On 05/01/2017 21:05, Jesse Schulman wrote: > We are using tomcat-embed 8.5.9, java8 and running on Centos7. Given > Tomcat's new support for SNI, we wish to support adding/removing/updating > certificates via our application at runtime without restarting tomcat or > binding/unbinding the port. > > Our configuration is very simple, we have a single servlet for all > requests, so we have a single connector/endpoint to manage all > SSLHostConfigs. > > It appears that by manipulating the list of SSLHostConfig objects in the > AbstractEndpoint we can achieve what we want, there however don't appear to > be any public methods available that allow that kind of operation.
It should be possible with the current API. What can't you do? > I was able to extend a few tomcat classes (Connector, > AbstractHttp11JsseProtocol, NioEndpoint) to expose what I need and verify > that I can change the SSLHostConfig at runtime, however I would prefer to > use APIs fully supported by tomcat. > > Is there any way to do what I want with the currently available APIs, or > are there any plans to expose this kind of functionality? It depends exactly what you want to do. AbstractEndpoint.addSslHostConfig() AbstractEndpoint.findSslHostConfigs() should be enough. > If not, are there any risks or issues with taking the approach described > above by extending classes to expose what I need? It depends what you want to do. Generally, there is a risk we'll change an API you are depending on since a lot of those are treated as internal APIs. Some sample code might help. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
