You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/08/26 12:54:46 UTC
svn commit: r1620559 -
/tomcat/trunk/java/org/apache/tomcat/jni/socket/AprSocketContext.java
Author: markt
Date: Tue Aug 26 10:54:46 2014
New Revision: 1620559
URL: http://svn.apache.org/r1620559
Log:
Fix indent
Modified:
tomcat/trunk/java/org/apache/tomcat/jni/socket/AprSocketContext.java
Modified: tomcat/trunk/java/org/apache/tomcat/jni/socket/AprSocketContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/socket/AprSocketContext.java?rev=1620559&r1=1620558&r2=1620559&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/jni/socket/AprSocketContext.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/socket/AprSocketContext.java Tue Aug 26 10:54:46 2014
@@ -609,69 +609,68 @@ public class AprSocketContext {
if (sslCtx == 0) {
synchronized (AprSocketContext.class) {
- boolean serverMode = acceptor != null;
- sslCtx = SSLContext.make(getRootPool(),
- sslProtocol,
- serverMode ? SSL.SSL_MODE_SERVER : SSL.SSL_MODE_CLIENT);
+ boolean serverMode = acceptor != null;
+ sslCtx = SSLContext.make(getRootPool(),
+ sslProtocol,
+ serverMode ? SSL.SSL_MODE_SERVER : SSL.SSL_MODE_CLIENT);
- // SSL.SSL_OP_NO_SSLv3
- int opts = SSL.SSL_OP_NO_SSLv2 |
- SSL.SSL_OP_SINGLE_DH_USE;
+ // SSL.SSL_OP_NO_SSLv3
+ int opts = SSL.SSL_OP_NO_SSLv2 |
+ SSL.SSL_OP_SINGLE_DH_USE;
- if (!USE_TICKETS || serverMode && ticketKey == null) {
- opts |= SSL.SSL_OP_NO_TICKET;
- }
+ if (!USE_TICKETS || serverMode && ticketKey == null) {
+ opts |= SSL.SSL_OP_NO_TICKET;
+ }
- SSLContext.setOptions(sslCtx, opts);
- // Set revocation
- // SSLContext.setCARevocation(sslContext, SSLCARevocationFile, SSLCARevocationPath);
+ SSLContext.setOptions(sslCtx, opts);
+ // Set revocation
+ // SSLContext.setCARevocation(sslContext, SSLCARevocationFile, SSLCARevocationPath);
- // Client certificate verification - maybe make it option
- try {
- SSLContext.setCipherSuite(sslCtx, SSLCipherSuite);
+ // Client certificate verification - maybe make it option
+ try {
+ SSLContext.setCipherSuite(sslCtx, SSLCipherSuite);
- if (serverMode) {
- if (ticketKey != null) {
- //SSLExt.setTicketKeys(sslCtx, ticketKey, ticketKey.length);
- }
- if (certFile != null) {
- boolean rc = SSLContext.setCertificate(sslCtx,
- certFile,
- keyFile, null, SSL.SSL_AIDX_DSA);
- if (!rc) {
- throw new IOException("Can't set keys");
+ if (serverMode) {
+ if (ticketKey != null) {
+ //SSLExt.setTicketKeys(sslCtx, ticketKey, ticketKey.length);
}
- }
- SSLContext.setVerify(sslCtx, SSL.SSL_CVERIFY_NONE, 10);
+ if (certFile != null) {
+ boolean rc = SSLContext.setCertificate(sslCtx,
+ certFile,
+ keyFile, null, SSL.SSL_AIDX_DSA);
+ if (!rc) {
+ throw new IOException("Can't set keys");
+ }
+ }
+ SSLContext.setVerify(sslCtx, SSL.SSL_CVERIFY_NONE, 10);
- if (spdyNPN != null) {
- SSLExt.setNPN(sslCtx, spdyNPN, spdyNPN.length);
- }
- } else {
- if (tlsCertVerifier != null) {
- // NONE ?
- SSLContext.setVerify(sslCtx,
- SSL.SSL_CVERIFY_NONE, 10);
+ if (spdyNPN != null) {
+ SSLExt.setNPN(sslCtx, spdyNPN, spdyNPN.length);
+ }
} else {
- SSLContext.setCACertificate(sslCtx,
- "/etc/ssl/certs/ca-certificates.crt",
- "/etc/ssl/certs");
- SSLContext.setVerify(sslCtx,
- SSL.SSL_CVERIFY_REQUIRE, 10);
- }
+ if (tlsCertVerifier != null) {
+ // NONE ?
+ SSLContext.setVerify(sslCtx,
+ SSL.SSL_CVERIFY_NONE, 10);
+ } else {
+ SSLContext.setCACertificate(sslCtx,
+ "/etc/ssl/certs/ca-certificates.crt",
+ "/etc/ssl/certs");
+ SSLContext.setVerify(sslCtx,
+ SSL.SSL_CVERIFY_REQUIRE, 10);
+ }
- if (spdyNPN != null) {
- SSLExt.setNPN(sslCtx, spdyNPN, spdyNPN.length);
+ if (spdyNPN != null) {
+ SSLExt.setNPN(sslCtx, spdyNPN, spdyNPN.length);
+ }
}
+ } catch (IOException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new IOException(e);
}
- } catch (IOException e) {
- throw e;
- } catch (Exception e) {
- throw new IOException(e);
- }
-
// TODO: try release buffers
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org