You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2008/08/14 20:11:29 UTC
svn commit: r685981 -
/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Author: markt
Date: Thu Aug 14 11:11:28 2008
New Revision: 685981
URL: http://svn.apache.org/viewvc?rev=685981&view=rev
Log:
Revert the previous fix. Filip has suggested an alternative approach that should address the various objections. New patch will follow in the next few days.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=685981&r1=685980&r2=685981&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Thu Aug 14 11:11:28 2008
@@ -26,7 +26,6 @@
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
-import java.net.SocketTimeoutException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CRL;
@@ -693,7 +692,7 @@
* Configures the given SSL server socket with the requested cipher suites,
* protocol versions, and need for client authentication
*/
- private void initServerSocket(ServerSocket ssocket) throws IOException {
+ private void initServerSocket(ServerSocket ssocket) {
SSLServerSocket socket = (SSLServerSocket) ssocket;
@@ -705,48 +704,9 @@
setEnabledProtocols(socket, getEnabledProtocols(socket,
requestedProtocols));
- // Check the SSL config is OK
- checkSocket(ssocket);
-
// we don't know if client auth is needed -
// after parsing the request we may re-handshake
configureClientAuth(socket);
}
- /**
- * Checks that the cetificate is compatible with the enabled cipher suites.
- * If we don't check now, the JIoEndpoint can enter a nasty logging loop.
- * See bug 45528.
- */
- private void checkSocket(ServerSocket socket) throws IOException {
- int timeout = socket.getSoTimeout();
-
- socket.setSoTimeout(1);
- Socket s = null;
- try {
- s = socket.accept();
- // No expecting to get here but if we do, at least we know things
- // are working.
- } catch (SSLException ssle) {
- // Cert doesn't match ciphers
- IOException ioe =
- new IOException("Certificate / cipher mismatch");
- ioe.initCause(ssle);
- throw ioe;
- } catch (SocketTimeoutException ste) {
- // Expected - do nothing
- } finally {
- // In case we actually got a connection - close it.
- if (s != null) {
- try {
- s.close();
- } catch (IOException ioe) {
- // Ignore
- }
- }
- // Reset the timeout
- socket.setSoTimeout(timeout);
- }
-
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r685981 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
markt@apache.org wrote:
> Author: markt
> Date: Thu Aug 14 11:11:28 2008
> New Revision: 685981
FYI, I've updated asf-mailer so it no longer directs commit traffic
to the long-dead tomcat-dev@jakarta.a.o. Which means starting at
this commit, you may have to adjust your filters. But reply-to-all
should now behave sanely.
Appologies to anyone who is inconvenienced.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org