You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/01/28 11:08:14 UTC
[tomcat] 04/05: Ensure SSLHostConfig lookups for SNI from OpenSSL
are case insensitive
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit bc0376ba9f8224083407e3895aec4879a76fa7fb
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 28 10:16:00 2021 +0000
Ensure SSLHostConfig lookups for SNI from OpenSSL are case insensitive
This is the fourth part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
---
java/org/apache/tomcat/jni/SSLContext.java | 8 ++++++--
java/org/apache/tomcat/util/net/AbstractEndpoint.java | 13 ++++++++++++-
2 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/tomcat/jni/SSLContext.java b/java/org/apache/tomcat/jni/SSLContext.java
index e0759b3..8c2f9b9 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -17,6 +17,7 @@
package org.apache.tomcat.jni;
+import java.util.Locale;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@@ -416,7 +417,9 @@ public final class SSLContext {
if (sniCallBack == null) {
return 0;
}
- return sniCallBack.getSslContext(sniHostName);
+ // Can't be sure OpenSSL is going to provide the SNI value in lower case
+ // so convert it before looking up the SSLContext
+ return sniCallBack.getSslContext(sniHostName.toLowerCase(Locale.ENGLISH));
}
/**
@@ -470,7 +473,8 @@ public final class SSLContext {
* This callback is made during the TLS handshake when the client uses
* the SNI extension to request a specific TLS host.
*
- * @param sniHostName The host name requested by the client
+ * @param sniHostName The host name requested by the client - must be in
+ * lower case
*
* @return The Java representation of the pointer to the OpenSSL
* SSLContext to use for the given host or zero if no SSLContext
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 868c8b6..5707645 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -375,7 +375,18 @@ public abstract class AbstractEndpoint<S,U> {
}
-
+ /**
+ * Look up the SSLHostConfig for the given host name. Lookup order is:
+ * <ol>
+ * <li>exact match</li>
+ * <li>wild card match</li>
+ * <li>default SSLHostConfig</li>
+ * </ol>
+ *
+ * @param sniHostName Host name - must be in lower case
+ *
+ * @return The SSLHostConfig for the given host name.
+ */
protected SSLHostConfig getSSLHostConfig(String sniHostName) {
SSLHostConfig result = null;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org