Author: markt
Date: Thu May 7 07:30:11 2015
New Revision: 1678141
URL: http://svn.apache.org/r1678141
Log:
Move sslProtocol to SSLHostConfig
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/trunk/webapps/docs/config/http.xml
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
Thu May 7 07:30:11 2015
@@ -25,9 +25,6 @@ public abstract class AbstractHttp11Jsse
super(endpoint);
}
- public String getSslProtocol() { return getEndpoint().getSslProtocol();}
- public void setSslProtocol(String s) { getEndpoint().setSslProtocol(s);}
-
public void setSessionCacheSize(String
s){getEndpoint().setSessionCacheSize(s);}
public String getSessionCacheSize(){ return
getEndpoint().getSessionCacheSize();}
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Thu
May 7 07:30:11 2015
@@ -506,6 +506,12 @@ public abstract class AbstractHttp11Prot
}
+ public void setSslProtocol(String sslProtocol) {
+ registerDefaultSSLHostConfig();
+ defaultSSLHostConfig.setSslProtocol(sslProtocol);
+ }
+
+
// ------------------------------------------------------------- Common
code
// Common configuration required for all new HTTP11 processors
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Thu May
7 07:30:11 2015
@@ -963,10 +963,6 @@ public abstract class AbstractEndpoint<S
this.sslImplementationName = s;
}
- private String sslProtocol = "TLS";
- public String getSslProtocol() { return sslProtocol;}
- public void setSslProtocol(String s) { sslProtocol = s;}
-
private String sessionCacheSize = null;
public String getSessionCacheSize() { return sessionCacheSize;}
public void setSessionCacheSize(String s) { sessionCacheSize = s;}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Thu May 7
07:30:11 2015
@@ -64,6 +64,7 @@ public class SSLHostConfig {
private String certificateKeystoreProvider =
System.getProperty("javax.net.ssl.keyStoreProvider");
private String certificateKeystoreType =
System.getProperty("javax.net.ssl.keyStoreType");
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
+ private String sslProtocol = "TLS";
private String trustManagerClassName;
private String truststoreAlgorithm =
TrustManagerFactory.getDefaultAlgorithm();
private String truststoreFile =
System.getProperty("javax.net.ssl.trustStore");
@@ -315,6 +316,17 @@ public class SSLHostConfig {
}
+ public void setSslProtocol(String sslProtocol) {
+ setProperty("sslProtocol", Type.JSSE);
+ this.sslProtocol = sslProtocol;
+ }
+
+
+ public String getSslProtocol() {
+ return sslProtocol;
+ }
+
+
public void setTrustManagerClassName(String trustManagerClassName) {
setProperty("trustManagerClassName", Type.JSSE);
this.trustManagerClassName = trustManagerClassName;
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Thu May 7 07:30:11 2015
@@ -81,8 +81,6 @@ public class JSSESocketFactory implement
private static final StringManager sm =
StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
- // Defaults - made public where re-used
- private static final String defaultProtocol = "TLS";
private static final int defaultSessionCacheSize = 0;
private static final int defaultSessionTimeout = 86400;
@@ -96,15 +94,10 @@ public class JSSESocketFactory implement
this.endpoint = endpoint;
this.sslHostConfig = sslHostConfig;
- String sslProtocol = endpoint.getSslProtocol();
- if (sslProtocol == null) {
- sslProtocol = defaultProtocol;
- }
-
- javax.net.ssl.SSLContext context;
+ SSLContext context;
try {
- context = javax.net.ssl.SSLContext.getInstance(sslProtocol);
- context.init(null, null, null);
+ context = createSSLContext();
+ context.init(null, null, null);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
// This is fatal for the connector so throw an exception to prevent
// it from starting
@@ -268,16 +261,10 @@ public class JSSESocketFactory implement
return ks;
}
- @Override
- public SSLContext createSSLContext() throws Exception {
-
- // SSL protocol variant (e.g., TLS, SSL v3, etc.)
- String protocol = endpoint.getSslProtocol();
- if (protocol == null) {
- protocol = defaultProtocol;
- }
- return new JSSESSLContext(protocol);
+ @Override
+ public SSLContext createSSLContext() throws NoSuchAlgorithmException {
+ return new JSSESSLContext(sslHostConfig.getSslProtocol());
}
Modified: tomcat/trunk/webapps/docs/config/http.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Thu May 7 07:30:11 2015
@@ -1197,6 +1197,18 @@
used.</p>
</attribute>
+ <attribute name="sslProtocol" required="false">
+ <p>JSSE only.</p>
+ <p>The the SSL protocol(s) to use (a single value may enable multiple
+ protocols - see the JVM documentation for details). If not specified, the
+ default is <code>TLS</code>. The permitted values may be obtained from
the
+ JVM documentation for the allowed values for algorithm when creating an
+ <code>SSLContext</code> instance e.g.
+ <a
href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext";>
+ Oracle Java 7</a>. Note: There is overlap between this attribute and
+ <code>protocols</code>.</p>
+ </attribute>
+
<attribute name="trustManagerClassName" required="false">
<p>JSSE only.</p>
<p>The name of a custom trust manager class to use to validate client
@@ -1349,14 +1361,9 @@
</attribute>
<attribute name="sslProtocol" required="false">
- <p>The the SSL protocol(s) to use (a single value may enable multiple
- protocols - see the JVM documentation for details). If not specified, the
- default is <code>TLS</code>. The permitted values may be obtained from
the
- JVM documentation for the allowed values for algorithm when creating an
- <code>SSLContext</code> instance e.g.
- <a
href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext";>
- Oracle Java 7</a>. Note: There is overlap between this attribute and
- <code>sslEnabledProtocols</code>.</p>
+ <p>This is an alias for the <code>sslProtocol</code> attribute of the
+ default <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
+ element.</p>
</attribute>
<attribute name="trustManagerClassName" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
