JSSE: generate pseudo session ID if session tickets are being used

2022-04-08 16:33:02 -06:00 · 2022-04-08 16:33:02 -06:00 · 2e899cc64d
parent 0b6b7393a4
commit 2e899cc64d
2 changed files with 30 additions and 2 deletions
--- a/src/java/com/wolfssl/WolfSSLSession.java
+++ b/src/java/com/wolfssl/WolfSSLSession.java
@ -65,6 +65,9 @@ public class WolfSSLSession {
    private WolfSSLIORecvCallback internRecvSSLCb;
    private WolfSSLIOSendCallback internSendSSLCb;

+    /* have session tickets been enabled for this session? */
+    private boolean sessionTicketsEnabled = true;
+
    /* is this context active, or has it been freed? */
    private boolean active = false;

@ -2720,10 +2723,33 @@ public class WolfSSLSession {
     */
    public int useSessionTicket() throws IllegalStateException {

+        int ret;
+
        if (this.active == false)
            throw new IllegalStateException("Object has been freed");

-        return useSessionTicket(getSessionPtr());
+        ret = useSessionTicket(getSessionPtr());
+        if (ret == WolfSSL.SSL_SUCCESS) {
+            this.sessionTicketsEnabled = true;
+        }
+
+        return ret;
+    }
+
+    /**
+     * Determine if session tickets have been enabled for this session.
+     * Session tickets can be enabled for this session by calling
+     * WolfSSLSession.useSessionTicket().
+     *
+     * @return true if enabled, otherwise false.
+     * @throws IllegalStateException WolfSSLSession has been freed
+     */
+    public boolean sessionTicketsEnabled() throws IllegalStateException {
+
+        if (this.active == false)
+            throw new IllegalStateException("Object has been freed");
+
+        return this.sessionTicketsEnabled;
    }

    /**
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
@ -137,7 +137,9 @@ public class WolfSSLImplementSSLSession implements SSLSession {
            return new byte[0];
        }
        try {
-            if (this.ssl.getVersion().equals("TLSv1.3")) {
+            /* use pseudo session ID if session tickets are being used */
+            if (this.ssl.getVersion().equals("TLSv1.3") ||
+                this.ssl.sessionTicketsEnabled()) {
                 return this.pseudoSessionID;
            }
            else {