Use SSL_session_reused to check when a session was reused
The returned session_id could be exactly the same in the case of TLS
session tickets, so use the SSL_session_reused API to determine exactly
when a session was reused.
(cherry picked from commit 1115fa0f6dbbff3a913fbce39ca98f9a78425c72)
Bug: 28751153
Change-Id: Ie82e4d1bb326d7e7deb7981a1e57df393f6c0e1f
(cherry picked from commit 0b905f8ec8033b425ff581d96aef96a13b057d67)
diff --git a/src/main/java/org/conscrypt/NativeCrypto.java b/src/main/java/org/conscrypt/NativeCrypto.java
index 264901f..0633e98 100644
--- a/src/main/java/org/conscrypt/NativeCrypto.java
+++ b/src/main/java/org/conscrypt/NativeCrypto.java
@@ -1011,6 +1011,8 @@
public static native void SSL_set_session_creation_enabled(
long sslNativePointer, boolean creationEnabled) throws SSLException;
+ public static native boolean SSL_session_reused(long sslNativePointer);
+
public static native void SSL_set_reject_peer_renegotiations(
long sslNativePointer, boolean renegotiationRejected) throws SSLException;
diff --git a/src/main/java/org/conscrypt/SSLParametersImpl.java b/src/main/java/org/conscrypt/SSLParametersImpl.java
index 0101935..312f923 100644
--- a/src/main/java/org/conscrypt/SSLParametersImpl.java
+++ b/src/main/java/org/conscrypt/SSLParametersImpl.java
@@ -588,8 +588,7 @@
final OpenSSLSessionImpl sessionToReuse, String hostname, int port,
boolean handshakeCompleted) throws IOException {
OpenSSLSessionImpl sslSession = null;
- byte[] sessionId = NativeCrypto.SSL_SESSION_session_id(sslSessionNativePointer);
- if (sessionToReuse != null && Arrays.equals(sessionToReuse.getId(), sessionId)) {
+ if (sessionToReuse != null && NativeCrypto.SSL_session_reused(sslNativePointer)) {
sslSession = sessionToReuse;
sslSession.lastAccessedTime = System.currentTimeMillis();
NativeCrypto.SSL_SESSION_free(sslSessionNativePointer);
diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp
index 6c68750..fe08d7c 100644
--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp
@@ -8895,6 +8895,18 @@
#endif
}
+static jboolean NativeCrypto_SSL_session_reused(JNIEnv* env, jclass, jlong ssl_address) {
+ SSL* ssl = to_SSL(env, ssl_address, true);
+ JNI_TRACE("ssl=%p NativeCrypto_SSL_session_reused", ssl);
+ if (ssl == nullptr) {
+ return JNI_FALSE;
+ }
+
+ int reused = SSL_session_reused(ssl);
+ JNI_TRACE("ssl=%p NativeCrypto_SSL_session_reused => %d", ssl, reused);
+ return reused == 1 ? JNI_TRUE : JNI_FALSE;
+}
+
static void NativeCrypto_SSL_set_reject_peer_renegotiations(JNIEnv* env, jclass,
jlong ssl_address, jboolean reject_renegotiations)
{
@@ -10844,6 +10856,7 @@
NATIVE_METHOD(NativeCrypto, SSL_set_verify, "(JI)V"),
NATIVE_METHOD(NativeCrypto, SSL_set_session, "(JJ)V"),
NATIVE_METHOD(NativeCrypto, SSL_set_session_creation_enabled, "(JZ)V"),
+ NATIVE_METHOD(NativeCrypto, SSL_session_reused, "(J)Z"),
NATIVE_METHOD(NativeCrypto, SSL_set_reject_peer_renegotiations, "(JZ)V"),
NATIVE_METHOD(NativeCrypto, SSL_set_tlsext_host_name, "(JLjava/lang/String;)V"),
NATIVE_METHOD(NativeCrypto, SSL_get_servername, "(J)Ljava/lang/String;"),