OpenSSLUtil.java

markt Thu, 21 Feb 2019 12:41:05 -0800

Author: markt
Date: Thu Feb 21 20:40:51 2019
New Revision: 1854095

URL: http://svn.apache.org/viewvc?rev=1854095&view=rev
Log:
Refactor setting of sessionCacheSize and sessionTimeout


It is a little more convoluted now for NIO[2]+OpenSSL but the end result should 
be the same and it brings the JSSE and OpenSSL code closer together which will 
(hopefully) make the work to get AprEndpoint working with JSSE config easier.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1854095&r1=1854094&r2=1854095&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Thu 
Feb 21 20:40:51 2019
@@ -27,7 +27,6 @@ import java.util.Set;
 
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
-import javax.net.ssl.SSLSessionContext;
 
 import org.apache.tomcat.util.compat.JreCompat;
 import org.apache.tomcat.util.net.SSLHostConfig.Type;
@@ -113,10 +112,6 @@ public abstract class AbstractJsseEndpoi
                 throw new IllegalArgumentException(e.getMessage(), e);
             }
 
-            SSLSessionContext sessionContext = 
sslContext.getServerSessionContext();
-            if (sessionContext != null) {
-                sslUtil.configureSessionContext(sessionContext);
-            }
             certificate.setSslContext(sslContext);
         }
     }

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java?rev=1854095&r1=1854094&r2=1854095&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java Thu Feb 21 
20:40:51 2019
@@ -46,6 +46,7 @@ import java.util.Set;
 
 import javax.net.ssl.CertPathTrustManagerParameters;
 import javax.net.ssl.ManagerFactoryParameters;
+import javax.net.ssl.SSLSessionContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 
@@ -228,10 +229,27 @@ public abstract class SSLUtilBase implem
     public final SSLContext createSSLContext(List<String> negotiableProtocols) 
throws Exception {
         SSLContext sslContext = createSSLContextInternal(negotiableProtocols);
         sslContext.init(getKeyManagers(), getTrustManagers(), null);
+
+        SSLSessionContext sessionContext = 
sslContext.getServerSessionContext();
+        if (sessionContext != null) {
+            configureSessionContext(sessionContext);
+        }
+
         return sslContext;
     }
 
 
+    @Override
+    public void configureSessionContext(SSLSessionContext sslSessionContext) {
+        if (sslHostConfig.getSessionCacheSize() > 0) {
+            
sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize());
+        }
+        if (sslHostConfig.getSessionTimeout() > 0) {
+            
sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout());
+        }
+    }
+
+
     @Override
     public String[] getEnabledProtocols() {
         return enabledProtocols;

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1854095&r1=1854094&r2=1854095&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Thu Feb 21 
20:40:51 2019
@@ -33,7 +33,6 @@ import java.util.Set;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLSessionContext;
 import javax.net.ssl.X509KeyManager;
 
 import org.apache.juli.logging.Log;
@@ -277,11 +276,4 @@ public class JSSEUtil extends SSLUtilBas
 
         return kms;
     }
-
-
-    @Override
-    public void configureSessionContext(SSLSessionContext sslSessionContext) {
-        
sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize());
-        sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout());
-    }
 }

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1854095&r1=1854094&r2=1854095&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
Thu Feb 21 20:40:51 2019
@@ -242,16 +242,6 @@ public class OpenSSLContext implements o
                 SSLContext.clearOptions(ctx, SSL.SSL_OP_NO_TICKET);
             }
 
-            // Set session cache size, if specified
-            if (sslHostConfig.getSessionCacheSize() > 0) {
-                SSLContext.setSessionCacheSize(ctx, 
sslHostConfig.getSessionCacheSize());
-            }
-
-            // Set session timeout, if specified
-            if (sslHostConfig.getSessionTimeout() > 0) {
-                SSLContext.setSessionCacheTimeout(ctx, 
sslHostConfig.getSessionTimeout());
-            }
-
             // List the ciphers that the client is permitted to negotiate
             SSLContext.setCipherSuite(ctx, sslHostConfig.getCiphers());
 

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java?rev=1854095&r1=1854094&r2=1854095&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java Thu 
Feb 21 20:40:51 2019
@@ -20,7 +20,6 @@ import java.util.List;
 import java.util.Set;
 
 import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLSessionContext;
 
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
@@ -95,12 +94,4 @@ public class OpenSSLUtil extends SSLUtil
             return null;
         }
     }
-
-
-    @Override
-    public void configureSessionContext(SSLSessionContext sslSessionContext) {
-        if (jsseUtil != null) {
-            jsseUtil.configureSessionContext(sslSessionContext);
-        }
-    }
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1854095 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AbstractJsseEndpoint.java SSLUtilBase.java jsse/JSSEUtil.java openssl/OpenSSLContext.java openssl/OpenSSLUtil.java

Reply via email to