Author: markt Date: Thu Feb 21 20:40:51 2019 New Revision: 1854095 URL: http://svn.apache.org/viewvc?rev=1854095&view=rev Log: Refactor setting of sessionCacheSize and sessionTimeout
It is a little more convoluted now for NIO[2]+OpenSSL but the end result should be the same and it brings the JSSE and OpenSSL code closer together which will (hopefully) make the work to get AprEndpoint working with JSSE config easier. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1854095&r1=1854094&r2=1854095&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Thu Feb 21 20:40:51 2019 @@ -27,7 +27,6 @@ import java.util.Set; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; -import javax.net.ssl.SSLSessionContext; import org.apache.tomcat.util.compat.JreCompat; import org.apache.tomcat.util.net.SSLHostConfig.Type; @@ -113,10 +112,6 @@ public abstract class AbstractJsseEndpoi throw new IllegalArgumentException(e.getMessage(), e); } - SSLSessionContext sessionContext = sslContext.getServerSessionContext(); - if (sessionContext != null) { - sslUtil.configureSessionContext(sessionContext); - } certificate.setSslContext(sslContext); } } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java?rev=1854095&r1=1854094&r2=1854095&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java Thu Feb 21 20:40:51 2019 @@ -46,6 +46,7 @@ import java.util.Set; import javax.net.ssl.CertPathTrustManagerParameters; import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.SSLSessionContext; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; @@ -228,10 +229,27 @@ public abstract class SSLUtilBase implem public final SSLContext createSSLContext(List<String> negotiableProtocols) throws Exception { SSLContext sslContext = createSSLContextInternal(negotiableProtocols); sslContext.init(getKeyManagers(), getTrustManagers(), null); + + SSLSessionContext sessionContext = sslContext.getServerSessionContext(); + if (sessionContext != null) { + configureSessionContext(sessionContext); + } + return sslContext; } + @Override + public void configureSessionContext(SSLSessionContext sslSessionContext) { + if (sslHostConfig.getSessionCacheSize() > 0) { + sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize()); + } + if (sslHostConfig.getSessionTimeout() > 0) { + sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout()); + } + } + + @Override public String[] getEnabledProtocols() { return enabledProtocols; Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1854095&r1=1854094&r2=1854095&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Thu Feb 21 20:40:51 2019 @@ -33,7 +33,6 @@ import java.util.Set; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLSessionContext; import javax.net.ssl.X509KeyManager; import org.apache.juli.logging.Log; @@ -277,11 +276,4 @@ public class JSSEUtil extends SSLUtilBas return kms; } - - - @Override - public void configureSessionContext(SSLSessionContext sslSessionContext) { - sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize()); - sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout()); - } } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1854095&r1=1854094&r2=1854095&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Thu Feb 21 20:40:51 2019 @@ -242,16 +242,6 @@ public class OpenSSLContext implements o SSLContext.clearOptions(ctx, SSL.SSL_OP_NO_TICKET); } - // Set session cache size, if specified - if (sslHostConfig.getSessionCacheSize() > 0) { - SSLContext.setSessionCacheSize(ctx, sslHostConfig.getSessionCacheSize()); - } - - // Set session timeout, if specified - if (sslHostConfig.getSessionTimeout() > 0) { - SSLContext.setSessionCacheTimeout(ctx, sslHostConfig.getSessionTimeout()); - } - // List the ciphers that the client is permitted to negotiate SSLContext.setCipherSuite(ctx, sslHostConfig.getCiphers()); Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java?rev=1854095&r1=1854094&r2=1854095&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java Thu Feb 21 20:40:51 2019 @@ -20,7 +20,6 @@ import java.util.List; import java.util.Set; import javax.net.ssl.KeyManager; -import javax.net.ssl.SSLSessionContext; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; @@ -95,12 +94,4 @@ public class OpenSSLUtil extends SSLUtil return null; } } - - - @Override - public void configureSessionContext(SSLSessionContext sslSessionContext) { - if (jsseUtil != null) { - jsseUtil.configureSessionContext(sslSessionContext); - } - } } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org