Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1009

SSLHeaderHandler should not require base64 SSL_SESSION_ID

XMLWordPrintable

      SSLHeaderHandler strictly expects the SSL_SESSION_ID header to be present currently with a base64 encoded value. If the SSL_SESSION_ID header is not present, SSLHeaderHandler does nothing and no other ssl info headers are handled. If the SSL_SESSION_ID header does not contain a base64 value, then SSLHeaderHandler/BasicSSLSessionInfo fails the request with a RuntimeException. That can occur with httpd in front since httpd/mod_ssl/openssl can provide a ssl_session_id header value of (null).

      This should be improved so that:

      1. SSLHeaderHandler/BasicSSLSessionInfo does not fail requests with non-base64 SSL_SESSION_ID header values
      2. SSLHeaderHandler still handles other ssl info headers regardless of SSL_SESSION_ID's presence or value

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              rhn-support-aogburn Aaron Ogburn
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: