JSSE: generate pseudo session ID if session tickets are being used

cconlon · cconlon · commit 2e899cc64de0 · 2022-04-08T16:33:02.000-06:00
diff --git a/src/java/com/wolfssl/WolfSSLSession.java b/src/java/com/wolfssl/WolfSSLSession.java
@@ -65,6 +65,9 @@ public class WolfSSLSession {
     private WolfSSLIORecvCallback internRecvSSLCb;
     private WolfSSLIOSendCallback internSendSSLCb;
 
+    /* have session tickets been enabled for this session? */
+    private boolean sessionTicketsEnabled = true;
+
     /* is this context active, or has it been freed? */
     private boolean active = false;
 
@@ -2720,10 +2723,33 @@ public int useSNI(byte type, byte[] data) throws IllegalStateException {
      */
     public int useSessionTicket() throws IllegalStateException {
 
+        int ret;
+
+        if (this.active == false)
+            throw new IllegalStateException("Object has been freed");
+
+        ret = useSessionTicket(getSessionPtr());
+        if (ret == WolfSSL.SSL_SUCCESS) {
+            this.sessionTicketsEnabled = true;
+        }
+
+        return ret;
+    }
+
+    /**
+     * Determine if session tickets have been enabled for this session.
+     * Session tickets can be enabled for this session by calling
+     * WolfSSLSession.useSessionTicket().
+     *
+     * @return true if enabled, otherwise false.
+     * @throws IllegalStateException WolfSSLSession has been freed
+     */
+    public boolean sessionTicketsEnabled() throws IllegalStateException {
+
         if (this.active == false)
             throw new IllegalStateException("Object has been freed");
 
-        return useSessionTicket(getSessionPtr());
+        return this.sessionTicketsEnabled;
     }
 
     /**
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
@@ -137,7 +137,9 @@ public synchronized byte[] getId() {
             return new byte[0];
         }
         try {
-            if (this.ssl.getVersion().equals("TLSv1.3")) {
+            /* use pseudo session ID if session tickets are being used */
+            if (this.ssl.getVersion().equals("TLSv1.3") ||
+                this.ssl.sessionTicketsEnabled()) {
                  return this.pseudoSessionID;
             }
             else {

Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,9 @@ public synchronized byte[] getId() {`
`137`	`137`	`return new byte[0];`
`138`	`138`	`}`
`139`	`139`	`try {`
`140`		`- if (this.ssl.getVersion().equals("TLSv1.3")) {`
	`140`	`+ /* use pseudo session ID if session tickets are being used */`
	`141`	`+ if (this.ssl.getVersion().equals("TLSv1.3") \|\|`
	`142`	`+ this.ssl.sessionTicketsEnabled()) {`
`141`	`143`	`return this.pseudoSessionID;`
`142`	`144`	`}`
`143`	`145`	`else {`