You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2015/11/23 14:46:38 UTC
svn commit: r1715809 - in /tomcat/trunk:
java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
java/org/apache/tomcat/util/net/SSLHostConfig.java webapps/docs/changelog.xml
Author: remm
Date: Mon Nov 23 13:46:38 2015
New Revision: 1715809
URL: http://svn.apache.org/viewvc?rev=1715809&view=rev
Log:
Allow the OpenSSL implementation to use either the OpenSSL or JSSE type without a warning. If trying to use both, it might work, but IMO a warning is needed.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1715809&r1=1715808&r2=1715809&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Mon Nov 23 13:46:38 2015
@@ -68,7 +68,7 @@ public abstract class AbstractJsseEndpoi
// TODO: Add configuration to allow the OpenSSLImplementation to optionally use the JSSE configuration
// (it should still default to OpenSSL style since it is the most logical and straightforward)
if (OpenSSLImplementation.IMPLEMENTATION_NAME.equals(sslImplementationName)) {
- return SSLHostConfig.Type.OPENSSL;
+ return SSLHostConfig.Type.EITHER;
} else {
return SSLHostConfig.Type.JSSE;
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1715809&r1=1715808&r2=1715809&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Mon Nov 23 13:46:38 2015
@@ -58,6 +58,7 @@ public class SSLHostConfig {
}
private Type configType = null;
+ private Type currentConfigType = null;
private Map<Type,Set<String>> configuredProperties = new HashMap<>();
private String hostName = DEFAULT_SSL_HOST_NAME;
@@ -119,7 +120,13 @@ public class SSLHostConfig {
public void setConfigType(Type configType) {
this.configType = configType;
- configuredProperties.remove(configType);
+ if (configType == Type.EITHER) {
+ if (configuredProperties.remove(Type.JSSE) == null) {
+ configuredProperties.remove(Type.OPENSSL);
+ }
+ } else {
+ configuredProperties.remove(configType);
+ }
for (Map.Entry<Type,Set<String>> entry : configuredProperties.entrySet()) {
for (String property : entry.getValue()) {
log.warn(sm.getString("sslHostConfig.mismatch",
@@ -137,6 +144,13 @@ public class SSLHostConfig {
configuredProperties.put(configType, properties);
}
properties.add(name);
+ } else if (this.configType == Type.EITHER) {
+ if (currentConfigType == null) {
+ currentConfigType = configType;
+ } else if (currentConfigType != configType) {
+ log.warn(sm.getString("sslHostConfig.mismatch",
+ name, getHostName(), configType, currentConfigType));
+ }
} else {
if (configType != this.configType) {
log.warn(sm.getString("sslHostConfig.mismatch",
@@ -635,7 +649,8 @@ public class SSLHostConfig {
public static enum Type {
JSSE,
- OPENSSL
+ OPENSSL,
+ EITHER
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1715809&r1=1715808&r2=1715809&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Nov 23 13:46:38 2015
@@ -93,6 +93,11 @@
<bug>58621</bug>: The certificate chain cannot be set using the main
certificate attribute, so restore the certificate chain property. (remm)
</fix>
+ <fix>
+ Allow a new SSL config type where a connector can use either JSSE or
+ OpenSSL. Both could be allowed, but it would likely create support
+ issues. This type is used by the OpenSSL implementation for NIOx. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Cluster">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org