You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2015/11/23 14:46:38 UTC

svn commit: r1715809 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java java/org/apache/tomcat/util/net/SSLHostConfig.java webapps/docs/changelog.xml

Author: remm
Date: Mon Nov 23 13:46:38 2015
New Revision: 1715809

URL: http://svn.apache.org/viewvc?rev=1715809&view=rev
Log:
Allow the OpenSSL implementation to use either the OpenSSL or JSSE type without a warning. If trying to use both, it might work, but IMO a warning is needed.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1715809&r1=1715808&r2=1715809&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Mon Nov 23 13:46:38 2015
@@ -68,7 +68,7 @@ public abstract class AbstractJsseEndpoi
         // TODO: Add configuration to allow the OpenSSLImplementation to optionally use the JSSE configuration
         // (it should still default to OpenSSL style since it is the most logical and straightforward)
         if (OpenSSLImplementation.IMPLEMENTATION_NAME.equals(sslImplementationName)) {
-            return SSLHostConfig.Type.OPENSSL;
+            return SSLHostConfig.Type.EITHER;
         } else {
             return SSLHostConfig.Type.JSSE;
         }

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1715809&r1=1715808&r2=1715809&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Mon Nov 23 13:46:38 2015
@@ -58,6 +58,7 @@ public class SSLHostConfig {
     }
 
     private Type configType = null;
+    private Type currentConfigType = null;
     private Map<Type,Set<String>> configuredProperties = new HashMap<>();
 
     private String hostName = DEFAULT_SSL_HOST_NAME;
@@ -119,7 +120,13 @@ public class SSLHostConfig {
 
     public void setConfigType(Type configType) {
         this.configType = configType;
-        configuredProperties.remove(configType);
+        if (configType == Type.EITHER) {
+            if (configuredProperties.remove(Type.JSSE) == null) {
+                configuredProperties.remove(Type.OPENSSL);
+            }
+        } else {
+            configuredProperties.remove(configType);
+        }
         for (Map.Entry<Type,Set<String>> entry : configuredProperties.entrySet()) {
             for (String property : entry.getValue()) {
                 log.warn(sm.getString("sslHostConfig.mismatch",
@@ -137,6 +144,13 @@ public class SSLHostConfig {
                 configuredProperties.put(configType, properties);
             }
             properties.add(name);
+        } else if (this.configType == Type.EITHER) {
+            if (currentConfigType == null) {
+                currentConfigType = configType;
+            } else if (currentConfigType != configType) {
+                log.warn(sm.getString("sslHostConfig.mismatch",
+                        name, getHostName(), configType, currentConfigType));
+            }
         } else {
             if (configType != this.configType) {
                 log.warn(sm.getString("sslHostConfig.mismatch",
@@ -635,7 +649,8 @@ public class SSLHostConfig {
 
     public static enum Type {
         JSSE,
-        OPENSSL
+        OPENSSL,
+        EITHER
     }
 
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1715809&r1=1715808&r2=1715809&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Nov 23 13:46:38 2015
@@ -93,6 +93,11 @@
         <bug>58621</bug>: The certificate chain cannot be set using the main
         certificate attribute, so restore the certificate chain property. (remm)
       </fix>
+      <fix>
+        Allow a new SSL config type where a connector can use either JSSE or
+        OpenSSL. Both could be allowed, but it would likely create support
+        issues. This type is used by the OpenSSL implementation for NIOx. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Cluster">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org