Skip to content

Commit 30d2012

Browse files
krutonandi34
kruton
authored and
andi34
committed
Use SSL_session_reused to check when a session was reused
The returned session_id could be exactly the same in the case of TLS session tickets, so use the SSL_session_reused API to determine exactly when a session was reused. (cherry picked from commit 1115fa0f6dbbff3a913fbce39ca98f9a78425c72) Bug: 28751153 Change-Id: Ie82e4d1bb326d7e7deb7981a1e57df393f6c0e1f (cherry picked from commit 91f9851)
1 parent 1f1ef09 commit 30d2012

File tree

3 files changed

+16
-2
lines changed

3 files changed

+16
-2
lines changed

crypto/src/main/java/org/conscrypt/NativeCrypto.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -945,6 +945,8 @@ public static native void SSL_set_session(long sslNativePointer, long sslSession
945945
public static native void SSL_set_session_creation_enabled(
946946
long sslNativePointer, boolean creationEnabled) throws SSLException;
947947

948+
public static native boolean SSL_session_reused(long sslNativePointer);
949+
948950
public static native void SSL_set_tlsext_host_name(long sslNativePointer, String hostname)
949951
throws SSLException;
950952
public static native String SSL_get_servername(long sslNativePointer);

crypto/src/main/java/org/conscrypt/OpenSSLSocketImpl.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -411,8 +411,7 @@ private void checkOpen() throws SocketException {
411411
wrapper.initCause(e);
412412
throw wrapper;
413413
}
414-
byte[] sessionId = NativeCrypto.SSL_SESSION_session_id(sslSessionNativePointer);
415-
if (sessionToReuse != null && Arrays.equals(sessionToReuse.getId(), sessionId)) {
414+
if (sessionToReuse != null && NativeCrypto.SSL_session_reused(sslNativePointer)) {
416415
this.sslSession = sessionToReuse;
417416
sslSession.lastAccessedTime = System.currentTimeMillis();
418417
NativeCrypto.SSL_SESSION_free(sslSessionNativePointer);

crypto/src/main/native/org_conscrypt_NativeCrypto.cpp

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6742,6 +6742,18 @@ static void NativeCrypto_SSL_set_session_creation_enabled(JNIEnv* env, jclass,
67426742
SSL_set_session_creation_enabled(ssl, creation_enabled);
67436743
}
67446744

6745+
static jboolean NativeCrypto_SSL_session_reused(JNIEnv* env, jclass, jlong ssl_address) {
6746+
SSL* ssl = to_SSL(env, ssl_address, true);
6747+
JNI_TRACE("ssl=%p NativeCrypto_SSL_session_reused", ssl);
6748+
if (ssl == nullptr) {
6749+
return JNI_FALSE;
6750+
}
6751+
6752+
int reused = SSL_session_reused(ssl);
6753+
JNI_TRACE("ssl=%p NativeCrypto_SSL_session_reused => %d", ssl, reused);
6754+
return reused == 1 ? JNI_TRUE : JNI_FALSE;
6755+
}
6756+
67456757
static void NativeCrypto_SSL_set_tlsext_host_name(JNIEnv* env, jclass,
67466758
jlong ssl_address, jstring hostname)
67476759
{
@@ -8161,6 +8173,7 @@ static JNINativeMethod sNativeCryptoMethods[] = {
81618173
NATIVE_METHOD(NativeCrypto, SSL_set_verify, "(JI)V"),
81628174
NATIVE_METHOD(NativeCrypto, SSL_set_session, "(JJ)V"),
81638175
NATIVE_METHOD(NativeCrypto, SSL_set_session_creation_enabled, "(JZ)V"),
8176+
NATIVE_METHOD(NativeCrypto, SSL_session_reused, "(J)Z"),
81648177
NATIVE_METHOD(NativeCrypto, SSL_set_tlsext_host_name, "(JLjava/lang/String;)V"),
81658178
NATIVE_METHOD(NativeCrypto, SSL_get_servername, "(J)Ljava/lang/String;"),
81668179
NATIVE_METHOD(NativeCrypto, SSL_do_handshake, "(J" FILE_DESCRIPTOR SSL_CALLBACKS "IZ[B[B)I"),

0 commit comments

Comments
 (0)