[Bug 60762] New: Enhancement: Add support for runtime SNI changes in tomcat-embed

Tue, 21 Feb 2017 15:31:16 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=60762

            Bug ID: 60762
           Summary: Enhancement: Add support for runtime SNI changes in
                    tomcat-embed
           Product: Tomcat 8
           Version: 8.5.x-trunk
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Connectors
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ----

This is an enhancement request, I have put it against Tomcat 8 since that is
the latest stable product, if this enhancement is more appropriate for the
Tomcat 9 release please move it or let me know and I can re-submit it.

The request is to add public methods for adding/removing/updating SSLHostConfig
objects within the AbstractEndpoint.sslHostConfigs map.  Ideally this would be
exposed publicly via the Connector class.  I think this is specific to
tomcat-embed since I don't believe that runtime changes such as this are
possible elsewhere.

For our application I have exposed the functionality needed by extending the
NioEndpoint class, this does not consider any of the other nio2/apr/bio
connectors, as we only use nio it works for us.  I have tested and been running
this way for a while now.

I have also extended the AbstractHttp11JsseProtocol and Connector classes so I
can gain access to my implementation of NioEndpoint, this is just for
convenience, I think these methods belong publicly exposed on the Connector
class (similar to how addSslHostConfig/findSslHostConfigs methods are delegated
from Connector all the way to AbstractEndpoint).

The methods I've added to my NioEndpoint implementation:

    // this behaves similar to a Map.put operation, only it is void
    public void addOrUpdateSSLHostConfig(SSLHostConfig config)

    public void removeSSLHostConfig(String sniHostName)


For the nio implementation I had to ensure the ssl contexts were
released/created, not sure about how that would work for the other
implementations.

Thanks!
Jesse

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to