You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/11/04 14:45:42 UTC
[tomcat] 02/03: Refactor to (slightly) reduce native calls when
using OpenSSL
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f7c8b948998107c47621655f83029ccb292df5f1
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Nov 4 14:22:27 2019 +0000
Refactor to (slightly) reduce native calls when using OpenSSL
---
.../tomcat/util/net/AbstractJsseEndpoint.java | 28 +++++++++++-----------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index 984b493..76f1cb0 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -118,19 +118,6 @@ public abstract class AbstractJsseEndpoint<S> extends AbstractEndpoint<S> {
}
SSLEngine engine = sslContext.createSSLEngine();
- switch (sslHostConfig.getCertificateVerification()) {
- case NONE:
- engine.setNeedClientAuth(false);
- engine.setWantClientAuth(false);
- break;
- case OPTIONAL:
- case OPTIONAL_NO_CA:
- engine.setWantClientAuth(true);
- break;
- case REQUIRED:
- engine.setNeedClientAuth(true);
- break;
- }
engine.setUseClientMode(false);
engine.setEnabledCipherSuites(sslHostConfig.getEnabledCiphers());
engine.setEnabledProtocols(sslHostConfig.getEnabledProtocols());
@@ -157,7 +144,20 @@ public abstract class AbstractJsseEndpoint<S> extends AbstractEndpoint<S> {
JreCompat.getInstance().setApplicationProtocols(sslParameters, commonProtocolsArray);
}
}
- // In case the getter returns a defensive copy
+ switch (sslHostConfig.getCertificateVerification()) {
+ case NONE:
+ sslParameters.setNeedClientAuth(false);
+ sslParameters.setWantClientAuth(false);
+ break;
+ case OPTIONAL:
+ case OPTIONAL_NO_CA:
+ sslParameters.setWantClientAuth(true);
+ break;
+ case REQUIRED:
+ sslParameters.setNeedClientAuth(true);
+ break;
+ }
+ // The getter (at least in OpenJDK and derivatives) returns a defensive copy
engine.setSSLParameters(sslParameters);
return engine;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org