Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9734

[GSS](7.0.z) UNDERTOW-1009 - SSLHeaderHandler should not require base64 SSL_SESSION_ID

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.0.6.CR1, 7.0.6.GA
    • 7.0.4.GA
    • Undertow
    • None
    • EAP 7.0.6

      SSLHeaderHandler strictly expects the SSL_SESSION_ID header to be present currently with a base64 encoded value. If the SSL_SESSION_ID header is not present, SSLHeaderHandler does nothing and no other ssl info headers are handled. If the SSL_SESSION_ID header does not contain a base64 value, then SSLHeaderHandler/BasicSSLSessionInfo fails the request with a RuntimeException. That can occur with httpd in front since httpd/mod_ssl/openssl can provide a ssl_session_id header value of (null).

      This should be improved so that:

      1. SSLHeaderHandler/BasicSSLSessionInfo does not fail requests with non-base64 SSL_SESSION_ID header values
      2. SSLHeaderHandler still handles other ssl info headers regardless of SSL_SESSION_ID's presence or value

            sdouglas1@redhat.com Stuart Douglas
            psotirop@redhat.com Panagiotis Sotiropoulos (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: