You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/12/13 12:31:27 UTC
svn commit: r1818004 - in /tomcat/trunk:
java/org/apache/catalina/manager/LocalStrings.properties
java/org/apache/catalina/manager/ManagerServlet.java
webapps/docs/manager-howto.xml
Author: markt
Date: Wed Dec 13 12:31:27 2017
New Revision: 1818004
URL: http://svn.apache.org/viewvc?rev=1818004&view=rev
Log:
Expand fix for BZ 61566 to the script interface as well as the HTML interface.
Modified:
tomcat/trunk/java/org/apache/catalina/manager/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java
tomcat/trunk/webapps/docs/manager-howto.xml
Modified: tomcat/trunk/java/org/apache/catalina/manager/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/LocalStrings.properties?rev=1818004&r1=1818003&r2=1818004&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/manager/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/catalina/manager/LocalStrings.properties Wed Dec 13 12:31:27 2017
@@ -114,6 +114,8 @@ managerServlet.sessiontimeout.unlimited=
managerServlet.sessiontimeout.expired=[{0}] minutes: [{1}] sessions were expired
managerServlet.sessions=OK - Session information for application at context path [{0}]
managerServlet.sslConnectorCiphers=OK - Connector / SSL Cipher information
+managerServlet.sslConnectorCerts=OK - Connector / Certificate Chain information
+managerServlet.sslConnectorTrustedCerts=OK - Connector / Trusted Certificate information
managerServlet.started=OK - Started application at context path [{0}]
managerServlet.startFailed=FAIL - Application at context path [{0}] could not be started
managerServlet.stopped=OK - Stopped application at context path [{0}]
Modified: tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java?rev=1818004&r1=1818003&r2=1818004&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java Wed Dec 13 12:31:27 2017
@@ -373,6 +373,10 @@ public class ManagerServlet extends Http
threadDump(writer, smClient, request.getLocales());
} else if (command.equals("/sslConnectorCiphers")) {
sslConnectorCiphers(writer, smClient);
+ } else if (command.equals("/sslConnectorCerts")) {
+ sslConnectorCerts(writer, smClient);
+ } else if (command.equals("/sslConnectorTrustedCerts")) {
+ sslConnectorTrustedCerts(writer, smClient);
} else {
writer.println(smClient.getString("managerServlet.unknownCommand",
command));
@@ -565,10 +569,9 @@ public class ManagerServlet extends Http
writer.print(Diagnostics.getThreadDump(requestedLocales));
}
- protected void sslConnectorCiphers(PrintWriter writer,
- StringManager smClient) {
- writer.println(smClient.getString(
- "managerServlet.sslConnectorCiphers"));
+
+ protected void sslConnectorCiphers(PrintWriter writer, StringManager smClient) {
+ writer.println(smClient.getString("managerServlet.sslConnectorCiphers"));
Map<String,List<String>> connectorCiphers = getConnectorCiphers();
for (Map.Entry<String,List<String>> entry : connectorCiphers.entrySet()) {
writer.println(entry.getKey());
@@ -578,6 +581,30 @@ public class ManagerServlet extends Http
}
}
}
+
+
+ private void sslConnectorCerts(PrintWriter writer, StringManager smClient) {
+ writer.println(smClient.getString("managerServlet.sslConnectorCerts"));
+ Map<String,List<String>> connectorCerts = getConnectorCerts();
+ for (Map.Entry<String,List<String>> entry : connectorCerts.entrySet()) {
+ writer.println(entry.getKey());
+ for (String cert : entry.getValue()) {
+ writer.println(cert);
+ }
+ }
+ }
+
+
+ private void sslConnectorTrustedCerts(PrintWriter writer, StringManager smClient) {
+ writer.println(smClient.getString("managerServlet.sslConnectorTrustedCerts"));
+ Map<String,List<String>> connectorTrustedCerts = getConnectorTrustedCerts();
+ for (Map.Entry<String,List<String>> entry : connectorTrustedCerts.entrySet()) {
+ writer.println(entry.getKey());
+ for (String cert : entry.getValue()) {
+ writer.println(cert);
+ }
+ }
+ }
/**
Modified: tomcat/trunk/webapps/docs/manager-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/manager-howto.xml?rev=1818004&r1=1818003&r2=1818004&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/manager-howto.xml (original)
+++ tomcat/trunk/webapps/docs/manager-howto.xml Wed Dec 13 12:31:27 2017
@@ -851,7 +851,7 @@ has been reloaded several times, it may
</subsection>
-<subsection name="Connector SSL/TLS diagnostics">
+<subsection name="Connector SSL/TLS cipher information">
<source>http://localhost:8080/manager/text/sslConnectorCiphers</source>
@@ -871,6 +871,49 @@ Connector[HTTP/1.1-8443]
...</source>
</subsection>
+
+<subsection name="Connector SSL/TLS certificate chain information">
+
+<source>http://localhost:8080/manager/text/sslConnectorCerts</source>
+
+<p>The SSL Connector/Certs diagnostic lists the certificate chain that is
+currently configured for each virtual host.</p>
+
+<p>The response will look something like this:</p>
+<source>OK - Connector / Certificate Chain information
+Connector[HTTP/1.1-8080]
+SSL is not enabled for this connector
+Connector[HTTP/1.1-8443]-_default_-RSA
+[
+[
+ Version: V3
+ Subject: CN=localhost, OU=Apache Tomcat PMC, O=The Apache Software Foundation, L=Wakefield, ST=MA, C=US
+ Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
+ ...</source>
+
+</subsection>
+
+<subsection name="Connector SSL/TLS trusted certificate information">
+
+<source>http://localhost:8080/manager/text/sslConnectorTrustedCerts</source>
+
+<p>The SSL Connector/Certs diagnostic lists the trusted certificates that are
+currently configured for each virtual host.</p>
+
+<p>The response will look something like this:</p>
+<source>OK - Connector / Trusted Certificate information
+Connector[HTTP/1.1-8080]
+SSL is not enabled for this connector
+Connector[AJP/1.3-8009]
+SSL is not enabled for this connector
+Connector[HTTP/1.1-8443]-_default_
+[
+[
+ Version: V3
+ Subject: CN=Apache Tomcat Test CA, OU=Apache Tomcat PMC, O=The Apache Software Foundation, L=Wakefield, ST=MA, C=US
+ ...</source>
+
+</subsection>
<subsection name="Thread Dump">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org