Re: MINA 2.1 vs MINA 2.2 API differences

Mon, 17 Jan 2022 06:10:06 -0800 

Emmanuel,

The access of the SslSession was moved into an AttributeKey which is set
BEFORE the SECURED event is fired.  This was done to help improve best
practices for when this object is accessible.  Your application can listen
for the SECURED event then read the AttributeKey to obtain the SslSession.

https://github.com/apache/mina/blob/660ab2375b4b47b5ebe86226c92f3138be4c96e8/mina-core/src/main/java/org/apache/mina/filter/ssl/SSLFilter.java#L56

Since the state of SslSession is tied to actually connecting, it is really
only valid from a flow process after the first handshake is completed.  The
AttributeKey also doubles in meaning that, if present, the session is
secured.

The option to manually set UseClientMode was removed to help prevent
accidental incorrect usage.  Is there a specific reason you would like that
back?

On Mon, Jan 17, 2022 at 8:49 AM Emmanuel Lécharny <elecha...@gmail.com>
wrote:

>
>
> On 17/01/2022 14:17, Emmanuel Lécharny wrote:
> > Hi Jonathan,
> >
> > I'm testing MINA 2.2 in Apache Directory, and there are two API
> > differences :
> >
> > - The SslSession is not anymore present in the IoSession attributes. Is
> > there any reason for the removal ?
>
> To clarify, we need this information in the Directory server:
>
>      /**
>       * {@inheritDoc}
>       */
>      public byte[] evaluateResponse( byte[] initialResponse ) throws
> SaslException
>      {
>          try
>          {
>              SSLSession sslSession = ( SSLSession )
> getLdapSession().getIoSession().getAttribute( SslFilter.SSL_SESSION );
>              Certificate[] peerCertificates =
> sslSession.getPeerCertificates();
>
>              if ( null == peerCertificates || 1 > peerCertificates.length )
>              {
>                  throw new SaslException( "No peer certificate provided
> - cancel bind." );
>              }
>
>              getLdapSession().setCoreSession( authenticate(
> peerCertificates[0] ) );
>              state = NegotiationState.COMPLETED;
>          }
>
> --
> Emmanuel Lécharny
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
> For additional commands, e-mail: dev-h...@mina.apache.org
>
>

Reply via email to