Thanks for this. However, I didn't modify the thread model and maybe that's why it doesn't work: I disabled the Timeout (as I don't know where this class is from). But it just blocked indefinitely. Moreover, I think there should be a way to do this in a cleaner way. These replies gave me an idea: I tried to put the validity check in the sessionOpened(NextFilter nextFilter, IoSession session) method of my SSLFilter. However, this doesn't work either.
Does someone have a non-blocking solution to share? -----Message d'origine----- De : Berg, Daniel [mailto:[email protected]] Envoyé : mardi 23 juin 2009 16:02 À : [email protected] Objet : SV: retrieve SSLSession to check the client certificate validity I had the same issue, both sessionCreated and sessionOpened are called before the ssl handshake is complete - this is handled by the filter as data is received after the session is opened. I resolved it by blocking :p in the sessionOpened call back, waiting for some timeout. Not sure if it will work for you though - depends on your threading model. public void sessionOpened(IoSession session) throws Exception { IoFilter filter = session.getFilterChain().get(this.sslFilterName); if (isUseTLS() && filter instanceof SslFilter) { logger.debug("Waiting for client {0} to initiate handshake", session); Timeout clientMustInitateHandshake = new Timeout(this.HANDSHAKE_TIMEOUT_MS); while (null == session.getAttribute(SslFilter.SSL_SESSION) && !clientMustInitateHandshake.isTimedout()) { Thread.sleep(5L); } SSLSession sslSession = (SSLSession) session.getAttribute(SslFilter.SSL_SESSION); if (null == sslSession) { logger.warning("The client {1} did not initiate the TLS handshake within timeout {0}", null, this.HANDSHAKE_TIMEOUT_MS, session); throw new javax.net.ssl.SSLHandshakeException( "Client did not initiate TLS handshake in a timely fashion. SSL handshake failed."); } else { Certificate[] certificates = sslSession.getPeerCertificates(); ... Snip ... Hope this helps. -- Daniel Berg -----Opprinnelig melding----- Fra: Cédric LUCAS [mailto:[email protected]] Sendt: 23. juni 2009 15:52 Til: [email protected] Emne: RE: retrieve SSLSession to check the client certificate validity Thanks for the reply. But this does not work either :(. Any other suggestion? ---------- From : Emmanuel Lecharny Re: retrieve SSLSession to check the client certificate validity Cédric LUCAS wrote: > Hello, > Hi Cédric, > Then, I bind a handler to this IOAcceptor, and I try to retrieve the > javax.net.ssl.SSLSession in the sessionCreated() method of the handler, doing > this: > Not sure that the SSLSession is injected into the session's attribute when the sessionCreated event is received. Can you check the very same but on the sessionOpened event ?
