[tomcat] 01/02: Refactor to (slightly) reduce native calls when using OpenSSL

Mon, 04 Nov 2019 06:28:47 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 65abaf39171a45bc2cebb71dbde4690177051fca
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Nov 4 14:22:27 2019 +0000

    Refactor to (slightly) reduce native calls when using OpenSSL
---
 .../tomcat/util/net/AbstractJsseEndpoint.java      | 28 +++++++++++-----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index 8da93d6..fe94206 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -117,19 +117,6 @@ public abstract class AbstractJsseEndpoint<S,U> extends 
AbstractEndpoint<S,U> {
         }
 
         SSLEngine engine = sslContext.createSSLEngine();
-        switch (sslHostConfig.getCertificateVerification()) {
-        case NONE:
-            engine.setNeedClientAuth(false);
-            engine.setWantClientAuth(false);
-            break;
-        case OPTIONAL:
-        case OPTIONAL_NO_CA:
-            engine.setWantClientAuth(true);
-            break;
-        case REQUIRED:
-            engine.setNeedClientAuth(true);
-            break;
-        }
         engine.setUseClientMode(false);
         engine.setEnabledCipherSuites(sslHostConfig.getEnabledCiphers());
         engine.setEnabledProtocols(sslHostConfig.getEnabledProtocols());
@@ -151,7 +138,20 @@ public abstract class AbstractJsseEndpoint<S,U> extends 
AbstractEndpoint<S,U> {
                 JreCompat.getInstance().setApplicationProtocols(sslParameters, 
commonProtocolsArray);
             }
         }
-        // In case the getter returns a defensive copy
+        switch (sslHostConfig.getCertificateVerification()) {
+        case NONE:
+            sslParameters.setNeedClientAuth(false);
+            sslParameters.setWantClientAuth(false);
+            break;
+        case OPTIONAL:
+        case OPTIONAL_NO_CA:
+            sslParameters.setWantClientAuth(true);
+            break;
+        case REQUIRED:
+            sslParameters.setNeedClientAuth(true);
+            break;
+        }
+        // The getter (at least in OpenJDK and derivatives) returns a 
defensive copy
         engine.setSSLParameters(sslParameters);
 
         return engine;


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to