I had the same issue, both sessionCreated and sessionOpened are called before
the ssl handshake is complete - this is handled by the filter as data is
received after the session is opened.
I resolved it by blocking :p in the sessionOpened call back, waiting for some
timeout. Not sure if it will work for you though - depends on your threading
model.
public void sessionOpened(IoSession session) throws Exception {
IoFilter filter = session.getFilterChain().get(this.sslFilterName);
if (isUseTLS() && filter instanceof SslFilter) {
logger.debug("Waiting for client {0} to initiate handshake",
session);
Timeout clientMustInitateHandshake = new
Timeout(this.HANDSHAKE_TIMEOUT_MS);
while (null == session.getAttribute(SslFilter.SSL_SESSION) &&
!clientMustInitateHandshake.isTimedout()) {
Thread.sleep(5L);
}
SSLSession sslSession = (SSLSession)
session.getAttribute(SslFilter.SSL_SESSION);
if (null == sslSession) {
logger.warning("The client {1} did not initiate the TLS
handshake within timeout {0}", null,
this.HANDSHAKE_TIMEOUT_MS, session);
throw new javax.net.ssl.SSLHandshakeException(
"Client did not initiate TLS handshake in a timely
fashion. SSL handshake failed.");
} else {
Certificate[] certificates = sslSession.getPeerCertificates();
... Snip ...
Hope this helps.
--
Daniel Berg
-----Opprinnelig melding-----
Fra: Cédric LUCAS [mailto:[email protected]]
Sendt: 23. juni 2009 15:52
Til: [email protected]
Emne: RE: retrieve SSLSession to check the client certificate validity
Thanks for the reply. But this does not work either :(.
Any other suggestion?
----------
From : Emmanuel Lecharny
Re: retrieve SSLSession to check the client certificate validity
Cédric LUCAS wrote:
> Hello,
>
Hi Cédric,
> Then, I bind a handler to this IOAcceptor, and I try to retrieve the
> javax.net.ssl.SSLSession in the sessionCreated() method of the handler, doing
> this:
>
Not sure that the SSLSession is injected into the session's attribute when the
sessionCreated event is received. Can you check the very same but on the
sessionOpened event ?
