JeremiahM37
diff --git a/‎native/com_wolfssl_WolfSSLSession.c‎
Lines changed: 4 additions & 4 deletions b/‎native/com_wolfssl_WolfSSLSession.c‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/java/com/wolfssl/WolfSSLCertManager.java‎
Lines changed: 2 additions & 1 deletion b/‎src/java/com/wolfssl/WolfSSLCertManager.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java‎
Lines changed: 16 additions & 6 deletions b/‎src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java‎
Lines changed: 16 additions & 6 deletions
diff --git a/‎src/java/com/wolfssl/provider/jsse/WolfSSLContext.java‎
Lines changed: 2 additions & 2 deletions b/‎src/java/com/wolfssl/provider/jsse/WolfSSLContext.java‎
Lines changed: 2 additions & 2 deletions
@@ -2761,11 +2761,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_sendHrrCookie
 JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSLSession_getDtlsMacDropCount
   (JNIEnv* jenv, jobject jcl, jlong sslPtr)
 {
+    word32 dropCount = 0;
+
     (void)jenv;
     (void)jcl;
     (void)sslPtr;
-
-    word32 dropCount = 0;
 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_DROP_STATS)
     int ret = 0;
     WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr;
@@ -2782,11 +2782,11 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSLSession_getDtlsMacDropCount
 JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSLSession_getDtlsReplayDropCount
   (JNIEnv* jenv, jobject jcl, jlong sslPtr)
 {
+    word32 dropCount = 0;
+
     (void)jenv;
     (void)jcl;
     (void)sslPtr;
-
-    word32 dropCount = 0;
 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_DROP_STATS)
     int ret = 0;
     WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr;
 
@@ -179,7 +179,8 @@ public synchronized int CertManagerLoadCAKeyStore(KeyStore ks)
                     cert = (X509Certificate) ks.getCertificate(name);
                 }
 
-                if (cert != null && cert.getBasicConstraints() >= 0) {
+                if (cert != null && (cert.getBasicConstraints() >= 0 ||
+                        WolfSSL.trustPeerCertEnabled())) {
                     ret = CertManagerLoadCABuffer(cert.getEncoded(),
                             cert.getEncoded().length,
                             WolfSSL.SSL_FILETYPE_ASN1);
 
@@ -331,8 +331,9 @@ protected WolfSSLImplementSSLSession getSession(
             return null;
         }
 
-        /* Return new session if in server mode, or if host is null */
-        if (!clientMode || host == null) {
+        /* Unknown port (-1) is a valid SSLEngine host hint.
+         * Skip cache keying. */
+        if (!clientMode || host == null || port < 0) {
             return this.getSession(ssl, clientMode, host, port);
         }
 
@@ -758,14 +759,24 @@ protected void updateTimeouts(int in, int side) {
                     diff = (now - current.creation.getTime()) / 1000;
 
                     if (diff < 0) {
-                    /* session is from the future ... */ //@TODO
+                    /* session is from the future ... */ /* TODO */
 
                     }
 
-                    if (in > 0 && diff > in) {
+                    if (in > 0 && diff >= in) {
+                        current.invalidate();
+                    }
+                    try {
+                        current.setNativeTimeout(in);
+                    } catch (IllegalStateException e) {
+                        /* Native WolfSSLSession has been freed,
+                         * invalidate this session entry */
+                        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                            () -> "Native session freed while updating " +
+                                "timeout, invalidating cache entry: " +
+                                e.getMessage());
                         current.invalidate();
                     }
-                    current.setNativeTimeout(in);
                 }
             }
         }
@@ -803,4 +814,3 @@ protected synchronized void finalize() throws Throwable {
         super.finalize();
     }
 }
-
 
@@ -488,7 +488,7 @@ protected SSLEngine engineCreateSSLEngine()
         try {
             return new WolfSSLEngine(this.ctx, this.authStore, this.params);
         } catch (WolfSSLException ex) {
-            throw new IllegalStateException("Unable to create engine");
+            throw new IllegalStateException("Unable to create engine", ex);
         }
     }
 
@@ -516,7 +516,7 @@ protected SSLEngine engineCreateSSLEngine(String host, int port)
             return new WolfSSLEngine(this.ctx, this.authStore, this.params,
                 host, port);
         } catch (WolfSSLException ex) {
-            throw new IllegalStateException("Unable to create engine");
+            throw new IllegalStateException("Unable to create engine", ex);
         }
     }
Original file line number	Diff line number	Diff line change
`@@ -179,7 +179,8 @@ public synchronized int CertManagerLoadCAKeyStore(KeyStore ks)`
`179`	`179`	`cert = (X509Certificate) ks.getCertificate(name);`
`180`	`180`	`}`
`181`	`181`
`182`		`- if (cert != null && cert.getBasicConstraints() >= 0) {`
	`182`	`+ if (cert != null && (cert.getBasicConstraints() >= 0 \|\|`
	`183`	`+ WolfSSL.trustPeerCertEnabled())) {`
`183`	`184`	`ret = CertManagerLoadCABuffer(cert.getEncoded(),`
`184`	`185`	`cert.getEncoded().length,`
`185`	`186`	`WolfSSL.SSL_FILETYPE_ASN1);`
Original file line number	Diff line number	Diff line change
`@@ -331,8 +331,9 @@ protected WolfSSLImplementSSLSession getSession(`
`331`	`331`	`return null;`
`332`	`332`	`}`
`333`	`333`
`334`		`- /* Return new session if in server mode, or if host is null */`
`335`		`- if (!clientMode \|\| host == null) {`
	`334`	`+ /* Unknown port (-1) is a valid SSLEngine host hint.`
	`335`	`+ * Skip cache keying. */`
	`336`	`+ if (!clientMode \|\| host == null \|\| port < 0) {`
`336`	`337`	`return this.getSession(ssl, clientMode, host, port);`
`337`	`338`	`}`
`338`	`339`
`@@ -758,14 +759,24 @@ protected void updateTimeouts(int in, int side) {`
`758`	`759`	`diff = (now - current.creation.getTime()) / 1000;`
`759`	`760`
`760`	`761`	`if (diff < 0) {`
`761`		`- /* session is from the future ... */ //@TODO`
	`762`	`+ /* session is from the future ... / / TODO */`
`762`	`763`
`763`	`764`	`}`
`764`	`765`
`765`		`- if (in > 0 && diff > in) {`
	`766`	`+ if (in > 0 && diff >= in) {`
	`767`	`+ current.invalidate();`
	`768`	`+ }`
	`769`	`+ try {`
	`770`	`+ current.setNativeTimeout(in);`
	`771`	`+ } catch (IllegalStateException e) {`
	`772`	`+ /* Native WolfSSLSession has been freed,`
	`773`	`+ * invalidate this session entry */`
	`774`	`+ WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,`
	`775`	`+ () -> "Native session freed while updating " +`
	`776`	`+ "timeout, invalidating cache entry: " +`
	`777`	`+ e.getMessage());`
`766`	`778`	`current.invalidate();`
`767`	`779`	`}`
`768`		`- current.setNativeTimeout(in);`
`769`	`780`	`}`
`770`	`781`	`}`
`771`	`782`	`}`
`@@ -803,4 +814,3 @@ protected synchronized void finalize() throws Throwable {`
`803`	`814`	`super.finalize();`
`804`	`815`	`}`
`805`	`816`	`}`
`806`		`-`
Original file line number	Diff line number	Diff line change
`@@ -488,7 +488,7 @@ protected SSLEngine engineCreateSSLEngine()`
`488`	`488`	`try {`
`489`	`489`	`return new WolfSSLEngine(this.ctx, this.authStore, this.params);`
`490`	`490`	`} catch (WolfSSLException ex) {`
`491`		`- throw new IllegalStateException("Unable to create engine");`
	`491`	`+ throw new IllegalStateException("Unable to create engine", ex);`
`492`	`492`	`}`
`493`	`493`	`}`
`494`	`494`
`@@ -516,7 +516,7 @@ protected SSLEngine engineCreateSSLEngine(String host, int port)`
`516`	`516`	`return new WolfSSLEngine(this.ctx, this.authStore, this.params,`
`517`	`517`	`host, port);`
`518`	`518`	`} catch (WolfSSLException ex) {`
`519`		`- throw new IllegalStateException("Unable to create engine");`
	`519`	`+ throw new IllegalStateException("Unable to create engine", ex);`
`520`	`520`	`}`
`521`	`521`	`}`
`522`	`522`