Author: remm
Date: Thu Dec 10 16:30:23 2015
New Revision: 1719106
URL: http://svn.apache.org/viewvc?rev=1719106&view=rev
Log:
Using the finalizer for sensitive operations is not a good idea since nothing
in Tomcat retains the SSLContext instances after using them to init.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java?rev=1719106&r1=1719105&r2=1719106&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java Thu Dec 10
16:30:23 2015
@@ -37,6 +37,8 @@ public interface SSLContext {
public void init(KeyManager[] kms, TrustManager[] tms,
SecureRandom sr) throws KeyManagementException;
+ public void destroy();
+
public SSLSessionContext getServerSessionContext();
public SSLEngine createSSLEngine();
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java?rev=1719106&r1=1719105&r2=1719106&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java Thu
Dec 10 16:30:23 2015
@@ -44,6 +44,10 @@ class JSSESSLContext implements SSLConte
}
@Override
+ public void destroy() {
+ }
+
+ @Override
public SSLSessionContext getServerSessionContext() {
return context.getServerSessionContext();
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1719106&r1=1719105&r2=1719106&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Thu Dec 10 16:30:23 2015
@@ -166,15 +166,20 @@ public class OpenSSLContext implements o
throw new SSLException(sm.getString("openssl.errorSSLCtxInit"), e);
} finally {
if (!success) {
- destroyPools();
+ destroy();
}
}
}
- private void destroyPools() {
+ public synchronized void destroy() {
// Guard against multiple destroyPools() calls triggered by
construction exception and finalize() later
- if (aprPool != 0 && DESTROY_UPDATER.compareAndSet(this, 0, 1)) {
- Pool.destroy(aprPool);
+ if (DESTROY_UPDATER.compareAndSet(this, 0, 1)) {
+ if (ctx != 0) {
+ SSLContext.free(ctx);
+ }
+ if (aprPool != 0) {
+ Pool.destroy(aprPool);
+ }
}
}
@@ -437,15 +442,4 @@ public class OpenSSLContext implements o
throw new UnsupportedOperationException();
}
- @Override
- protected final void finalize() throws Throwable {
- super.finalize();
- synchronized (OpenSSLContext.class) {
- if (ctx != 0) {
- SSLContext.free(ctx);
- }
- }
- //FIXME: this causes crashes in the testsuite
- //destroyPools();
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
