Author: jfclere
Date: Mon Mar 17 05:49:46 2008
New Revision: 637867
URL: http://svn.apache.org/viewvc?rev=637867&view=rev
Log:
Allow to specify the random device to use (with docs).
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/SSL.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=637867&r1=637866&r2=637867&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Mar 17 05:49:46 2008
@@ -55,13 +55,6 @@
+0: remm: do we really want to fix these sort of "bugs" ?
-1:
-* Allow to specify the random device to use. (/dev/urandom is faster).
- http://svn.apache.org/viewvc?view=rev&revision=602114
- http://svn.apache.org/viewvc?view=rev&revision=601795
- +1: jfclere, fhanik, remm
- +0: markt, jim - should really be added to the docs as well
- -1:
-
* Revert back to original patch proposed for UTF8 parsing.
This also fixes the regression for 6.0.16 and 5.5.26 (and possibly 4.1.37)
mentioned in
http://issues.apache.org/bugzilla/show_bug.cgi?id=44494
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java?rev=637867&r1=637866&r2=637867&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
Mon Mar 17 05:49:46 2008
@@ -64,6 +64,7 @@
// ---------------------------------------------- Properties
protected static String SSLEngine = "on"; //default on
+ protected static String SSLRandomSeed = "builtin";
protected static boolean sslInitialized = false;
protected static boolean aprInitialized = false;
@@ -204,14 +205,21 @@
//only once per VM
return;
}
- String methodName = "initialize";
+ String methodName = "randSet";
Class paramTypes[] = new Class[1];
paramTypes[0] = String.class;
Object paramValues[] = new Object[1];
- paramValues[0] = "on".equalsIgnoreCase(SSLEngine)?null:SSLEngine;
+ paramValues[0] = SSLRandomSeed;
Class clazz = Class.forName("org.apache.tomcat.jni.SSL");
Method method = clazz.getMethod(methodName, paramTypes);
method.invoke(null, paramValues);
+
+
+ methodName = "initialize";
+ paramValues[0] = "on".equalsIgnoreCase(SSLEngine)?null:SSLEngine;
+ method = clazz.getMethod(methodName, paramTypes);
+ method.invoke(null, paramValues);
+
sslInitialized = true;
}
@@ -223,4 +231,11 @@
this.SSLEngine = SSLEngine;
}
+ public String getSSLRandomSeed() {
+ return SSLRandomSeed;
+ }
+
+ public void setSSLRandomSeed(String SSLRandomSeed) {
+ this.SSLRandomSeed = SSLRandomSeed;
+ }
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/SSL.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/SSL.java?rev=637867&r1=637866&r2=637867&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/SSL.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/SSL.java Mon Mar 17
05:49:46 2008
@@ -227,6 +227,12 @@
public static native int initialize(String engine);
/**
+ * Set source of entropy to use in SSL
+ * @param filename Filename containing random data
+ */
+ public static native boolean randSet(String filename);
+
+ /**
* Add content of the file to the PRNG
* @param filename Filename containing random data.
* If null the default file will be tested.
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=637867&r1=637866&r2=637867&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Mar 17 05:49:46 2008
@@ -57,6 +57,9 @@
<subsection name="Coyote">
<changelog>
<update>
+ APR: Allow to specify the "random device" to use to collect the
entropy. (jfclere)
+ </update>
+ <update>
Fix NIO/SSL live lock during client disconnect (fhanik)
</update>
<fix>
Modified: tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml?rev=637867&r1=637866&r2=637867&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml Mon Mar 17 05:49:46 2008
@@ -282,11 +282,11 @@
<subsection name="Edit the Tomcat Configuration File">
<p>If you are using APR, you have the option of configuring an alternative
engine to openSSL.
<source>
-<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="someengine" />
+<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="someengine" SSLRandomSeed="somedevice" />
</source>
The default value is
<source>
-<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
+<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" SSLRandomSeed="builtin" />
</source>
So to use SSL under APR, make sure the SSLEngine attribute is set to something
other than <code>off</code>.
The default value is <code>on</code> and if you specify another value, it has
to be a valid engine name.
@@ -295,6 +295,9 @@
<source>
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="off" />
</source>
+SSLRandomSeed allows to specify a source of entropy. Productive system needs a
reliable source of entropy
+but entropy may need a lot of time to be collected therefore test systems
could use no blocking entropy
+sources like "/dev/urandom" that will allow quicker starts of Tomcat.
</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
