You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2011/09/23 20:14:17 UTC
svn commit: r1174931 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/tomcat/util/net/jsse/JSSESupport.java
java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
webapps/docs/changelog.xml
Author: markt
Date: Fri Sep 23 18:14:17 2011
New Revision: 1174931
URL: http://svn.apache.org/viewvc?rev=1174931&view=rev
Log: (empty)
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 23 18:14:17 2011
@@ -1 +1 @@
-/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096,1173241,1173256,1173288,1173461
,1173614,1173630,1173659,1173722,1174061,1174239,1174330,1174337-1174338,1174343,1174353
+/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096,1173241,1173256,1173288,1173461
,1173614,1173630,1173659,1173722,1174061,1174239,1174330,1174337-1174338,1174343,1174353,1174882,1174884
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=1174931&r1=1174930&r2=1174931&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java Fri Sep 23 18:14:17 2011
@@ -35,6 +35,7 @@ import javax.security.cert.X509Certifica
import org.apache.tomcat.util.net.SSLSessionManager;
import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.res.StringManager;
/** JSSESupport
@@ -56,6 +57,9 @@ class JSSESupport implements SSLSupport,
private static final org.apache.juli.logging.Log log =
org.apache.juli.logging.LogFactory.getLog(JSSESupport.class);
+ private static final StringManager sm =
+ StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
+
private static final Map<SSLSession,Integer> keySizeCache =
new WeakHashMap<SSLSession, Integer>();
@@ -94,7 +98,7 @@ class JSSESupport implements SSLSupport,
try {
certs = session.getPeerCertificates();
} catch( Throwable t ) {
- log.debug("Error getting client certs",t);
+ log.debug(sm.getString("jsseSupport.clientCertError"), t);
return null;
}
if( certs==null ) return null;
@@ -115,7 +119,8 @@ class JSSESupport implements SSLSupport,
x509Certs[i] = (java.security.cert.X509Certificate)
cf.generateCertificate(stream);
} catch(Exception ex) {
- log.info("Error translating cert " + certs[i], ex);
+ log.info(sm.getString(
+ "jseeSupport.certTranslationError", certs[i]), ex);
return null;
}
}
@@ -153,7 +158,7 @@ class JSSESupport implements SSLSupport,
protected void handShake() throws IOException {
if( ssl.getWantClientAuth() ) {
- log.debug("No client cert sent for want");
+ log.debug(sm.getString("jsseSupport.noCertWant"));
} else {
ssl.setNeedClientAuth(true);
}
@@ -161,7 +166,7 @@ class JSSESupport implements SSLSupport,
if (ssl.getEnabledCipherSuites().length == 0) {
// Handshake is never going to be successful.
// Assume this is because handshakes are disabled
- log.warn("SSL server initiated renegotiation is disabled, closing connection");
+ log.warn(sm.getString("jsseSupport.serverRenegDisabled"));
session.invalidate();
ssl.close();
return;
@@ -170,7 +175,7 @@ class JSSESupport implements SSLSupport,
InputStream in = ssl.getInputStream();
int oldTimeout = ssl.getSoTimeout();
ssl.setSoTimeout(1000);
- byte[] b = new byte[0];
+ byte[] b = new byte[1];
listener.reset();
ssl.startHandshake();
int maxTries = 60; // 60 * 1000 = example 1 minute time out
@@ -178,9 +183,16 @@ class JSSESupport implements SSLSupport,
if (log.isTraceEnabled())
log.trace("Reading for try #" + i);
try {
- in.read(b);
+ int read = in.read(b);
+ if (read > 0) {
+ // Shouldn't happen as all input should have been swallowed
+ // before trying to do the handshake. If it does, something
+ // went wrong so lets bomb out now.
+ throw new SSLException(
+ sm.getString("jsseSupport.unexpectedData"));
+ }
} catch(SSLException sslex) {
- log.info("SSL Error getting client Certs",sslex);
+ log.info(sm.getString("jsseSupport.clientCertError"), sslex);
throw sslex;
} catch (IOException e) {
// ignore - presumably the timeout
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties?rev=1174931&r1=1174930&r2=1174931&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties Fri Sep 23 18:14:17 2011
@@ -17,4 +17,9 @@ jsse.alias_no_key_entry=Alias name {0} d
jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2}
jsse.invalid_ssl_conf=SSL configuration is invalid due to {0}
jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.
-jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager
\ No newline at end of file
+jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager
+jsseSupport.clientCertError=Error trying to obtain a certificate from the client
+jseeSupport.certTranslationError=Error translating certificate [{0}]
+jsseSupport.noCertWant=No client certificate sent for want
+jsseSupport.serverRenegDisabled=SSL server initiated renegotiation is disabled, closing connection
+jsseSupport.unexpectedData=Unexpected data read from input stream
\ No newline at end of file
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1174931&r1=1174930&r2=1174931&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Sep 23 18:14:17 2011
@@ -158,6 +158,10 @@
<bug>51860</bug>: Fix issues if using NIO with a custom
SSLImplementation. Based on a suggestion by Roman Tsirulnikov. (markt)
</fix>
+ <fix>
+ Allow the BIO HTTP connector to be used with SSL when running under Java
+ 7. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1174931 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/tomcat/util/net/jsse/JSSESupport.java java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
webapps/docs/changelog.xml
Posted by Konstantin Kolinko <kn...@gmail.com>.
2011/9/23 <ma...@apache.org>:
> Author: markt
> Date: Fri Sep 23 18:14:17 2011
> New Revision: 1174931
>
> URL: http://svn.apache.org/viewvc?rev=1174931&view=rev
> Log: (empty)
No log message.
It is a merge of revisions 1174882,1174884
> + <fix>
> + Allow the BIO HTTP connector to be used with SSL when running under Java
> + 7. (markt)
> + </fix>
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org