Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.0.6.CR1, 7.0.6.GA
Affects Version/s: 7.0.4.GA
Component/s: Undertow
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.0.z.GA
Git Pull Request:
https://github.com/undertow-io/undertow/commit/02affa436e8b2741706cd2624304bb44f4c6e11d

Sprint:
EAP 7.0.6

SFDC Cases Counter:
SFDC Cases Links:

SSLHeaderHandler strictly expects the SSL_SESSION_ID header to be present currently with a base64 encoded value. If the SSL_SESSION_ID header is not present, SSLHeaderHandler does nothing and no other ssl info headers are handled. If the SSL_SESSION_ID header does not contain a base64 value, then SSLHeaderHandler/BasicSSLSessionInfo fails the request with a RuntimeException. That can occur with httpd in front since httpd/mod_ssl/openssl can provide a ssl_session_id header value of (null).

This should be improved so that:

1. SSLHeaderHandler/BasicSSLSessionInfo does not fail requests with non-base64 SSL_SESSION_ID header values
2. SSLHeaderHandler still handles other ssl info headers regardless of SSL_SESSION_ID's presence or value

clones

JBEAP-9328 [GSS](7.1.0) SSLHeaderHandler should not require base64 SSL_SESSION_ID

Verified

is incorporated by

JBEAP-8650 (7.0.z) Upgrade undertow from 1.3.27.Final to 1.3.28.Final

Verified

is related to

UNDERTOW-1009 SSLHeaderHandler should not require base64 SSL_SESSION_ID

Resolved

Assignee:: Stuart Douglas

Reporter:: Panagiotis Sotiropoulos

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2017/03/21 9:42 AM

Updated:: 2021/10/24 5:20 AM

Resolved:: 2017/03/21 10:00 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates