WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

JSSE: WolfSSLEngineHelper.setLocalServerNames() - get System/Security properties on class creation to avoid potential thread contention during handshake

pull/273/head
Chris Conlon 2025-06-09 17:22:29 -06:00
parent 9ee4cadde7
commit d2bb9d64d2
2 changed files with 29 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
View File

@ -60,6 +60,12 @@ import com.wolfssl.WolfSSLJNIException;
* @author wolfSSL
*/
public class WolfSSLEngineHelper {
/* Cache system and security properties to reduce thread contention */
private boolean jsseEnableSniExtension;
private boolean jdkTlsTrustNameService;
private boolean wolfjsseAutoSni;
private volatile WolfSSLSession ssl = null;
private WolfSSLImplementSSLSession session = null;
private WolfSSLParameters params = null;
@ -105,6 +111,19 @@ public class WolfSSLEngineHelper {
* global reference allows the Java object to be garbage collected. */
private WolfSSLInternalVerifyCb wicb = null;
/**
* Private helper method to get System and Security properties.
* Called once up front by constructor.
*/
private void getSystemAndSecurityProperties() {
this.jsseEnableSniExtension =
checkBooleanProperty("jsse.enableSNIExtension", true);
this.jdkTlsTrustNameService =
checkBooleanProperty("jdk.tls.trustNameService", false);
this.wolfjsseAutoSni =
checkBooleanProperty("wolfjsse.autoSNI", false);
}
/**
* Always creates a new session
* @param ssl WOLFSSL session
@ -119,6 +138,8 @@ public class WolfSSLEngineHelper {
throw new WolfSSLException("Bad argument");
}
getSystemAndSecurityProperties();
this.ssl = ssl;
this.params = params;
this.authStore = store;
@ -144,6 +165,8 @@ public class WolfSSLEngineHelper {
throw new WolfSSLException("Bad argument");
}
getSystemAndSecurityProperties();
this.ssl = ssl;
this.params = params;
this.port = port;
@ -173,6 +196,8 @@ public class WolfSSLEngineHelper {
throw new WolfSSLException("Bad argument");
}
getSystemAndSecurityProperties();
this.ssl = ssl;
this.params = params;
this.port = port;
@ -887,21 +912,7 @@ public class WolfSSLEngineHelper {
* what String.
*/
private void setLocalServerNames() {
/* Do not add SNI if system property has been set to false */
boolean enableSNI =
checkBooleanProperty("jsse.enableSNIExtension", true);
/* Have we been instructed to trust the system name service for
* reverse DNS lookups? */
boolean trustNameService =
checkBooleanProperty("jdk.tls.trustNameService", false);
/*
* Check if automatic SNI setting is enabled via Security property.
* This allows users to enable legacy hostname-based SNI behavior
* through java.security configuration rather than JVM arguments. */
boolean autoSNI = "true".equalsIgnoreCase(
Security.getProperty("wolfjsse.autoSNI"));
boolean autoSNI = this.wolfjsseAutoSni;
/* Detect HttpsURLConnection usage by checking:
* - Client mode is set (client-side connection)
@ -919,7 +930,7 @@ public class WolfSSLEngineHelper {
* HttpsURLConnection is detected */
autoSNI = autoSNI || isHttpsConnection;
if (!enableSNI) {
if (!this.jsseEnableSniExtension) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
() -> "jsse.enableSNIExtension property set to false, " +
"not adding SNI to ClientHello");
@ -938,7 +949,7 @@ public class WolfSSLEngineHelper {
this.ssl.useSNI((byte)sni.getType(), sni.getEncoded());
}
} else if (autoSNI) {
if (this.peerAddr != null && trustNameService) {
if (this.peerAddr != null && this.jdkTlsTrustNameService) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
() -> "setting SNI extension with " +
"InetAddress.getHostName(): " +