svn commit: r1738369 - in /tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net: AbstractEndpoint.java AbstractJsseEndpoint.java LocalStrings.properties

[markt]

Author: markt
Date: Sat Apr  9 18:33:41 2016
New Revision: 1738369

URL: http://svn.apache.org/viewvc?rev=1738369&view=rev
Log:
Follow-up to r1737745
Check the support for cipher ordering on connector init and fail then else the 
error won't be visible until the first user tries a TLS connection.

Modified:
    tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
    
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
    tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties

Modified: 
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1738369&r1=1738368&r2=1738369&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
Sat Apr  9 18:33:41 2016
@@ -793,13 +793,14 @@ public abstract class AbstractEndpoint<S
     public abstract void startInternal() throws Exception;
     public abstract void stopInternal() throws Exception;
 
-    public final void init() throws Exception {
+    public void init() throws Exception {
         if (bindOnInit) {
             bind();
             bindState = BindState.BOUND_ON_INIT;
         }
     }
 
+
     public final void start() throws Exception {
         if (bindState == BindState.UNBOUND) {
             bind();

Modified: 
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1738369&r1=1738368&r2=1738369&view=diff
==============================================================================
--- 
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
(original)
+++ 
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
Sat Apr  9 18:33:41 2016
@@ -62,6 +62,7 @@ public abstract class AbstractJsseEndpoi
     }
 
 
+
     @Override
     protected Type getSslConfigType() {
         if 
(OpenSSLImplementation.class.getName().equals(sslImplementationName)) {
@@ -189,6 +190,28 @@ public abstract class AbstractJsseEndpoi
     }
 
 
+    @Override
+    public void init() throws Exception {
+        testServerCipherSuitesOrderSupport();
+        super.init();
+    }
+
+
+    private void testServerCipherSuitesOrderSupport() {
+        // Only need to test for this if running on Java < 8 and not using the
+        // OpenSSL SSLImplementation
+        if(!JreCompat.isJre8Available() &&
+                
!OpenSSLImplementation.class.getName().equals(getSslImplementationName())) {
+            for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
+                if (!"".equals(sslHostConfig.getHonorCipherOrder().trim())) {
+                    throw new UnsupportedOperationException(
+                            
sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"));
+                }
+            }
+        }
+    }
+
+
     @Override
     public void unbind() throws Exception {
         for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {

Modified: 
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1738369&r1=1738368&r2=1738369&view=diff
==============================================================================
--- 
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties 
(original)
+++ 
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties 
Sat Apr  9 18:33:41 2016
@@ -72,6 +72,7 @@ endpoint.apr.pollMergeEvents=Merge polle
 endpoint.apr.pollUnknownEvent=A socket was returned from the poller with an 
unrecognized event [{0}]
 endpoint.apr.tooManyCertFiles=More certificate files were configured than the 
AprEndpoint can handle
 endpoint.apr.remoteport=APR socket [{0}] opened with remote port [{1}]
+endpoint.jsse.cannotHonorServerCipherOrder=The Java Runtime does not support 
"useServerCipherSuitesOrder" with JSSE. You must use OpenSSL or Java 8 onwards 
to use this feature.
 endpoint.jsse.noSslContext=No SSLContext could be found for the host name [{0}]
 endpoint.nio.selectorCloseFail=Failed to close selector when closing the poller
 endpoint.nio.timeoutCme=Exception during processing of timeouts. The code has 
been checked repeatedly and no concurrent modification has been found. If you 
are able to repeat this error please open a Tomcat bug and provide the steps to 
reproduce.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org