directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From seelm...@apache.org
Subject [directory-ldap-api] branch master updated: DIRAPI-375: Enable TLSv1.3 by default and expose SSLSession to allow clients to retrieve the used protocol, cipher, and certificates
Date Sun, 20 Jun 2021 20:38:53 GMT
This is an automated email from the ASF dual-hosted git repository.

seelmann pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-ldap-api.git


The following commit(s) were added to refs/heads/master by this push:
     new 4322886  DIRAPI-375: Enable TLSv1.3 by default and expose SSLSession to allow clients
to retrieve the used protocol, cipher, and certificates
4322886 is described below

commit 4322886f8ed9fe0d2c588f0c557e92e4d160149f
Author: Stefan Seelmann <mail@stefan-seelmann.de>
AuthorDate: Sun Jun 20 22:37:01 2021 +0200

    DIRAPI-375: Enable TLSv1.3 by default and expose SSLSession to allow clients to retrieve
the used protocol, cipher, and certificates
---
 .../ldap/client/api/LdapNetworkConnection.java     | 24 +++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
b/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
index c5d7c59..43d3dab 100644
--- a/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
+++ b/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
@@ -48,6 +48,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.locks.ReentrantLock;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
 import javax.security.auth.Subject;
 import javax.security.auth.login.Configuration;
@@ -4942,7 +4943,7 @@ public class LdapNetworkConnection extends AbstractLdapConnection implements
Lda
             {
                 // Default to TLS
                 sslFilter.setEnabledProtocols( new String[]
-                    { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+                    { "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" } );
             }
 
             // for LDAPS/TLS
@@ -5379,4 +5380,25 @@ public class LdapNetworkConnection extends AbstractLdapConnection implements
Lda
             handshakeFuture.secured();
         }
     }
+
+
+    /**
+     * Gets the {@link SSLSession} associated with the connection.
+     * 
+     * @return the {@link SSLSession} associated with the connection or null if the connection
is not secured
+     */
+    public SSLSession getSslSession()
+    {
+        if ( isSecured() )
+        {
+            SslFilter filter = ( SslFilter ) ioSession.getFilterChain().get( SSL_FILTER_KEY
);
+            SSLSession sslSession = filter.getSslSession( ioSession );
+            return sslSession;
+        }
+        else
+        {
+            return null;
+        }
+    }
+
 }

Mime
View raw message