netty
diff --git a/‎handler/src/main/java/io/netty/handler/ssl/JdkSslClientContext.java‎
Lines changed: 19 additions & 7 deletions b/‎handler/src/main/java/io/netty/handler/ssl/JdkSslClientContext.java‎
Lines changed: 19 additions & 7 deletions
diff --git a/‎handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java‎
Lines changed: 3 additions & 3 deletions b/‎handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java‎
Lines changed: 18 additions & 11 deletions b/‎handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java‎
Lines changed: 18 additions & 11 deletions
diff --git a/‎handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java‎
Lines changed: 6 additions & 5 deletions b/‎handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java‎
Lines changed: 6 additions & 3 deletions b/‎handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java‎
Lines changed: 9 additions & 6 deletions b/‎handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java‎
Lines changed: 9 additions & 6 deletions
@@ -176,7 +176,7 @@ public JdkSslClientContext(
                         long sessionCacheSize, long sessionTimeout) throws SSLException {
         super(newSSLContext(provider, toX509CertificatesInternal(trustCertCollectionFile),
                 trustManagerFactory, null, null,
-                null, null, sessionCacheSize, sessionTimeout, null, KeyStore.getDefaultType()), true,
+                null, null, sessionCacheSize, sessionTimeout, null, KeyStore.getDefaultType(), null), true,
                 ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
     }
 
@@ -260,7 +260,7 @@ public JdkSslClientContext(File trustCertCollectionFile, TrustManagerFactory tru
                 trustCertCollectionFile), trustManagerFactory,
                 toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
                 keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout,
-                        null, KeyStore.getDefaultType()), true,
+                        null, KeyStore.getDefaultType(), null), true,
                 ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
     }
 
@@ -269,21 +269,23 @@ public JdkSslClientContext(File trustCertCollectionFile, TrustManagerFactory tru
                         X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
                         KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
                         ApplicationProtocolConfig apn, String[] protocols, long sessionCacheSize, long sessionTimeout,
-                        SecureRandom secureRandom, String keyStoreType, String endpointIdentificationAlgorithm)
+                        SecureRandom secureRandom, String keyStoreType, String endpointIdentificationAlgorithm,
+                        ResumptionController resumptionController)
             throws SSLException {
         super(newSSLContext(sslContextProvider, trustCertCollection, trustManagerFactory,
                             keyCertChain, key, keyPassword, keyManagerFactory, sessionCacheSize,
-                            sessionTimeout, secureRandom, keyStoreType),
+                            sessionTimeout, secureRandom, keyStoreType, resumptionController),
                 true, ciphers, cipherFilter, toNegotiator(apn, false), ClientAuth.NONE, protocols, false,
-                endpointIdentificationAlgorithm);
+                endpointIdentificationAlgorithm, resumptionController);
     }
 
     private static SSLContext newSSLContext(Provider sslContextProvider,
                                             X509Certificate[] trustCertCollection,
                                             TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
                                             PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
                                             long sessionCacheSize, long sessionTimeout,
-                                            SecureRandom secureRandom, String keyStore) throws SSLException {
+                                            SecureRandom secureRandom, String keyStore,
+                                            ResumptionController resumptionController) throws SSLException {
         try {
             if (trustCertCollection != null) {
                 trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory, keyStore);
@@ -295,7 +297,8 @@ private static SSLContext newSSLContext(Provider sslContextProvider,
             SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
                 : SSLContext.getInstance(PROTOCOL, sslContextProvider);
             ctx.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(),
-                     trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
+                     trustManagerFactory == null ? null :
+                             wrapIfNeeded(trustManagerFactory.getTrustManagers(), resumptionController),
                      secureRandom);
 
             SSLSessionContext sessCtx = ctx.getClientSessionContext();
@@ -313,4 +316,13 @@ private static SSLContext newSSLContext(Provider sslContextProvider,
             throw new SSLException("failed to initialize the client-side SSL context", e);
         }
     }
+
+    private static TrustManager[] wrapIfNeeded(TrustManager[] tms, ResumptionController resumptionController) {
+        if (resumptionController != null) {
+            for (int i = 0; i < tms.length; i++) {
+                tms[i] = resumptionController.wrapIfNeeded(tms[i]);
+            }
+        }
+        return tms;
+    }
 }
@@ -261,14 +261,14 @@ public JdkSslContext(SSLContext sslContext,
     @SuppressWarnings("deprecation")
     JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
                   JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, String[] protocols, boolean startTls) {
-        this(sslContext, isClient, ciphers, cipherFilter, apn, clientAuth, protocols, startTls, null);
+        this(sslContext, isClient, ciphers, cipherFilter, apn, clientAuth, protocols, startTls, null, null);
     }
 
     @SuppressWarnings("deprecation")
     JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
                   JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, String[] protocols, boolean startTls,
-                  String endpointIdentificationAlgorithm) {
-        super(startTls);
+                  String endpointIdentificationAlgorithm, ResumptionController resumptionController) {
+        super(startTls, resumptionController);
         this.apn = checkNotNull(apn, "apn");
         this.clientAuth = checkNotNull(clientAuth, "clientAuth");
         this.sslContext = checkNotNull(sslContext, "sslContext");
 
@@ -92,7 +92,7 @@ static void checkIfWrappingTrustManagerIsSupported() throws CertificateException
         tm.init((KeyStore) null);
         TrustManager[] managers = tm.getTrustManagers();
 
-        ctx.init(kmf.getKeyManagers(), wrapTrustManagerIfNeeded(managers), null);
+        ctx.init(kmf.getKeyManagers(), wrapTrustManagerIfNeeded(managers, null), null);
     }
 
     /**
@@ -208,7 +208,7 @@ public JdkSslServerContext(
                         long sessionCacheSize, long sessionTimeout, String keyStore) throws SSLException {
         super(newSSLContext(provider, null, null,
                 toX509CertificatesInternal(certChainFile), toPrivateKeyInternal(keyFile, keyPassword),
-                keyPassword, null, sessionCacheSize, sessionTimeout, null, keyStore), false,
+                keyPassword, null, sessionCacheSize, sessionTimeout, null, keyStore, null), false,
                 ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
     }
 
@@ -248,7 +248,7 @@ public JdkSslServerContext(File trustCertCollectionFile, TrustManagerFactory tru
                                long sessionCacheSize, long sessionTimeout) throws SSLException {
         super(newSSLContext(null, toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory,
                 toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
-                keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout, null, null), false,
+                keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout, null, null, null), false,
                 ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
     }
 
@@ -290,7 +290,7 @@ public JdkSslServerContext(File trustCertCollectionFile, TrustManagerFactory tru
         super(newSSLContext(null, toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory,
                 toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
                 keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout,
-                        null, KeyStore.getDefaultType()), false,
+                        null, KeyStore.getDefaultType(), null), false,
                 ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
     }
 
@@ -300,17 +300,20 @@ public JdkSslServerContext(File trustCertCollectionFile, TrustManagerFactory tru
                         KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
                         ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout,
                         ClientAuth clientAuth, String[] protocols, boolean startTls,
-                        SecureRandom secureRandom, String keyStore) throws SSLException {
+                        SecureRandom secureRandom, String keyStore, ResumptionController resumptionController)
+            throws SSLException {
         super(newSSLContext(provider, trustCertCollection, trustManagerFactory, keyCertChain, key,
-                keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout, secureRandom, keyStore), false,
-                ciphers, cipherFilter, toNegotiator(apn, true), clientAuth, protocols, startTls);
+                        keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout, secureRandom, keyStore,
+                        resumptionController),
+                false, ciphers, cipherFilter, toNegotiator(apn, true), clientAuth, protocols, startTls, null,
+                resumptionController);
     }
 
     private static SSLContext newSSLContext(Provider sslContextProvider, X509Certificate[] trustCertCollection,
                                             TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
                                             PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
-                                            long sessionCacheSize, long sessionTimeout,
-                                            SecureRandom secureRandom, String keyStore)
+                                            long sessionCacheSize, long sessionTimeout, SecureRandom secureRandom,
+                                            String keyStore, ResumptionController resumptionController)
             throws SSLException {
         if (key == null && keyManagerFactory == null) {
             throw new NullPointerException("key, keyManagerFactory");
@@ -335,7 +338,7 @@ private static SSLContext newSSLContext(Provider sslContextProvider, X509Certifi
             SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
                 : SSLContext.getInstance(PROTOCOL, sslContextProvider);
             ctx.init(keyManagerFactory.getKeyManagers(),
-                    wrapTrustManagerIfNeeded(trustManagerFactory.getTrustManagers()),
+                    wrapTrustManagerIfNeeded(trustManagerFactory.getTrustManagers(), resumptionController),
                      secureRandom);
 
             SSLSessionContext sessCtx = ctx.getServerSessionContext();
@@ -355,10 +358,14 @@ private static SSLContext newSSLContext(Provider sslContextProvider, X509Certifi
     }
 
     @SuppressJava6Requirement(reason = "Guarded by java version check")
-    private static TrustManager[] wrapTrustManagerIfNeeded(TrustManager[] trustManagers) {
+    private static TrustManager[] wrapTrustManagerIfNeeded(
+            TrustManager[] trustManagers, ResumptionController resumptionController) {
         if (WRAP_TRUST_MANAGER && PlatformDependent.javaVersion() >= 7) {
             for (int i = 0; i < trustManagers.length; i++) {
                 TrustManager tm = trustManagers[i];
+                if (resumptionController != null) {
+                    tm = resumptionController.wrapIfNeeded(tm);
+                }
                 if (tm instanceof X509ExtendedTrustManager) {
                     // Wrap the TrustManager to provide a better exception message for users to debug hostname
                     // validation failures.
 
@@ -178,24 +178,25 @@ public OpenSslClientContext(File trustCertCollectionFile, TrustManagerFactory tr
         this(toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory,
                 toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
                 keyPassword, keyManagerFactory, ciphers, cipherFilter, apn, null, sessionCacheSize,
-                sessionTimeout, false, KeyStore.getDefaultType(), null);
+                sessionTimeout, false, KeyStore.getDefaultType(), null, null);
     }
 
     OpenSslClientContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
                          X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
                          KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
                          CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, String[] protocols,
                          long sessionCacheSize, long sessionTimeout, boolean enableOcsp, String keyStore,
-                         String endpointIdentificationAlgorithm, Map.Entry<SslContextOption<?>, Object>... options)
+                         String endpointIdentificationAlgorithm, ResumptionController resumptionController,
+                         Map.Entry<SslContextOption<?>, Object>... options)
             throws SSLException {
-        super(ciphers, cipherFilter, apn, SSL.SSL_MODE_CLIENT, keyCertChain,
-                ClientAuth.NONE, protocols, false, endpointIdentificationAlgorithm, enableOcsp, options);
+        super(ciphers, cipherFilter, apn, SSL.SSL_MODE_CLIENT, keyCertChain, ClientAuth.NONE, protocols, false,
+                endpointIdentificationAlgorithm, enableOcsp, resumptionController, options);
         boolean success = false;
         try {
             OpenSslKeyMaterialProvider.validateKeyMaterialSupported(keyCertChain, key, keyPassword);
             sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
                                                keyCertChain, key, keyPassword, keyManagerFactory, keyStore,
-                                               sessionCacheSize, sessionTimeout);
+                                               sessionCacheSize, sessionTimeout, resumptionController);
             success = true;
         } finally {
             if (!success) {
 
@@ -31,19 +31,22 @@ public abstract class OpenSslContext extends ReferenceCountedOpenSslContext {
     OpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apnCfg,
                    int mode, Certificate[] keyCertChain,
                    ClientAuth clientAuth, String[] protocols, boolean startTls, String endpointIdentificationAlgorithm,
-                   boolean enableOcsp, Map.Entry<SslContextOption<?>, Object>... options)
+                   boolean enableOcsp, ResumptionController resumptionController,
+                   Map.Entry<SslContextOption<?>, Object>... options)
             throws SSLException {
         super(ciphers, cipherFilter, toNegotiator(apnCfg), mode, keyCertChain,
-                clientAuth, protocols, startTls, endpointIdentificationAlgorithm, enableOcsp, false, options);
+                clientAuth, protocols, startTls, endpointIdentificationAlgorithm, enableOcsp, false,
+                resumptionController, options);
     }
 
     OpenSslContext(Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
                    int mode, Certificate[] keyCertChain,
                    ClientAuth clientAuth, String[] protocols, boolean startTls, boolean enableOcsp,
+                   ResumptionController resumptionController,
                    Map.Entry<SslContextOption<?>, Object>... options)
             throws SSLException {
         super(ciphers, cipherFilter, apn, mode, keyCertChain,
-                clientAuth, protocols, startTls, null, enableOcsp, false, options);
+                clientAuth, protocols, startTls, null, enableOcsp, false, resumptionController, options);
     }
 
     @Override
 
@@ -323,19 +323,21 @@ public OpenSslServerContext(
         this(toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory,
                 toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
                 keyPassword, keyManagerFactory, ciphers, cipherFilter,
-                apn, sessionCacheSize, sessionTimeout, ClientAuth.NONE, null, false, false, KeyStore.getDefaultType());
+                apn, sessionCacheSize, sessionTimeout, ClientAuth.NONE, null, false, false, KeyStore.getDefaultType(),
+                null);
     }
 
     OpenSslServerContext(
             X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
             X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
             Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
             long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
-            boolean enableOcsp, String keyStore, Map.Entry<SslContextOption<?>, Object>... options)
+            boolean enableOcsp, String keyStore, ResumptionController resumptionController,
+            Map.Entry<SslContextOption<?>, Object>... options)
             throws SSLException {
         this(trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword, keyManagerFactory, ciphers,
                 cipherFilter, toNegotiator(apn), sessionCacheSize, sessionTimeout, clientAuth, protocols, startTls,
-                enableOcsp, keyStore, options);
+                enableOcsp, keyStore, resumptionController, options);
     }
 
     @SuppressWarnings("deprecation")
@@ -344,18 +346,19 @@ private OpenSslServerContext(
             X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
             Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
             long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
-            boolean enableOcsp, String keyStore, Map.Entry<SslContextOption<?>, Object>... options)
+            boolean enableOcsp, String keyStore, ResumptionController resumptionController,
+            Map.Entry<SslContextOption<?>, Object>... options)
             throws SSLException {
         super(ciphers, cipherFilter, apn, SSL.SSL_MODE_SERVER, keyCertChain,
-                clientAuth, protocols, startTls, enableOcsp, options);
+                clientAuth, protocols, startTls, enableOcsp, resumptionController, options);
 
         // Create a new SSL_CTX and configure it.
         boolean success = false;
         try {
             OpenSslKeyMaterialProvider.validateKeyMaterialSupported(keyCertChain, key, keyPassword);
             sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
                                                keyCertChain, key, keyPassword, keyManagerFactory, keyStore,
-                                               sessionCacheSize, sessionTimeout);
+                                               sessionCacheSize, sessionTimeout, resumptionController);
             success = true;
         } finally {
             if (!success) {