svn commit: r1654517 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

Sat, 24 Jan 2015 05:59:45 -0800 

Author: fschumacher
Date: Sat Jan 24 13:59:29 2015
New Revision: 1654517

URL: http://svn.apache.org/r1654517
Log:
Close the socket that was used to determine the ssl
capabilities. Issue reported by Coverity Scan.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1654517&r1=1654516&r2=1654517&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 
Sat Jan 24 13:59:29 2015
@@ -148,24 +148,36 @@ public class JSSESocketFactory implement
             return;
         }
 
-        defaultServerCipherSuites = socket.getEnabledCipherSuites();
-        if (defaultServerCipherSuites.length == 0) {
-            log.warn(sm.getString("jsse.noDefaultCiphers", 
endpoint.getName()));
-        }
+        try {
+            defaultServerCipherSuites = socket.getEnabledCipherSuites();
+            if (defaultServerCipherSuites.length == 0) {
+                log.warn(sm.getString("jsse.noDefaultCiphers",
+                        endpoint.getName()));
+            }
 
-        // Filter out all the SSL protocols (SSLv2 and SSLv3) from the defaults
-        // since they are no longer considered secure
-        List<String> filteredProtocols = new ArrayList<>();
-        for (String protocol : socket.getEnabledProtocols()) {
-            if (protocol.toUpperCase(Locale.ENGLISH).contains("SSL")) {
-                log.debug(sm.getString("jsse.excludeDefaultProtocol", 
protocol));
-                continue;
+            // Filter out all the SSL protocols (SSLv2 and SSLv3) from the
+            // defaults
+            // since they are no longer considered secure
+            List<String> filteredProtocols = new ArrayList<>();
+            for (String protocol : socket.getEnabledProtocols()) {
+                if (protocol.toUpperCase(Locale.ENGLISH).contains("SSL")) {
+                    log.debug(sm.getString("jsse.excludeDefaultProtocol",
+                            protocol));
+                    continue;
+                }
+                filteredProtocols.add(protocol);
+            }
+            defaultServerProtocols = filteredProtocols
+                    .toArray(new String[filteredProtocols.size()]);
+            if (defaultServerProtocols.length == 0) {
+                log.warn(sm.getString("jsse.noDefaultProtocols",
+                        endpoint.getName()));
+            }
+        } finally {
+            try {
+                socket.close();
+            } catch (IOException ignore) {
             }
-            filteredProtocols.add(protocol);
-        }
-        defaultServerProtocols = filteredProtocols.toArray(new 
String[filteredProtocols.size()]);
-        if (defaultServerProtocols.length == 0) {
-            log.warn(sm.getString("jsse.noDefaultProtocols", 
endpoint.getName()));
         }
     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to