Bug 29692 - SSLSocket.getSession() does not do an implicit handshake
Summary: SSLSocket.getSession() does not do an implicit handshake
Status: NEW
Alias: None
Product: classpath
Classification: Unclassified
Component: crypto (show other bugs)
Version: 0.92
: P3 normal
Target Milestone: ---
Assignee: Casey Marshall
Depends on:
Reported: 2006-11-02 20:46 UTC by Ville Skyttä
Modified: 2006-11-03 01:34 UTC (History)
1 user (show)

See Also:
Known to work:
Known to fail:
Last reconfirmed: 2006-11-03 01:34:48

Reproducer code sample (649 bytes, text/plain)
2006-11-02 20:48 UTC, Ville Skyttä

Note You need to log in before you can comment on or make changes to this bug.
Description Ville Skyttä 2006-11-02 20:46:43 UTC
According to http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/SSLSocket.html, SSLSocket.getSession() should set up a session and do an implicit handshake; however that does not appear to be the case with libgcj 4.1.1-30 of Fedora Core 6 (I assume that's classpath 0.92).

Trying to read certificates after an initial getSession() without an explicit handshake results in a "peer not verified" and if I understand the code correctly, no handshake is attempted under the hood.  This does not happen with any other crypto implementations that I'm aware of - instead, the documented implicit handshake is done.
Comment 1 Ville Skyttä 2006-11-02 20:48:37 UTC
Created attachment 12538 [details]
Reproducer code sample

This code should print the first certificate from the savannah.gnu.org SSL cerificate chain.  It does so with Sun's JVM, but with libgcj/classpath it fails with:

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not verified
   at gnu.javax.net.ssl.provider.Session.getPeerCertificates(libgcj.so.7rh)
   at SSLTest.main(SSLTest.java:41)
Comment 2 Casey Marshall 2006-11-03 01:34:47 UTC
Confirmed; I'm certain that we don't implement this behavior.

I think this should be relatively easy to implement this. I'll take a look when I get a moment.