This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 5d13b4091c Return null SSL session on zero length array
5d13b4091c is described below
commit 5d13b4091ccdcb7af17eb41bcbb8ebf7c55b793b
Author: remm <[email protected]>
AuthorDate: Mon Oct 7 11:13:27 2024 +0200
Return null SSL session on zero length array
---
java/org/apache/tomcat/util/net/jsse/JSSESupport.java | 2 +-
webapps/docs/changelog.xml | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
index 059cf7750c..d4438f66f4 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
@@ -170,7 +170,7 @@ public class JSSESupport implements SSLSupport,
SSLSessionManager {
}
// Expose ssl_session (getId)
byte [] ssl_session = session.getId();
- if ( ssl_session == null) {
+ if (ssl_session == null || ssl_session.length == 0) {
return null;
}
StringBuilder buf=new StringBuilder();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8e6055031d..8746cc4de4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -125,6 +125,14 @@
</scode>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Return null SSL session id on zero length byte array returned from the
+ SSL implementation. (remm)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 10.1.31 (schultz)" rtext="release in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
