WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #255 from gasbytes/ResumeTLS13withSNI-patch 

Fix TLS 1.3 session resumption to preserve SNI extension
pull/256/head
Chris Conlon 2025-03-12 10:23:19 -06:00 committed by GitHub
parent ad23ac20e9 fd143de8bb
commit 95bedabeb2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java
View File

@ -27,6 +27,8 @@ import com.wolfssl.WolfSSL.TLS_VERSION;
import com.wolfssl.WolfSSLSession; import com.wolfssl.WolfSSLSession;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.X509KeyManager; import javax.net.ssl.X509KeyManager;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager; import javax.net.ssl.X509TrustManager;
@ -399,6 +401,25 @@ public class WolfSSLAuthStore {
ses.isFromTable = true; ses.isFromTable = true;
/* Check if the session has stored SNI server names */
List<SNIServerName> sniNames = ses.getSNIServerNames();
if (sniNames != null && !sniNames.isEmpty()) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"Found SNI server names in cached session");
/* Apply SNI settings to the SSL connection */
for (SNIServerName name : sniNames) {
if (name instanceof SNIHostName) {
String hostName = ((SNIHostName)name).getAsciiName();
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"Applying SNI hostname for resumption: " + hostName);
/* Set the SNI directly on the SSL object */
ssl.useSNI((byte)WolfSSL.WOLFSSL_SNI_HOST_NAME, hostName.getBytes());
}
}
}
if (ses.resume(ssl) != WolfSSL.SSL_SUCCESS) { if (ses.resume(ssl) != WolfSSL.SSL_SUCCESS) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"native wolfSSL_set_session() failed, " + "native wolfSSL_set_session() failed, " +

11
src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java
View File

@ -2073,6 +2073,17 @@ public class WolfSSLEngine extends SSLEngine {
"entered setSSLParameters()"); "entered setSSLParameters()");
if (params != null) { if (params != null) {
WolfSSLParametersHelper.importParams(params, this.params); WolfSSLParametersHelper.importParams(params, this.params);
/* Store SNI server names in the session for potential resumption */
if (params.getServerNames() != null && !params.getServerNames().isEmpty()) {
WolfSSLImplementSSLSession session =
(WolfSSLImplementSSLSession)this.getSession();
if (session != null) {
session.setSNIServerNames(params.getServerNames());
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"Captured SNI server names for session caching");
}
}
} }
} }

41
src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
View File

@ -115,6 +115,31 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession
* in resumption cases. */ * in resumption cases. */
private static final Object sesPtrLock = new Object(); private static final Object sesPtrLock = new Object();
/**
* Stored SNI server names from original session, used during resumption
*/
private List<SNIServerName> sniServerNames = null;
/**
* Store SNI server names for this session for later resumption
* @param serverNames list of SNI server names to store
*/
public synchronized void setSNIServerNames(List<SNIServerName> serverNames) {
if (serverNames != null && !serverNames.isEmpty()) {
this.sniServerNames = new ArrayList<>(serverNames);
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"Stored SNI server names for session resumption");
}
}
/**
* Get stored SNI server names for this session
* @return list of stored SNI server names, may be null
*/
public synchronized List<SNIServerName> getSNIServerNames() {
return this.sniServerNames;
}
/** /**
* Create new WolfSSLImplementSSLSession * Create new WolfSSLImplementSSLSession
* *
@ -846,13 +871,27 @@ public class WolfSSLImplementSSLSession extends ExtendedSSLSession
* Update internally-stored session values. * Update internally-stored session values.
*/ */
protected synchronized void updateStoredSessionValues() { protected synchronized void updateStoredSessionValues() {
try { try {
this.protocol = this.ssl.getVersion(); this.protocol = this.ssl.getVersion();
} catch (IllegalStateException | WolfSSLJNIException ex) { } catch (IllegalStateException | WolfSSLJNIException ex) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"Not able to update stored WOLFSSL protocol"); "Not able to update stored WOLFSSL protocol");
} }
/* Also store SNI server names if not already set */
if (this.sniServerNames == null || this.sniServerNames.isEmpty()) {
try {
List<SNIServerName> names = this.getRequestedServerNames();
if (names != null && !names.isEmpty()) {
this.sniServerNames = new ArrayList<>(names);
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"Extracted SNI server names from session");
}
} catch (UnsupportedOperationException ex) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"Error extracting SNI server names: " + ex.getMessage());
}
}
} }
/** /**