From dev-return-193999-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Thu Oct 11 12:18:42 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 4451218064A for ; Thu, 11 Oct 2018 12:18:42 +0200 (CEST) Received: (qmail 58969 invoked by uid 500); 11 Oct 2018 10:18:41 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 58959 invoked by uid 99); 11 Oct 2018 10:18:41 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Oct 2018 10:18:41 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 2DF713A0F4C for ; Thu, 11 Oct 2018 10:18:40 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1843542 - in /tomcat/trunk: java/org/apache/tomcat/jni/SSL.java java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java webapps/docs/changelog.xml Date: Thu, 11 Oct 2018 10:18:39 -0000 To: dev@tomcat.apache.org From: markt@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20181011101840.2DF713A0F4C@svn01-us-west.apache.org> Author: markt Date: Thu Oct 11 10:18:39 2018 New Revision: 1843542 URL: http://svn.apache.org/viewvc?rev=1843542&view=rev Log: Fix server initiated TLS renegotiation to obtain a client certificate when using NIO/NIO2 and the OpenSSL backed JSSE TLS implementation. Prior to this fix, the client would send the certs but the server would not read them and would timeout the request. Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSL.java?rev=1843542&r1=1843541&r2=1843542&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/jni/SSL.java (original) +++ tomcat/trunk/java/org/apache/tomcat/jni/SSL.java Thu Oct 11 10:18:39 2018 @@ -557,6 +557,13 @@ public final class SSL { public static native int renegotiate(long ssl); /** + * SSL_renegotiate_pending + * @param ssl the SSL instance (SSL *) + * @return the operation status + */ + public static native int renegotiatePending(long ssl); + + /** * SSL_in_init. * @param ssl the SSL instance (SSL *) * @return the status Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1843542&r1=1843541&r2=1843542&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Thu Oct 11 10:18:39 2018 @@ -982,7 +982,7 @@ public final class OpenSSLEngine extends // No pending data to be sent to the peer // Check to see if we have finished handshaking int handshakeCount = SSL.getHandshakeCount(ssl); - if (handshakeCount != currentHandshake) { + if (handshakeCount != currentHandshake && SSL.renegotiatePending(ssl) == 0) { if (alpn) { selectedProtocol = SSL.getAlpnSelected(ssl); if (selectedProtocol == null) { @@ -994,7 +994,7 @@ public final class OpenSSLEngine extends return SSLEngineResult.HandshakeStatus.FINISHED; } - // No pending data and still handshaking + // No pending data and still handshaking / renegotiation pending // Must be waiting on the peer to send more data return SSLEngineResult.HandshakeStatus.NEED_UNWRAP; } Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1843542&r1=1843541&r2=1843542&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Thu Oct 11 10:18:39 2018 @@ -127,6 +127,11 @@ implementation that prevented from secure WebSocket connections from being established. (markt) + + Fix server initiated TLS renegotiation to obtain a client certificate + when using NIO/NIO2 and the OpenSSL backed JSSE TLS implementation. + (markt) + --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org