You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2011/04/17 02:02:29 UTC
svn commit: r1094089 - in /tomcat/trunk:
java/org/apache/tomcat/util/net/AprEndpoint.java
java/org/apache/tomcat/util/net/res/LocalStrings.properties
webapps/docs/changelog.xml
Author: markt
Date: Sun Apr 17 00:02:29 2011
New Revision: 1094089
URL: http://svn.apache.org/viewvc?rev=1094089&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50173
Throw an exception and do not start the APR connector if it is configured for SSL and an invalid value is provided for SSLProtocol.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1094089&r1=1094088&r2=1094089&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Sun Apr 17 00:02:29 2011
@@ -478,7 +478,17 @@ public class AprEndpoint extends Abstrac
value = SSL.SSL_PROTOCOL_TLSV1;
} else if ("SSLv2+SSLv3".equalsIgnoreCase(SSLProtocol)) {
value = SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3;
+ } else if ("all".equalsIgnoreCase(SSLProtocol) ||
+ SSLProtocol == null || SSLProtocol.length() == 0) {
+ // NOOP, use the default defined above
+ } else {
+ // Protocol not recognized, fail to start as it is safer than
+ // continuing with the default which might enable more than the
+ // is required
+ throw new Exception(sm.getString(
+ "endpoint.apr.invalidSslProtocol", SSLProtocol));
}
+
// Create SSL Context
sslContext = SSLContext.make(rootPool, value, SSL.SSL_MODE_SERVER);
if (SSLInsecureRenegotiation) {
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties?rev=1094089&r1=1094088&r2=1094089&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties Sun Apr 17 00:02:29 2011
@@ -46,3 +46,4 @@ endpoint.warn.unlockAcceptorFailed=Accep
endpoint.debug.channelCloseFail=Failed to close channel
endpoint.debug.socketCloseFail=Failed to close socket
endpoint.apr.noSslCertFile=Connector attribute SSLCertificateFile must be defined when using SSL with APR
+endpoint.apr.invalidSslProtocol=An invalid value [{0}] was provided for the SSLProtocol attribute
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1094089&r1=1094088&r2=1094089&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Sun Apr 17 00:02:29 2011
@@ -87,6 +87,11 @@
timeout is set to zero or less. Based on a patch provided by Chris.
(markt)
</fix>
+ <fix>
+ <bug>51073</bug>: Throw an exception and do not start the APR connector
+ if it is configured for SSL and an invalid value is provided for
+ SSLProtocol. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org