You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2003/07/01 07:21:31 UTC
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls PureTLSSocketFactory.java PureTLSSupport.java
billbarker 2003/06/30 22:21:30
Modified: util/java/org/apache/tomcat/util/net/puretls Tag: coyote_10
PureTLSSocketFactory.java PureTLSSupport.java
Log:
Porting fixes for CLIENT-CERT from HEAD branch.
Revision Changes Path
No revision
No revision
1.1.2.1 +13 -5 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
Index: PureTLSSocketFactory.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- PureTLSSocketFactory.java 4 Oct 2002 20:03:10 -0000 1.1
+++ PureTLSSocketFactory.java 1 Jul 2003 05:21:30 -0000 1.1.2.1
@@ -79,6 +79,8 @@
public class PureTLSSocketFactory
extends org.apache.tomcat.util.net.ServerSocketFactory
{
+ static org.apache.commons.logging.Log logger =
+ org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class);
static String defaultProtocol = "TLS";
static boolean defaultClientAuth = false;
static String defaultKeyStoreFile = "server.pem";
@@ -158,11 +160,15 @@
}
}
- SSLContext tmpContext=new SSLContext();
- if(clientAuth){
- tmpContext.loadRootCertificates(rootFile);
- }
- tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
+ SSLContext tmpContext=new SSLContext();
+ try {
+ tmpContext.loadRootCertificates(rootFile);
+ } catch(IOException iex) {
+ if(logger.isDebugEnabled())
+ logger.debug("Error loading Client Root Store: " +
+ rootFile,iex);
+ }
+ tmpContext.loadEAYKeyFile(keyStoreFile,keyPass);
tmpContext.useRandomnessFile(randomFile,keyPass);
SSLPolicyInt policy=new SSLPolicyInt();
@@ -172,6 +178,7 @@
tmpContext.setPolicy(policy);
context=tmpContext;
} catch (Exception e){
+ logger.info("Error initializing SocketFactory",e);
throw new IOException(e.getMessage());
}
}
@@ -183,6 +190,7 @@
Socket sock=socket.accept();
return sock;
} catch (SSLException e){
+ logger.debug("SSL handshake error",e);
throw new SocketException("SSL handshake error" + e.toString());
}
}
1.1.2.1 +16 -4 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
Index: PureTLSSupport.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- PureTLSSupport.java 4 Oct 2002 20:03:10 -0000 1.1
+++ PureTLSSupport.java 1 Jul 2003 05:21:30 -0000 1.1.2.1
@@ -64,6 +64,7 @@
import java.net.*;
import java.util.Vector;
import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
import org.apache.tomcat.util.buf.HexUtils;
import COM.claymoresystems.sslg.*;
@@ -83,6 +84,9 @@
*/
class PureTLSSupport implements SSLSupport {
+ static org.apache.commons.logging.Log logger =
+ org.apache.commons.logging.LogFactory.getLog(PureTLSSupport.class);
+
private COM.claymoresystems.ptls.SSLSocket ssl;
PureTLSSupport(SSLSocket sock){
@@ -130,12 +134,16 @@
CertificateFactory.getInstance("X.509");
ByteArrayInputStream stream =
new ByteArrayInputStream(buffer);
-
- chain[i]=(java.security.cert.X509Certificate)
- cf.generateCertificate(stream);
+
+ X509Certificate xCert = (X509Certificate)cf.generateCertificate(stream);
+ chain[i-1]= xCert;
+ if(logger.isTraceEnabled()) {
+ logger.trace("Cert # " + i + " = " + xCert);
+ }
}
} catch (java.security.cert.CertificateException e) {
- throw new IOException("JDK's broken cert handling can't parse this certificate (which PureTLS likes");
+ logger.info("JDK's broken cert handling can't parse this certificate (which PureTLS likes)",e);
+ throw new IOException("JDK's broken cert handling can't parse this certificate (which PureTLS likes)");
}
return chain;
}
@@ -168,6 +176,10 @@
}
}
+
+
+
+
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org