You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2017/06/23 21:34:50 UTC
svn commit: r1799709 - in /tomcat/trunk:
java/org/apache/tomcat/util/net/AprEndpoint.java
java/org/apache/tomcat/util/net/AprSSLSupport.java webapps/docs/changelog.xml
Author: remm
Date: Fri Jun 23 21:34:50 2017
New Revision: 1799709
URL: http://svn.apache.org/viewvc?rev=1799709&view=rev
Log:
60461: Sync SSL session access for the APR connector.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1799709&r1=1799708&r2=1799709&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri Jun 23 21:34:50 2017
@@ -2761,5 +2761,44 @@ public class AprEndpoint extends Abstrac
public void setAppReadBufHandler(ApplicationBufferHandler handler) {
// no-op
}
+
+ String getSSLInfoS(int id) {
+ synchronized (closedLock) {
+ if (closed) {
+ return null;
+ }
+ try {
+ return SSLSocket.getInfoS(getSocket().longValue(), id);
+ } catch (Exception e) {
+ throw new IllegalStateException(e);
+ }
+ }
+ }
+
+ int getSSLInfoI(int id) {
+ synchronized (closedLock) {
+ if (closed) {
+ return 0;
+ }
+ try {
+ return SSLSocket.getInfoI(getSocket().longValue(), id);
+ } catch (Exception e) {
+ throw new IllegalStateException(e);
+ }
+ }
+ }
+
+ byte[] getSSLInfoB(int id) {
+ synchronized (closedLock) {
+ if (closed) {
+ return null;
+ }
+ try {
+ return SSLSocket.getInfoB(getSocket().longValue(), id);
+ } catch (Exception e) {
+ throw new IllegalStateException(e);
+ }
+ }
+ }
}
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java?rev=1799709&r1=1799708&r2=1799709&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java Fri Jun 23 21:34:50 2017
@@ -22,7 +22,6 @@ import java.security.cert.CertificateFac
import java.security.cert.X509Certificate;
import org.apache.tomcat.jni.SSL;
-import org.apache.tomcat.jni.SSLSocket;
/**
* Implementation of SSLSupport for APR.
@@ -32,11 +31,11 @@ import org.apache.tomcat.jni.SSLSocket;
*/
public class AprSSLSupport implements SSLSupport {
- private final SocketWrapperBase<Long> socketWrapper;
+ private final AprEndpoint.AprSocketWrapper socketWrapper;
private final String clientCertProvider;
- public AprSSLSupport(SocketWrapperBase<Long> socketWrapper, String clientCertProvider) {
+ public AprSSLSupport(AprEndpoint.AprSocketWrapper socketWrapper, String clientCertProvider) {
this.socketWrapper = socketWrapper;
this.clientCertProvider = clientCertProvider;
}
@@ -44,12 +43,8 @@ public class AprSSLSupport implements SS
@Override
public String getCipherSuite() throws IOException {
- long socketRef = socketWrapper.getSocket().longValue();
- if (socketRef == 0) {
- return null;
- }
try {
- return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_CIPHER);
+ return socketWrapper.getSSLInfoS(SSL.SSL_INFO_CIPHER);
} catch (Exception e) {
throw new IOException(e);
}
@@ -58,15 +53,10 @@ public class AprSSLSupport implements SS
@Override
public X509Certificate[] getPeerCertificateChain() throws IOException {
- long socketRef = socketWrapper.getSocket().longValue();
- if (socketRef == 0) {
- return null;
- }
-
try {
// certLength == -1 indicates an error
- int certLength = SSLSocket.getInfoI(socketRef, SSL.SSL_INFO_CLIENT_CERT_CHAIN);
- byte[] clientCert = SSLSocket.getInfoB(socketRef, SSL.SSL_INFO_CLIENT_CERT);
+ int certLength = socketWrapper.getSSLInfoI(SSL.SSL_INFO_CLIENT_CERT_CHAIN);
+ byte[] clientCert = socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT);
X509Certificate[] certs = null;
if (clientCert != null && certLength > -1) {
certs = new X509Certificate[certLength + 1];
@@ -78,7 +68,7 @@ public class AprSSLSupport implements SS
}
certs[0] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientCert));
for (int i = 0; i < certLength; i++) {
- byte[] data = SSLSocket.getInfoB(socketRef, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
+ byte[] data = socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
certs[i+1] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data));
}
}
@@ -91,13 +81,8 @@ public class AprSSLSupport implements SS
@Override
public Integer getKeySize() throws IOException {
- long socketRef = socketWrapper.getSocket().longValue();
- if (socketRef == 0) {
- return null;
- }
-
try {
- return Integer.valueOf(SSLSocket.getInfoI(socketRef, SSL.SSL_INFO_CIPHER_USEKEYSIZE));
+ return Integer.valueOf(socketWrapper.getSSLInfoI(SSL.SSL_INFO_CIPHER_USEKEYSIZE));
} catch (Exception e) {
throw new IOException(e);
}
@@ -106,13 +91,8 @@ public class AprSSLSupport implements SS
@Override
public String getSessionId() throws IOException {
- long socketRef = socketWrapper.getSocket().longValue();
- if (socketRef == 0) {
- return null;
- }
-
try {
- return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_SESSION_ID);
+ return socketWrapper.getSSLInfoS(SSL.SSL_INFO_SESSION_ID);
} catch (Exception e) {
throw new IOException(e);
}
@@ -120,13 +100,8 @@ public class AprSSLSupport implements SS
@Override
public String getProtocol() throws IOException {
- long socketRef = socketWrapper.getSocket().longValue();
- if (socketRef == 0) {
- return null;
- }
-
try {
- return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_PROTOCOL);
+ return socketWrapper.getSSLInfoS(SSL.SSL_INFO_PROTOCOL);
} catch (Exception e) {
throw new IOException(e);
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1799709&r1=1799708&r2=1799709&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jun 23 21:34:50 2017
@@ -67,6 +67,9 @@
available to the access log valve when the connection is closing.
(markt)
</fix>
+ <fix>
+ <bug>60461</bug>: Sync SSL session access for the APR connector. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Tribes">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org