This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push: new c71ad75 Add a little of the SSL env c71ad75 is described below commit c71ad7544a277d9d14359b9d0071c4eb33e124da Author: remm <r...@apache.org> AuthorDate: Wed May 27 14:00:53 2020 +0200 Add a little of the SSL env Probably since the X509 certificate chain is available, a lot of the client related env could be done as well. --- java/org/apache/catalina/valves/rewrite/ResolverImpl.java | 13 ++++++++++++- webapps/docs/changelog.xml | 4 ++++ webapps/docs/rewrite.xml | 5 ++++- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java index a71d64c..1ae6600 100644 --- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java +++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java @@ -19,10 +19,12 @@ package org.apache.catalina.valves.rewrite; import java.nio.charset.Charset; import java.util.Calendar; +import org.apache.catalina.Globals; import org.apache.catalina.WebResource; import org.apache.catalina.WebResourceRoot; import org.apache.catalina.connector.Request; import org.apache.tomcat.util.http.FastHttpDateFormat; +import org.apache.tomcat.util.net.SSLSupport; public class ResolverImpl extends Resolver { @@ -133,7 +135,16 @@ public class ResolverImpl extends Resolver { @Override public String resolveSsl(String key) { - // FIXME: Implement SSL environment variables + if (key.equals("SSL_PROTOCOL")) { + return String.valueOf(request.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY)); + } else if (key.equals("SSL_SESSION_ID")) { + return String.valueOf(request.getAttribute(Globals.SSL_SESSION_ID_ATTR)); + } else if (key.equals("SSL_CIPHER")) { + return String.valueOf(request.getAttribute(Globals.CIPHER_SUITE_ATTR)); + } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { + return String.valueOf(request.getAttribute(Globals.KEY_SIZE_ATTR)); + } + // FIXME: Implement other SSL environment variables when possible return null; } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 0f4a2a6..9063c98 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -64,6 +64,10 @@ Correct a regression in an earlier fix that broke the loading of configuration files such as keystores via URIs on Windows. (markt) </fix> + <fix> + Implement a few rewrite SSL env that correspond to Servlet request + attributes. (remm) + </fix> </changelog> </subsection> <subsection name="Coyote"> diff --git a/webapps/docs/rewrite.xml b/webapps/docs/rewrite.xml index c40eb35..be1befa 100644 --- a/webapps/docs/rewrite.xml +++ b/webapps/docs/rewrite.xml @@ -245,7 +245,10 @@ <li> <code>%{SSL:variable}</code>, where <em>variable</em> is the name of an SSL environment - variable, are not implemented yet. Example: + variable, are not implemented, except + <code>SSL_PROTOCOL</code>, <code>SSL_SESSION_ID</code>, + <code>SSL_CIPHER</code> and <code>SSL_CIPHER_USEKEYSIZE</code>. + Example: <code>%{SSL:SSL_CIPHER_USEKEYSIZE}</code> may expand to <code>128</code>.</li> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org