avoiding ssl.session= on JRuby

[kares]

its just a stub since we can not implement session reuse using the underlying Java security APIs.

users seems to be getting annoyed by our session= printing a warning.

would that be acceptable if that session= line did a unless defined? JRUBY_VERSION check?

[drbrain]

Yes, that would be fine

[kares]

did not rush into this as I stumbled upon an experiment: jruby/jruby-openssl@f12aab2 in jruby-openssl ... where setting the session = would try to force session re-use on the Java end ... not exactly swapping the session but probably gets as close as we can. unfortunately this would need some real world testing if its behaving as expected.

@lolwhitaker would you be interested in confirming it works as expected (since you fired up a PR) ?

[lolwhitaker]

@kares Happy to help with testing if you can guide me a little as to the different scenarios (both positive and negative) you think should be covered.

[kares]

@lolwhitaker you could try jruby-openssl 0.9.17 pre-release from: https://oss.sonatype.org/content/repositories/snapshots/rubygems/jruby-openssl/0.9.17.dev-SNAPSHOT/ ... did some testing using bundle install --jobs xx (from jruby/jruby#3635) WARNING: SSLSocket#session= is not supported are gone and things seems to work. the change is that session= is now trying to force the underlying engine to not create new sessions but re-use. this needs real-world testing (not yet sure if it will be in 0.9.17)