https://issues.apache.org/bugzilla/show_bug.cgi?id=56458
Bug ID: 56458
Summary: session.isSecure() returning false when using SSL/TLS
Product: Tomcat 8
Version: 8.0.5
Hardware: Macintosh
Status: NEW
Severity: normal
Priority: P2
Component: WebSocket
Assignee: dev@tomcat.apache.org
Reporter: burr.clo...@gmail.com
I have a client Websocket endpoint in Tomcat and I'm trying to secure the
Websocket communication. I have my keystore, truststore and password
configurations done. I'm pretty sure that the underlying connection is secure
because:
1) On the machine running Tomcat, I have enabled SSL debugging with
System.setProperty("javax.net.debug", "ssl") and i can see the handshake
happening.
2) I have set the server Websocket endpoint (in Jetty) to accept upgrade
requests only if the connection is secure. And the request is accepted.
But the method session.isSecure() is always returning false.
While looking at the org.apache.tomcat.websocket.WsWebSocketContainer in the
method connectToServer(Endpoint endpoint, ClientEndpointConfig
clientEndpointConfiguration, URI path) I have seen that at line 362 a new
WsSession is created with the boolean value "false" instead of the private
variable "secure". I guess therein lies the problem.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
