You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2020/05/27 12:11:52 UTC
[tomcat] branch 8.5.x updated: Add a little of the SSL env
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 3494147 Add a little of the SSL env
3494147 is described below
commit 3494147b0c6a50e065ea3064f0e9e960f688ab50
Author: remm <re...@apache.org>
AuthorDate: Wed May 27 14:00:53 2020 +0200
Add a little of the SSL env
Probably since the X509 certificate chain is available, a lot of the
client related env could be done as well.
---
java/org/apache/catalina/valves/rewrite/ResolverImpl.java | 13 ++++++++++++-
webapps/docs/changelog.xml | 4 ++++
webapps/docs/rewrite.xml | 5 ++++-
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
index f880ca5..8c108ab 100644
--- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
+++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
@@ -19,10 +19,12 @@ package org.apache.catalina.valves.rewrite;
import java.nio.charset.Charset;
import java.util.Calendar;
+import org.apache.catalina.Globals;
import org.apache.catalina.WebResource;
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.connector.Request;
import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.net.SSLSupport;
public class ResolverImpl extends Resolver {
@@ -133,7 +135,16 @@ public class ResolverImpl extends Resolver {
@Override
public String resolveSsl(String key) {
- // FIXME: Implement SSL environment variables
+ if (key.equals("SSL_PROTOCOL")) {
+ return String.valueOf(request.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY));
+ } else if (key.equals("SSL_SESSION_ID")) {
+ return String.valueOf(request.getAttribute(Globals.SSL_SESSION_ID_ATTR));
+ } else if (key.equals("SSL_CIPHER")) {
+ return String.valueOf(request.getAttribute(Globals.CIPHER_SUITE_ATTR));
+ } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) {
+ return String.valueOf(request.getAttribute(Globals.KEY_SIZE_ATTR));
+ }
+ // FIXME: Implement other SSL environment variables when possible
return null;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f609b65..471acbd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -60,6 +60,10 @@
<bug>64470</bug>: The default value of the solidus handling should
reflect the associated system property. (remm)
</fix>
+ <fix>
+ Implement a few rewrite SSL env that correspond to Servlet request
+ attributes. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
diff --git a/webapps/docs/rewrite.xml b/webapps/docs/rewrite.xml
index 9609c0b..8ab57f4 100644
--- a/webapps/docs/rewrite.xml
+++ b/webapps/docs/rewrite.xml
@@ -244,7 +244,10 @@
<li>
<code>%{SSL:variable}</code>, where <em>variable</em> is the
name of an SSL environment
- variable, are not implemented yet. Example:
+ variable, are not implemented, except
+ <code>SSL_PROTOCOL</code>, <code>SSL_SESSION_ID</code>,
+ <code>SSL_CIPHER</code> and <code>SSL_CIPHER_USEKEYSIZE</code>.
+ Example:
<code>%{SSL:SSL_CIPHER_USEKEYSIZE}</code> may expand to
<code>128</code>.</li>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org