Skip to content

Commit 711a540

Browse files
rlm2002rlm2002
committed
removed duplicate call to useSNI, check session if != null for cached SNI name if not set through parameters
1 parent e86fe01 commit 711a540

2 files changed

Lines changed: 22 additions & 26 deletions

File tree

src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -411,27 +411,6 @@ else if (!sessionCipherSuiteAvailable(
411411

412412
ses.isFromTable = true;
413413

414-
/* Check if the session has stored SNI server names */
415-
List<SNIServerName> sniNames = ses.getSNIServerNames();
416-
if (sniNames != null && !sniNames.isEmpty()) {
417-
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
418-
() -> "Found SNI server names in cached session");
419-
420-
/* Apply SNI settings to the SSL connection */
421-
for (SNIServerName name : sniNames) {
422-
if (name instanceof SNIHostName) {
423-
String hostName = ((SNIHostName)name).getAsciiName();
424-
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
425-
() -> "Applying SNI hostname for resumption: " +
426-
hostName);
427-
428-
/* Set the SNI directly on the SSL object */
429-
ssl.useSNI((byte)WolfSSL.WOLFSSL_SNI_HOST_NAME,
430-
hostName.getBytes(StandardCharsets.UTF_8));
431-
}
432-
}
433-
}
434-
435414
if (ses.resume(ssl) != WolfSSL.SSL_SUCCESS) {
436415
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
437416
() -> "native wolfSSL_set_session() failed, " +

src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java

Lines changed: 22 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1122,25 +1122,38 @@ else if (this.clientMode) {
11221122

11231123
/* Explicitly set if user has set through SSLParameters. Check
11241124
* wolfSSL-specific server names first, then fall back to standard
1125-
* SSLParameters server names (set via parent setServerNames()). */
1125+
* SSLParameters server names (set via parent setServerNames()).
1126+
* If neither have been set and session is being resumed, check
1127+
* cached SNI */
1128+
boolean sniSet = false;
11261129
List<WolfSSLSNIServerName> names =
11271130
this.params.getWolfSSLServerNames();
11281131
List<SNIServerName> parentNames =
11291132
this.params.getServerNames();
1133+
List<SNIServerName> sniServerNames =
1134+
(this.session == null) ? null :
1135+
this.session.getSNIServerNames();
11301136
if (names != null && !names.isEmpty()) {
11311137
WolfSSLSNIServerName sni = names.get(0);
11321138
if (sni != null) {
11331139
this.ssl.useSNI((byte)sni.getType(), sni.getEncoded());
1140+
sniSet = true;
11341141
}
11351142
} else if (parentNames != null && !parentNames.isEmpty()) {
11361143
SNIServerName sni = parentNames.get(0);
11371144
if (sni != null) {
11381145
this.ssl.useSNI((byte)sni.getType(), sni.getEncoded());
1146+
sniSet = true;
1147+
}
1148+
} else if (sniServerNames != null && !sniServerNames.isEmpty()) {
1149+
SNIServerName sni = sniServerNames.get(0);
1150+
if (sni != null) {
1151+
this.ssl.useSNI((byte)sni.getType(), sni.getEncoded());
1152+
sniSet = true;
11391153
}
11401154
}
11411155

1142-
if ((names == null || names.isEmpty()) &&
1143-
(parentNames == null || parentNames.isEmpty()) && autoSNI) {
1156+
if (!sniSet && autoSNI) {
11441157
if (this.peerAddr != null && this.jdkTlsTrustNameService) {
11451158
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
11461159
() -> "setting SNI extension with " +
@@ -1173,10 +1186,14 @@ else if (this.clientMode) {
11731186
() -> "hostname and peerAddr are null, " +
11741187
"not setting SNI");
11751188
}
1189+
} else if (sniSet) {
1190+
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
1191+
() -> "SNI configured through SSLParameters " +
1192+
"or session resumption");
11761193
} else {
11771194
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
1178-
() -> "No SNI configured through SSLParameters, " +
1179-
"not setting SNI");
1195+
() -> "No SNI configured through SSLParameters " +
1196+
"or session resumption, not setting SNI");
11801197
}
11811198
}
11821199
}

0 commit comments

Comments
 (0)