is received after the session is opened.


 I resolved it by blocking :p in the sessionOpened call back, waiting for some timeout. Not
sure if it will work for you though - depends on your threading model.

public void sessionOpened(IoSession session) throws Exception {
        IoFilter filter = session.getFilterChain().get(this.sslFilterName);
        if (isUseTLS() && filter instanceof SslFilter) {
            logger.debug("Waiting for client {0} to initiate handshake", session);
            Timeout clientMustInitateHandshake = new Timeout(this.HANDSHAKE_TIMEOUT_MS);
            while (null == session.getAttribute(SslFilter.SSL_SESSION) && !clientMustInitateHandshake.isTimedout())
		{
                Thread.sleep(5L);
            }
            SSLSession sslSession = (SSLSession) session.getAttribute(SslFilter.SSL_SESSION);

            if (null == sslSession) {
                logger.warning("The client {1} did not initiate the TLS handshake within timeout
{0}", null,
                        this.HANDSHAKE_TIMEOUT_MS, session);
                throw new javax.net.ssl.SSLHandshakeException(
                        "Client did not initiate TLS handshake in a timely fashion. SSL handshake
failed.");
            } else {

                Certificate[] certificates = sslSession.getPeerCertificates(); 
... Snip ...

Hope this helps.

--
Daniel Berg


-----Opprinnelig melding-----
Fra: Cédric LUCAS [mailto:Cedric.LUCAS@ingenico.com] 
Sendt: 23. juni 2009 15:52
Til: users@mina.apache.org
Emne: RE: retrieve SSLSession to check the client certificate validity

Thanks for the reply. But this does not work either :(.
Any other suggestion?

----------
From : Emmanuel Lecharny
Re: retrieve SSLSession to check the client certificate validity

Cédric LUCAS wrote:
> Hello,
>   
Hi Cédric,

> Then, I bind a handler to this IOAcceptor, and I try to retrieve the javax.net.ssl.SSLSession
in the sessionCreated() method of the handler, doing this:
>   

Not sure that the SSLSession is injected into the session's attribute when the sessionCreated
event is received. Can you check the very same but on the sessionOpened event ?



Mime
View raw message