Author: markt Date: Fri May 12 08:55:18 2017 New Revision: 1794942 URL: http://svn.apache.org/viewvc?rev=1794942&view=rev Log: Remove unnecessary code. If protocols="" is used, an exception will be thrown before this code is reached.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1794942&r1=1794941&r2=1794942&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Fri May 12 08:55:18 2017 @@ -115,31 +115,27 @@ public class OpenSSLContext implements o try { // SSL protocol int value = SSL.SSL_PROTOCOL_NONE; - if (sslHostConfig.getProtocols().size() == 0) { - value = SSL.SSL_PROTOCOL_ALL; - } else { - for (String protocol : sslHostConfig.getEnabledProtocols()) { - if (Constants.SSL_PROTO_SSLv2Hello.equalsIgnoreCase(protocol)) { - // NO-OP. OpenSSL always supports SSLv2Hello - } else if (Constants.SSL_PROTO_SSLv2.equalsIgnoreCase(protocol)) { - value |= SSL.SSL_PROTOCOL_SSLV2; - } else if (Constants.SSL_PROTO_SSLv3.equalsIgnoreCase(protocol)) { - value |= SSL.SSL_PROTOCOL_SSLV3; - } else if (Constants.SSL_PROTO_TLSv1.equalsIgnoreCase(protocol)) { - value |= SSL.SSL_PROTOCOL_TLSV1; - } else if (Constants.SSL_PROTO_TLSv1_1.equalsIgnoreCase(protocol)) { - value |= SSL.SSL_PROTOCOL_TLSV1_1; - } else if (Constants.SSL_PROTO_TLSv1_2.equalsIgnoreCase(protocol)) { - value |= SSL.SSL_PROTOCOL_TLSV1_2; - } else if (Constants.SSL_PROTO_ALL.equalsIgnoreCase(protocol)) { - value |= SSL.SSL_PROTOCOL_ALL; - } else { - // Protocol not recognized, fail to start as it is safer than - // continuing with the default which might enable more than the - // is required - throw new Exception(netSm.getString( - "endpoint.apr.invalidSslProtocol", protocol)); - } + for (String protocol : sslHostConfig.getEnabledProtocols()) { + if (Constants.SSL_PROTO_SSLv2Hello.equalsIgnoreCase(protocol)) { + // NO-OP. OpenSSL always supports SSLv2Hello + } else if (Constants.SSL_PROTO_SSLv2.equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_SSLV2; + } else if (Constants.SSL_PROTO_SSLv3.equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_SSLV3; + } else if (Constants.SSL_PROTO_TLSv1.equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_TLSV1; + } else if (Constants.SSL_PROTO_TLSv1_1.equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_TLSV1_1; + } else if (Constants.SSL_PROTO_TLSv1_2.equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_TLSV1_2; + } else if (Constants.SSL_PROTO_ALL.equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_ALL; + } else { + // Protocol not recognized, fail to start as it is safer than + // continuing with the default which might enable more than the + // is required + throw new Exception(netSm.getString( + "endpoint.apr.invalidSslProtocol", protocol)); } } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org