svn commit: r1756095 - in /tomcat/trunk/java/org/apache/coyote: ActionCode.java http2/StreamProcessor.java

[ma...@apache.org]

Author: markt
Date: Fri Aug 12 07:46:42 2016
New Revision: 1756095

URL: http://svn.apache.org/viewvc?rev=1756095&view=rev
Log:
Better description of purpose of REQ_SSL_CERTIFICATE
Remove code that is now clearly not necessary

Modified:
    tomcat/trunk/java/org/apache/coyote/ActionCode.java
    tomcat/trunk/java/org/apache/coyote/http2/StreamProcessor.java

Modified: tomcat/trunk/java/org/apache/coyote/ActionCode.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ActionCode.java?rev=1756095&r1=1756094&r2=1756095&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/ActionCode.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ActionCode.java Fri Aug 12 07:46:42 2016
@@ -71,13 +71,14 @@ public enum ActionCode {
     REQ_HOST_ADDR_ATTRIBUTE,
 
     /**
-     * Callback for lazy evaluation - extract the SSL-related attributes.
+     * Callback for lazy evaluation - extract the SSL-related attributes
+     * including the client certificate if present.
      */
     REQ_SSL_ATTRIBUTE,
 
     /**
-     * Callback for lazy evaluation - extract the SSL-certificate (including
-     * forcing a re-handshake if necessary)
+     * Force a TLS re-handshake and make the resulting client certificate (if
+     * any) available as a request attribute.
      */
     REQ_SSL_CERTIFICATE,
 

Modified: tomcat/trunk/java/org/apache/coyote/http2/StreamProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/StreamProcessor.java?rev=1756095&r1=1756094&r2=1756095&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/StreamProcessor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/StreamProcessor.java Fri Aug 12 07:46:42 2016
@@ -236,19 +236,7 @@ public class StreamProcessor extends Abs
             break;
         }
         case REQ_SSL_CERTIFICATE: {
-            // No re-negotiation support in HTTP/2. Either the certificate is
-            // available or it isn't.
-            try {
-                if (sslSupport != null) {
-                    Object sslO = sslSupport.getCipherSuite();
-                    sslO = sslSupport.getPeerCertificateChain();
-                    if (sslO != null) {
-                        request.setAttribute(SSLSupport.CERTIFICATE_KEY, sslO);
-                    }
-                }
-            } catch (Exception e) {
-                log.warn(sm.getString("streamProcessor.ssl.error"), e);
-            }
+            // No re-negotiation support in HTTP/2.
             break;
         }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org