You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/01/28 11:08:11 UTC
[tomcat] 01/05: Ensure the hostName field of SSLHostConfig is
always lower case.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c56c139e69215ce76fa18b67d75353f1edc64617
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 28 09:29:01 2021 +0000
Ensure the hostName field of SSLHostConfig is always lower case.
This is the first part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
DNS names are case insensitive and while some browsers appear to always
convert provided host names to lower case, I have found no requirement
for this in the RFCs.
The overall plan is to always store and process host names in lower
case. This is because they are used as keys in a ConcurrentMap and keys
are compared in a case sensitive manner.
Using CaseInsensitiveKeyMap was rejected as a solution as that as it is
not thread safe.
---
java/org/apache/catalina/manager/ManagerServlet.java | 2 ++
java/org/apache/tomcat/util/net/SSLHostConfig.java | 7 ++++++-
webapps/docs/config/http.xml | 3 ++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/manager/ManagerServlet.java b/java/org/apache/catalina/manager/ManagerServlet.java
index 392fadc..52002d7 100644
--- a/java/org/apache/catalina/manager/ManagerServlet.java
+++ b/java/org/apache/catalina/manager/ManagerServlet.java
@@ -580,6 +580,8 @@ public class ManagerServlet extends HttpServlet implements ContainerServlet {
} else {
SSLHostConfig[] sslHostConfigs = http11Protoocol.findSslHostConfigs();
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
+ // tlsHostName is as provided by the user so use a case insensitive
+ // comparison as host names are case insensitive.
if (sslHostConfig.getHostName().equalsIgnoreCase(tlsHostName)) {
found = true;
http11Protoocol.reloadSslHostConfig(tlsHostName);
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 734b213..8ab6b63 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -25,6 +25,7 @@ import java.security.UnrecoverableKeyException;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
+import java.util.Locale;
import java.util.Set;
import javax.management.ObjectName;
@@ -409,10 +410,14 @@ public class SSLHostConfig implements Serializable {
public void setHostName(String hostName) {
- this.hostName = hostName;
+ this.hostName = hostName.toLowerCase(Locale.ENGLISH);
}
+ /**
+ * @return The host name associated with this SSL configuration - always in
+ * lower case.
+ */
public String getHostName() {
return hostName;
}
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 32c300b..8d77679 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1306,7 +1306,8 @@
<p>The name of the SSL Host. This should either be the fully qualified
domain name (e.g. <code>tomcat.apache.org</code>) or a wild card domain
name (e.g. <code>*.apache.org</code>). If not specified, the default value
- of <code>_default_</code> will be used.</p>
+ of <code>_default_</code> will be used. Provided values are always
+ converted to lower case.</p>
</attribute>
<attribute name="insecureRenegotiation" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org