I don't have a problem with dynamically registering the SSL provider in
SSLServerSocketFactory, as is done in the patch below. There was
actually some existing code in there which did that, but it was
commented out at some point. Does anyone know why?
Unless anyone objects, I'll include the dynamic loading bit in a set of
patches I'm going to commit shortly (exceptions cleanup).
As far as the CATALINA_SYSTEM_CLASSPATH thing, I'd need for Craig
review/commit that. He's out today, but I'm sure he'll address it when
he gets back.
Wolfgang Hoschek wrote:
>
> It itched me a lot that to enable SSL in TC4 a standard JDK has to be modified
> (copy JSSE libs into jdk/jre/lib/ext and add
> security.provider.3=com.sun.net.ssl.internal.ssl.Provider).
> This was not necessary in TC 3.2.x because of different class loading
> semantics.
> In our environment jdks cannot well be modified due to separate JDKs/archs,
> TCs, JSSEs, etc on shared read-only filesystems.
>
> So here are three TC4 patches (against the latest CVS) that allow JSSE to
> be picked up from anywhere on the filesystem.
> Patches are along the lines Craig suggested yesterday.
> 1) Modify catalina.sh and catalina.bat as indicated below to be able to add
> external jars to the system classpath (new env var CATALINA_SYSTEM_CLASSPATH).
> 2) Modify
>
>jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/net/SSLServerSocketFactory.java
> to dynamically add the com.sun.net.ssl.internal.ssl.Provider provider
>
> In case you don't like 1) because it allows external things to be added,
> then 2) is still of value because people don't need to write their own
> SSLServerSocketFactory
> Hope someone wants to try this out and commit before 4.0 FCS.
> Wolfgang.
>
> --- SSLServerSocketFactory.java.orig Fri Sep 7 20:39:08 2001
> +++ SSLServerSocketFactory.java Mon Sep 10 15:31:16 2001
> @@ -386,6 +386,14 @@
> Security.addProvider(new sun.security.provider.Sun());
> Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
> */
> + // even if jsse provider is already installed it can't hurt to
> make sure
> + // and we do need to install it here if it isn't hard-wired in
> jdk/jre/lib/security/java.security
> + try {
> +
> java.security.Security.addProvider(((java.security.Provider)
> Class.forName("com.sun.net.ssl.internal.ssl.Provider").newInstance()));
> + }
> + catch (IllegalAccessException exc) {}
> + catch (ClassNotFoundException exc) {}
> + catch (InstantiationException exc) {}
>
> // Create an SSL context used to create an SSL socket factory
> SSLContext context = SSLContext.getInstance(protocol);
>
> --- jakarta-tomcat-4.0/catalina/src/bin/catalina.sh.orig Sat Sep 8
> 12:13:28 2001
> +++ jakarta-tomcat-4.0/catalina/src/bin/catalina.sh Mon Sep 10 16:28:25 2001
> @@ -70,6 +70,12 @@
> CP=$CP:"$JAVA_HOME/lib/tools.jar"
> fi
>
> +# add CATALINA_SYSTEM_CLASSPATH custom jars to classpath. For example define
> +# export
>
>CATALINA_SYSTEM_CLASSPATH=/path/to/jsse/lib/jsse.jar:/path/to/jsse/lib/jnet.jar:/path/to/jsse/lib/jcert.jar
> +if [ ! -z "$CATALINA_SYSTEM_CLASSPATH" ] ; then
> + CP=$CP:$CATALINA_SYSTEM_CLASSPATH
> +fi
> +
> # convert the existing path to windows
> if [ "$OSTYPE" = "cygwin32" ] || [ "$OSTYPE" = "cygwin" ] ; then
> CP=`cygpath --path --windows "$CP"`
>
> --- jakarta-tomcat-4.0/catalina/src/bin/catalina.bat.orig Mon Aug 27
> 21:10:25 2001
> +++ jakarta-tomcat-4.0/catalina/src/bin/catalina.bat Mon Sep 10 16:16:43 2001
> @@ -65,6 +65,11 @@
> rem ----- Set Up The Runtime Classpath
> ----------------------------------------
>
> set CP=%CATALINA_HOME%\bin\bootstrap.jar;%JAVA_HOME%\lib\tools.jar
> +
> +# add CATALINA_SYSTEM_CLASSPATH custom jars to classpath. For example define
> +# set
>
>CATALINA_SYSTEM_CLASSPATH=\path\to\jsse\lib\jsse.jar;\path\to\jsse\lib\jnet.jar;\path\to\jsse\lib\jcert.jar
> +set CP=%CP%;%CATALINA_SYSTEM_CLASSPATH%
> +
> set CLASSPATH=%CP%
> echo Using CATALINA_BASE: %CATALINA_BASE%
> echo Using CATALINA_HOME: %CATALINA_HOME%
>
> ------------------------------------------------------------------------
> Name: SSLServerSocketFactory.diff
> SSLServerSocketFactory.diff Type: DIFF File
>(application/x-unknown-content-type-diff_auto_file)
> Encoding: base64
>
> Name: catalina.sh.diff
> catalina.sh.diff Type: DIFF File
>(application/x-unknown-content-type-diff_auto_file)
> Encoding: base64
>
> Name: catalina.bat.diff
> catalina.bat.diff Type: DIFF File
>(application/x-unknown-content-type-diff_auto_file)
> Encoding: base64
- Christopher
/**
* Pleurez, pleurez, mes yeux, et fondez vous en eau!
* La moitié de ma vie a mis l'autre au tombeau.
* ---Corneille
*/
