You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2019/04/04 18:07:44 UTC
[GitHub] [trafficcontrol] rawlinp commented on a change in pull request
#3392: Tr default cert
rawlinp commented on a change in pull request #3392: Tr default cert
URL: https://github.com/apache/trafficcontrol/pull/3392#discussion_r272301941
##########
File path: traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterNioEndpoint.java
##########
@@ -61,61 +66,57 @@ synchronized private void replaceSSLHosts(final Map<String, HandshakeData> sslHo
sslHostConfig.setCertificateKeyAlias(alias);
sslHostConfig.setHostName(sslHostsData.get(alias).getHostname());
sslHostConfig.setProtocols("all");
- sslHostConfig.setConfigType(getSslConfigType());
sslHostConfig.setCertificateVerification("none");
- LOGGER.info("sslHostConfig: "+sslHostConfig.getHostName()+" "+sslHostConfig.getTruststoreAlgorithm());
+ LOGGER.info("sslHostConfig: " + sslHostConfig.getHostName() + " " + sslHostConfig.getTruststoreAlgorithm());
if (!sslHostConfig.getHostName().equals(lastHostName)) {
addSslHostConfig(sslHostConfig, true);
lastHostName = sslHostConfig.getHostName();
}
- if (firstAlias && ! "".equals(alias)) {
+ if (CertificateRegistry.DEFAULT_SSL_KEY.equals(alias)) {
// One of the configs must be set as the default
setDefaultSSLHostConfigName(sslHostConfig.getHostName());
- firstAlias = false;
}
}
-
- }
-
- synchronized public void reloadSSLHosts(final Map<String, HandshakeData> cr) {
- replaceSSLHosts(cr);
-
- for (final HandshakeData data : cr.values()) {
- final SSLHostConfig sslHostConfig = sslHostConfigs.get(data.getHostname());
- sslHostConfig.setConfigType(getSslConfigType());
- createSSLContext(sslHostConfig);
- }
}
@Override
protected SSLHostConfig getSSLHostConfig(final String sniHostName) {
return super.getSSLHostConfig(sniHostName.toLowerCase());
}
- private void unregisterJmx(final SSLHostConfig sslHostConfig) {
- final Registry registry = Registry.getRegistry(null, null);
- registry.unregisterComponent(sslHostConfig.getObjectName());
- for (final SSLHostConfigCertificate sslHostConfigCert : sslHostConfig.getCertificates()) {
- registry.unregisterComponent(sslHostConfigCert.getObjectName());
- }
+ @Override
+ protected SocketProcessorBase<NioChannel> createSocketProcessor(
+ final SocketWrapperBase<NioChannel> socketWrapper, final SocketEvent event) {
+ return new RouterSocketProcessor(socketWrapper, event);
}
- @Override
- public void addSslHostConfig(final SSLHostConfig sslHostConfig, final boolean replace) throws IllegalArgumentException {
- final String key = sslHostConfig.getHostName();
- if (key == null || key.length() == 0) {
- throw new IllegalArgumentException(sm.getString("endpoint.noSslHostName"));
- }
+ /**
+ * This class is the equivalent of the Worker, but will simply use in an
+ * external Executor thread pool.
+ */
+ protected class RouterSocketProcessor extends SocketProcessor {
- SSLHostConfig previous = null;
- if (replace) {
- previous = sslHostConfigs.get(key);
+ public RouterSocketProcessor(final SocketWrapperBase<NioChannel> socketWrapper, final SocketEvent event) {
+ super(socketWrapper, event);
}
- super.addSslHostConfig(sslHostConfig, replace);
- if (previous != null) {
- unregisterJmx(previous);
+
+ /* This override has been added as a temporary hack to resolve an issue in Tomcat.
+ Once the issue has been corrected in Tomcat then this can be removed. The
+ 'SSL.getLastErrorNumber()' removes an unwanted error condition from the error stack
+ in those cases where some error condition has caused the socket to get closed and
+ then the processor was put back on the processor stack for reuse in a future connection.
+ */
+ @Override
+ protected void doRun() {
+ final SocketWrapperBase<NioChannel> localWrapper = socketWrapper;
Review comment:
this line got mixed up w/ tabs and spaces
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services