cipherboy opened a new pull request #250: Fix semantics of get and set EnableSessionCreation URL: https://github.com/apache/tomcat/pull/250 Per the [javadocs for `SSLEngine`](https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLEngine.html#setEnableSessionCreation-boolean-), `setEnableSessionCreation` controls whether or not new sessions are allowed to be created, or whether this `SSLEngine` is restricted to resuming existing sessions. The default is `true`, i.e., allow new sessions to be created. Because the OpenSSL `SSLEngine` implementation does not limit the creation of new sessions, `getEnableSessionCreation` should always return `true`, not `false`, and the set operation should only yield an exception when the parameter is false. `Signed-off-by: Alexander Scheel <asch...@redhat.com>` --- I haven't looked for any existing BZs discussing this topic; the code also appears unused within Tomcat so this is mostly an implementation nit. This could potentially break existing code (if someone was calling `setEnableSessionCreation(false)`) -- but if they were truly expecting Tomcat's OpenSSL implementation to not create a new session, they'd be in for a surprise. This'd hopefully help them to fix their code (or better -- provide a PR adding this functionality if they truly need it). :-) I found this while working on JSS's SSLEngine and re-reading the semantics of both what Tomcat expects/does and what the javadocs say to do. Note: I'm not sure how StringManager works -- do I have to provide translations for the exception for other languages now? Hopefully this exception is sufficiently clear in case anyone does stumble across it: > OpenSslEngine does not permit restricting the engine to only resuming existing sessions
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
