-
Bug
-
Resolution: Done
-
Major
-
1.3.27.Final
-
None
SSLHeaderHandler strictly expects the SSL_SESSION_ID header to be present currently with a base64 encoded value. If the SSL_SESSION_ID header is not present, SSLHeaderHandler does nothing and no other ssl info headers are handled. If the SSL_SESSION_ID header does not contain a base64 value, then SSLHeaderHandler/BasicSSLSessionInfo fails the request with a RuntimeException. That can occur with httpd in front since httpd/mod_ssl/openssl can provide a ssl_session_id header value of (null).
This should be improved so that:
1. SSLHeaderHandler/BasicSSLSessionInfo does not fail requests with non-base64 SSL_SESSION_ID header values
2. SSLHeaderHandler still handles other ssl info headers regardless of SSL_SESSION_ID's presence or value
- relates to
-
JBEAP-9328 [GSS](7.1.0) SSLHeaderHandler should not require base64 SSL_SESSION_ID
- Closed
-
JBEAP-9734 [GSS](7.0.z) UNDERTOW-1009 - SSLHeaderHandler should not require base64 SSL_SESSION_ID
- Closed