Author: markt
Date: Tue Jan 5 21:38:58 2016
New Revision: 1723174
URL: http://svn.apache.org/viewvc?rev=1723174&view=rev
Log:
Mostly revert r1723165 and implement a better fix.
Modified:
tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
Modified: tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java?rev=1723174&r1=1723173&r2=1723174&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/manager/ManagerServlet.java Tue Jan
5 21:38:58 2016
@@ -24,6 +24,7 @@ import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
@@ -61,7 +62,7 @@ import org.apache.tomcat.util.Diagnostic
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.modeler.Registry;
import org.apache.tomcat.util.net.SSLHostConfig;
-import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
+import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.res.StringManager;
@@ -563,19 +564,16 @@ public class ManagerServlet extends Http
writer.print(Diagnostics.getThreadDump(requestedLocales));
}
- protected void sslConnectorCiphers(PrintWriter writer, StringManager
smClient) {
-
writer.println(smClient.getString("managerServlet.sslConnectorCiphers"));
- Map<String,Set<Cipher>> connectorCiphers = getConnectorCiphers();
- for (Map.Entry<String,Set<Cipher>> entry :
connectorCiphers.entrySet()) {
+ protected void sslConnectorCiphers(PrintWriter writer,
+ StringManager smClient) {
+ writer.println(smClient.getString(
+ "managerServlet.sslConnectorCiphers"));
+ Map<String,Set<String>> connectorCiphers = getConnectorCiphers();
+ for (Map.Entry<String,Set<String>> entry :
connectorCiphers.entrySet()) {
writer.println(entry.getKey());
- if (entry.getValue() == null) {
+ for (String cipher : entry.getValue()) {
writer.print(" ");
-
writer.println(smClient.getString("managerServlet.notSslConnector"));
- } else {
- for (Cipher cipher : entry.getValue()) {
- writer.print(" ");
- writer.println(cipher);
- }
+ writer.println(cipher);
}
}
}
@@ -1654,9 +1652,8 @@ public class ManagerServlet extends Http
}
- protected Map<String,Set<Cipher>> getConnectorCiphers() {
- // TODO: Returned available ciphers rather than configured ciphers.
- Map<String,Set<Cipher>> result = new HashMap<>();
+ protected Map<String,Set<String>> getConnectorCiphers() {
+ Map<String,Set<String>> result = new HashMap<>();
Engine e = (Engine) host.getParent();
Service s = e.getService();
@@ -1665,11 +1662,21 @@ public class ManagerServlet extends Http
if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
SSLHostConfig[] sslHostConfigs =
connector.getProtocolHandler().findSslHostConfigs();
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
- result.put(connector.toString() + "-" +
sslHostConfig.getHostName(),
- sslHostConfig.getCipherList());
+ for (SSLHostConfigCertificate cert :
sslHostConfig.getCertificates()) {
+ String name = connector.toString() + "-" +
sslHostConfig.getHostName() +
+ "-" + cert.getType();
+ Set<String> cipherList = new HashSet<>();
+ String[] cipherNames = cert.getEnabledCiphers();
+ for (String cipherName : cipherNames) {
+ cipherList.add(cipherName);
+ }
+ result.put(name, cipherList);
+ }
}
} else {
- result.put(connector.toString(), null);
+ Set<String> cipherList = new HashSet<>();
+ cipherList.add(sm.getString("managerServlet.notSslConnector"));
+ result.put(connector.toString(), cipherList);
}
}
return result;
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java?rev=1723174&r1=1723173&r2=1723174&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
Tue Jan 5 21:38:58 2016
@@ -192,6 +192,11 @@ public class SSLHostConfigCertificate {
}
+ public String[] getEnabledCiphers() {
+ return getSslContextWrapper().getEnabledCiphers();
+ }
+
+
// Nested types
public static enum Type {
Modified: tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp?rev=1723174&r1=1723173&r2=1723174&view=diff
==============================================================================
--- tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp (original)
+++ tomcat/trunk/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp Tue Jan 5
21:38:58 2016
@@ -19,13 +19,12 @@
<%@page import="java.util.Map" %>
<%@page import="java.util.Map.Entry" %>
<%@page import="java.util.Set" %>
-<%@page import="org.apache.tomcat.util.net.openssl.ciphers.Cipher" %>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en">
-<% Map<String,Set<Cipher>> cipherList = (Map<String,Set<Cipher>>)
request.getAttribute("cipherList");
+<% Map<String,Set<String>> cipherList = (Map<String,Set<String>>)
request.getAttribute("cipherList");
%>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/>
@@ -44,27 +43,21 @@
<thead>
<tr>
<th>Connector</th>
- <th>Configured Ciphers</th>
+ <th>Enabled Ciphers</th>
</tr>
</thead>
<tbody>
<%
- for (Map.Entry<String, Set<Cipher>> entry : cipherList.entrySet()) {
+ for (Map.Entry<String, Set<String>> entry : cipherList.entrySet()) {
%>
<tr>
<td><%=entry.getKey()%></td>
<td>
<%
- if (entry.getValue() == null) {
- %>
- <p>Not an SSL connector.</p>
- <%
- } else {
- for (Cipher cipher : entry.getValue()) {
- %>
- <p><%=cipher%></p>
- <%
- }
+ for (String cipher : entry.getValue()) {
+ %>
+ <p><%=cipher%></p>
+ <%
}
%>
</td>
@@ -75,10 +68,6 @@
</tbody>
</table>
-<p>Note: The actual ciphers available for clients to use will be the subset of
-those listed above that are supported by the SSL implementation configured for
-the connector.</p>
-
<form method="get" action="<%=request.getContextPath()%>/html">
<p style="text-align: center;">
<input type="submit" value="Return to main page" />
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
