Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1009

SSLHeaderHandler should not require base64 SSL_SESSION_ID

    Details

      Description

      SSLHeaderHandler strictly expects the SSL_SESSION_ID header to be present currently with a base64 encoded value. If the SSL_SESSION_ID header is not present, SSLHeaderHandler does nothing and no other ssl info headers are handled. If the SSL_SESSION_ID header does not contain a base64 value, then SSLHeaderHandler/BasicSSLSessionInfo fails the request with a RuntimeException. That can occur with httpd in front since httpd/mod_ssl/openssl can provide a ssl_session_id header value of (null).

      This should be improved so that:

      1. SSLHeaderHandler/BasicSSLSessionInfo does not fail requests with non-base64 SSL_SESSION_ID header values
      2. SSLHeaderHandler still handles other ssl info headers regardless of SSL_SESSION_ID's presence or value

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  swd847 Stuart Douglas
                  Reporter:
                  aogburn Aaron Ogburn
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: