This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 973b0a304532a1d5a63b36ff88842e933cc91b82
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jan 15 15:36:40 2020 +0000
Remove support for deprecated TLS configuration style
---
.../storeconfig/ConnectorStoreAppender.java | 9 +-
.../catalina/storeconfig/server-registry.xml | 53 ---
.../coyote/http11/AbstractHttp11Protocol.java | 377 ---------------------
.../apache/tomcat/util/net/AbstractEndpoint.java | 2 +-
.../tomcat/util/net/AbstractJsseEndpoint.java | 2 +-
java/org/apache/tomcat/util/net/SSLHostConfig.java | 126 -------
.../coyote/http11/TestAbstractHttp11Protocol.java | 28 --
webapps/docs/config/http.xml | 346 -------------------
webapps/docs/ssl-howto.xml | 63 ++--
9 files changed, 41 insertions(+), 965 deletions(-)
diff --git a/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
b/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
index cfb5d32..c48416a 100644
--- a/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
+++ b/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
@@ -38,8 +38,7 @@ import org.apache.tomcat.util.net.SocketProperties;
* Store the Connector attributes. Connector has really special design. A
* Connector is only a startup Wrapper for a ProtocolHandler. This meant that
* ProtocolHandler get all there attributes from the Connector attribute map.
- * Strange is that some attributes change there name and the attribute
- * sslProtocol need a special handling
+ * Strange is that some attributes change their name.
*/
public class ConnectorStoreAppender extends StoreAppender {
@@ -47,13 +46,7 @@ public class ConnectorStoreAppender extends StoreAppender {
protected static final Set<String> internalExecutorAttributes = new
HashSet<>();
static {
replacements.put("timeout", "connectionUploadTimeout");
- replacements.put("clientauth", "clientAuth");
- replacements.put("keystore", "keystoreFile");
replacements.put("randomfile", "randomFile");
- replacements.put("keypass", "keystorePass");
- replacements.put("keytype", "keystoreType");
- replacements.put("protocol", "sslProtocol");
- replacements.put("protocols", "sslProtocols");
internalExecutorAttributes.add("maxThreads");
internalExecutorAttributes.add("minSpareThreads");
diff --git a/java/org/apache/catalina/storeconfig/server-registry.xml
b/java/org/apache/catalina/storeconfig/server-registry.xml
index 124ad9d..2b8279a 100644
--- a/java/org/apache/catalina/storeconfig/server-registry.xml
+++ b/java/org/apache/catalina/storeconfig/server-registry.xml
@@ -102,49 +102,6 @@
<TransientAttribute>URIEncoding</TransientAttribute>
<TransientAttribute>maxProcessor</TransientAttribute>
<TransientAttribute>minProcessor</TransientAttribute>
- <!-- All attribute duplicated from the SSLHostConfig, removed in
Tomcat 10 -->
- <TransientAttribute>SSLProtocol</TransientAttribute>
- <TransientAttribute>sslEnabledProtocols</TransientAttribute>
- <TransientAttribute>SSLCipherSuite</TransientAttribute>
- <TransientAttribute>ciphers</TransientAttribute>
- <TransientAttribute>SSLCertificateChainFile</TransientAttribute>
- <TransientAttribute>SSLCertificateFile</TransientAttribute>
- <TransientAttribute>keyAlias</TransientAttribute>
- <TransientAttribute>SSLCertificateKeyFile</TransientAttribute>
- <TransientAttribute>keyPass</TransientAttribute>
- <TransientAttribute>SSLPassword</TransientAttribute>
- <TransientAttribute>keystoreFile</TransientAttribute>
- <TransientAttribute>keystorePass</TransientAttribute>
- <TransientAttribute>keystoreProvider</TransientAttribute>
- <TransientAttribute>keystoreType</TransientAttribute>
- <TransientAttribute>SSLCACertificateFile</TransientAttribute>
- <TransientAttribute>SSLCACertificatePath</TransientAttribute>
- <TransientAttribute>crlFile</TransientAttribute>
- <TransientAttribute>SSLCARevocationFile</TransientAttribute>
- <TransientAttribute>SSLCARevocationPath</TransientAttribute>
- <TransientAttribute>SSLDisableCompression</TransientAttribute>
- <TransientAttribute>SSLDisableSessionTickets</TransientAttribute>
- <TransientAttribute>SSLDisableCompression</TransientAttribute>
- <TransientAttribute>SSLHonorCipherOrder</TransientAttribute>
- <TransientAttribute>useServerCipherSuitesOrder</TransientAttribute>
- <TransientAttribute>algorithm</TransientAttribute>
- <TransientAttribute>sslContext</TransientAttribute>
- <TransientAttribute>sessionCacheSize</TransientAttribute>
- <TransientAttribute>sessionTimeout</TransientAttribute>
- <TransientAttribute>sslProtocol</TransientAttribute>
- <TransientAttribute>trustManagerClassName</TransientAttribute>
- <TransientAttribute>truststoreAlgorithm</TransientAttribute>
- <TransientAttribute>truststoreFile</TransientAttribute>
- <TransientAttribute>truststorePass</TransientAttribute>
- <TransientAttribute>truststoreProvider</TransientAttribute>
- <TransientAttribute>truststoreType</TransientAttribute>
- <!-- All attribute duplicated from the AbstractHttp11Protocol, removed
in Tomcat 10 -->
- <TransientAttribute>clientAuth</TransientAttribute>
- <TransientAttribute>SSLVerifyClient</TransientAttribute>
- <TransientAttribute>trustMaxCertLength</TransientAttribute>
- <TransientAttribute>SSLVerifyDepth</TransientAttribute>
- <TransientAttribute>useServerCipherSuitesOrder</TransientAttribute>
- <TransientAttribute>SSLHonorCipherOrder</TransientAttribute>
</Description>
<Description
tag="UpgradeProtocol"
@@ -163,16 +120,6 @@
storeFactoryClass="org.apache.catalina.storeconfig.SSLHostConfigSF">
<TransientAttribute>openSslContext</TransientAttribute>
<TransientAttribute>openSslConfContext</TransientAttribute>
- <!-- All attribute duplicated from the Certificate, may be removed in
Tomcat 10 -->
- <TransientAttribute>certificateChainFile</TransientAttribute>
- <TransientAttribute>certificateFile</TransientAttribute>
- <TransientAttribute>certificateKeyAlias</TransientAttribute>
- <TransientAttribute>certificateKeyFile</TransientAttribute>
- <TransientAttribute>certificateKeyPassword</TransientAttribute>
- <TransientAttribute>certificateKeystoreFile</TransientAttribute>
- <TransientAttribute>certificateKeystorePassword</TransientAttribute>
- <TransientAttribute>certificateKeystoreProvider</TransientAttribute>
- <TransientAttribute>certificateKeystoreType</TransientAttribute>
</Description>
<Description
tag="Certificate"
diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
index c40e1b3..58b05a3 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -542,9 +542,6 @@ public abstract class AbstractHttp11Protocol<S> extends
AbstractProtocol<S> {
}
public void setDefaultSSLHostConfigName(String defaultSSLHostConfigName) {
getEndpoint().setDefaultSSLHostConfigName(defaultSSLHostConfigName);
- if (defaultSSLHostConfig != null) {
- defaultSSLHostConfig.setHostName(defaultSSLHostConfigName);
- }
}
@@ -570,380 +567,6 @@ public abstract class AbstractHttp11Protocol<S> extends
AbstractProtocol<S> {
}
- // ----------------------------------------------- HTTPS specific
properties
- // -------------------------------------------- Handled via an
SSLHostConfig
-
- private SSLHostConfig defaultSSLHostConfig = null;
- private void registerDefaultSSLHostConfig() {
- if (defaultSSLHostConfig == null) {
- for (SSLHostConfig sslHostConfig : findSslHostConfigs()) {
- if
(getDefaultSSLHostConfigName().equals(sslHostConfig.getHostName())) {
- defaultSSLHostConfig = sslHostConfig;
- break;
- }
- }
- if (defaultSSLHostConfig == null) {
- defaultSSLHostConfig = new SSLHostConfig();
-
defaultSSLHostConfig.setHostName(getDefaultSSLHostConfigName());
- getEndpoint().addSslHostConfig(defaultSSLHostConfig);
- }
- }
- }
-
-
- // TODO: All of these SSL getters and setters can be removed once it is no
- // longer necessary to support the old configuration attributes (Tomcat
10?)
-
- public String getSslEnabledProtocols() {
- registerDefaultSSLHostConfig();
- return StringUtils.join(defaultSSLHostConfig.getEnabledProtocols());
- }
- public void setSslEnabledProtocols(String enabledProtocols) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setProtocols(enabledProtocols);
- }
- public String getSSLProtocol() {
- registerDefaultSSLHostConfig();
- return StringUtils.join(defaultSSLHostConfig.getEnabledProtocols());
- }
- public void setSSLProtocol(String sslProtocol) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setProtocols(sslProtocol);
- }
-
-
- public String getKeystoreFile() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateKeystoreFile();
- }
- public void setKeystoreFile(String keystoreFile) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCertificateKeystoreFile(keystoreFile);
- }
- public String getSSLCertificateChainFile() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateChainFile();
- }
- public void setSSLCertificateChainFile(String certificateChainFile) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCertificateChainFile(certificateChainFile);
- }
- public String getSSLCertificateFile() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateFile();
- }
- public void setSSLCertificateFile(String certificateFile) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCertificateFile(certificateFile);
- }
- public String getSSLCertificateKeyFile() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateKeyFile();
- }
- public void setSSLCertificateKeyFile(String certificateKeyFile) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCertificateKeyFile(certificateKeyFile);
- }
-
-
- public String getAlgorithm() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getKeyManagerAlgorithm();
- }
- public void setAlgorithm(String keyManagerAlgorithm) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setKeyManagerAlgorithm(keyManagerAlgorithm);
- }
-
-
- public String getClientAuth() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateVerificationAsString();
- }
- public void setClientAuth(String certificateVerification) {
- registerDefaultSSLHostConfig();
-
defaultSSLHostConfig.setCertificateVerification(certificateVerification);
- }
-
-
- public String getSSLVerifyClient() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateVerificationAsString();
- }
- public void setSSLVerifyClient(String certificateVerification) {
- registerDefaultSSLHostConfig();
-
defaultSSLHostConfig.setCertificateVerification(certificateVerification);
- }
-
-
- public int getTrustMaxCertLength(){
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateVerificationDepth();
- }
- public void setTrustMaxCertLength(int certificateVerificationDepth){
- registerDefaultSSLHostConfig();
-
defaultSSLHostConfig.setCertificateVerificationDepth(certificateVerificationDepth);
- }
- public int getSSLVerifyDepth() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateVerificationDepth();
- }
- public void setSSLVerifyDepth(int certificateVerificationDepth) {
- registerDefaultSSLHostConfig();
-
defaultSSLHostConfig.setCertificateVerificationDepth(certificateVerificationDepth);
- }
-
-
- public boolean getUseServerCipherSuitesOrder() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getHonorCipherOrder();
- }
- public void setUseServerCipherSuitesOrder(boolean honorCipherOrder) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setHonorCipherOrder(honorCipherOrder);
- }
- public boolean getSSLHonorCipherOrder() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getHonorCipherOrder();
- }
- public void setSSLHonorCipherOrder(boolean honorCipherOrder) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setHonorCipherOrder(honorCipherOrder);
- }
-
-
- public String getCiphers() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCiphers();
- }
- public void setCiphers(String ciphers) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCiphers(ciphers);
- }
- public String getSSLCipherSuite() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCiphers();
- }
- public void setSSLCipherSuite(String ciphers) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCiphers(ciphers);
- }
-
-
- public String getKeystorePass() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateKeystorePassword();
- }
- public void setKeystorePass(String certificateKeystorePassword) {
- registerDefaultSSLHostConfig();
-
defaultSSLHostConfig.setCertificateKeystorePassword(certificateKeystorePassword);
- }
-
-
- public String getKeyPass() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateKeyPassword();
- }
- public void setKeyPass(String certificateKeyPassword) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCertificateKeyPassword(certificateKeyPassword);
- }
- public String getSSLPassword() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateKeyPassword();
- }
- public void setSSLPassword(String certificateKeyPassword) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCertificateKeyPassword(certificateKeyPassword);
- }
-
-
- public String getCrlFile(){
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateRevocationListFile();
- }
- public void setCrlFile(String certificateRevocationListFile){
- registerDefaultSSLHostConfig();
-
defaultSSLHostConfig.setCertificateRevocationListFile(certificateRevocationListFile);
- }
- public String getSSLCARevocationFile() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateRevocationListFile();
- }
- public void setSSLCARevocationFile(String certificateRevocationListFile) {
- registerDefaultSSLHostConfig();
-
defaultSSLHostConfig.setCertificateRevocationListFile(certificateRevocationListFile);
- }
- public String getSSLCARevocationPath() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateRevocationListPath();
- }
- public void setSSLCARevocationPath(String certificateRevocationListPath) {
- registerDefaultSSLHostConfig();
-
defaultSSLHostConfig.setCertificateRevocationListPath(certificateRevocationListPath);
- }
-
-
- public String getKeystoreType() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateKeystoreType();
- }
- public void setKeystoreType(String certificateKeystoreType) {
- registerDefaultSSLHostConfig();
-
defaultSSLHostConfig.setCertificateKeystoreType(certificateKeystoreType);
- }
-
-
- public String getKeystoreProvider() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateKeystoreProvider();
- }
- public void setKeystoreProvider(String certificateKeystoreProvider) {
- registerDefaultSSLHostConfig();
-
defaultSSLHostConfig.setCertificateKeystoreProvider(certificateKeystoreProvider);
- }
-
-
- public String getKeyAlias() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCertificateKeyAlias();
- }
- public void setKeyAlias(String certificateKeyAlias) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCertificateKeyAlias(certificateKeyAlias);
- }
-
-
- public String getTruststoreAlgorithm(){
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getTruststoreAlgorithm();
- }
- public void setTruststoreAlgorithm(String truststoreAlgorithm){
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setTruststoreAlgorithm(truststoreAlgorithm);
- }
-
-
- public String getTruststoreFile(){
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getTruststoreFile();
- }
- public void setTruststoreFile(String truststoreFile){
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setTruststoreFile(truststoreFile);
- }
-
-
- public String getTruststorePass(){
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getTruststorePassword();
- }
- public void setTruststorePass(String truststorePassword){
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setTruststorePassword(truststorePassword);
- }
-
-
- public String getTruststoreType(){
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getTruststoreType();
- }
- public void setTruststoreType(String truststoreType){
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setTruststoreType(truststoreType);
- }
-
-
- public String getTruststoreProvider(){
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getTruststoreProvider();
- }
- public void setTruststoreProvider(String truststoreProvider){
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setTruststoreProvider(truststoreProvider);
- }
-
-
- public String getSslProtocol() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getSslProtocol();
- }
- public void setSslProtocol(String sslProtocol) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setSslProtocol(sslProtocol);
- }
-
-
- public int getSessionCacheSize(){
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getSessionCacheSize();
- }
- public void setSessionCacheSize(int sessionCacheSize){
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setSessionCacheSize(sessionCacheSize);
- }
-
-
- public int getSessionTimeout(){
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getSessionTimeout();
- }
- public void setSessionTimeout(int sessionTimeout){
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setSessionTimeout(sessionTimeout);
- }
-
-
- public String getSSLCACertificatePath() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCaCertificatePath();
- }
- public void setSSLCACertificatePath(String caCertificatePath) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCaCertificatePath(caCertificatePath);
- }
-
-
- public String getSSLCACertificateFile() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getCaCertificateFile();
- }
- public void setSSLCACertificateFile(String caCertificateFile) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setCaCertificateFile(caCertificateFile);
- }
-
-
- public boolean getSSLDisableCompression() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getDisableCompression();
- }
- public void setSSLDisableCompression(boolean disableCompression) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setDisableCompression(disableCompression);
- }
-
-
- public boolean getSSLDisableSessionTickets() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getDisableSessionTickets();
- }
- public void setSSLDisableSessionTickets(boolean disableSessionTickets) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setDisableSessionTickets(disableSessionTickets);
- }
-
-
- public String getTrustManagerClassName() {
- registerDefaultSSLHostConfig();
- return defaultSSLHostConfig.getTrustManagerClassName();
- }
- public void setTrustManagerClassName(String trustManagerClassName) {
- registerDefaultSSLHostConfig();
- defaultSSLHostConfig.setTrustManagerClassName(trustManagerClassName);
- }
-
-
// ------------------------------------------------------------- Common
code
@Override
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 2a60011..8740af1 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -340,7 +340,7 @@ public abstract class AbstractEndpoint<S,U> {
* released
*/
protected void releaseSSLContext(SSLHostConfig sslHostConfig) {
- for (SSLHostConfigCertificate certificate :
sslHostConfig.getCertificates(true)) {
+ for (SSLHostConfigCertificate certificate :
sslHostConfig.getCertificates()) {
if (certificate.getSslContext() != null) {
SSLContext sslContext = certificate.getSslContext();
if (sslContext != null) {
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index fe94206..91702c6 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -214,7 +214,7 @@ public abstract class AbstractJsseEndpoint<S,U> extends
AbstractEndpoint<S,U> {
@Override
public void unbind() throws Exception {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
- for (SSLHostConfigCertificate certificate :
sslHostConfig.getCertificates(true)) {
+ for (SSLHostConfigCertificate certificate :
sslHostConfig.getCertificates()) {
certificate.setSslContext(null);
}
}
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 0d817bf..4a8549d 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -267,22 +267,6 @@ public class SSLHostConfig implements Serializable {
// ----------------------------------------- Common configuration
properties
- // TODO: This certificate setter can be removed once it is no longer
- // necessary to support the old configuration attributes (Tomcat 10?).
-
- public String getCertificateKeyPassword() {
- if (defaultCertificate == null) {
- return null;
- } else {
- return defaultCertificate.getCertificateKeyPassword();
- }
- }
- public void setCertificateKeyPassword(String certificateKeyPassword) {
- registerDefaultCertificate();
- defaultCertificate.setCertificateKeyPassword(certificateKeyPassword);
- }
-
-
public void setCertificateRevocationListFile(String
certificateRevocationListFile) {
this.certificateRevocationListFile = certificateRevocationListFile;
}
@@ -512,74 +496,6 @@ public class SSLHostConfig implements Serializable {
// ---------------------------------- JSSE specific configuration
properties
- // TODO: These certificate setters can be removed once it is no longer
- // necessary to support the old configuration attributes (Tomcat 10?).
-
- public String getCertificateKeyAlias() {
- if (defaultCertificate == null) {
- return null;
- } else {
- return defaultCertificate.getCertificateKeyAlias();
- }
- }
- public void setCertificateKeyAlias(String certificateKeyAlias) {
- registerDefaultCertificate();
- defaultCertificate.setCertificateKeyAlias(certificateKeyAlias);
- }
-
-
- public String getCertificateKeystoreFile() {
- if (defaultCertificate == null) {
- return null;
- } else {
- return defaultCertificate.getCertificateKeystoreFile();
- }
- }
- public void setCertificateKeystoreFile(String certificateKeystoreFile) {
- registerDefaultCertificate();
- defaultCertificate.setCertificateKeystoreFile(certificateKeystoreFile);
- }
-
-
- public String getCertificateKeystorePassword() {
- if (defaultCertificate == null) {
- return null;
- } else {
- return defaultCertificate.getCertificateKeystorePassword();
- }
- }
- public void setCertificateKeystorePassword(String
certificateKeystorePassword) {
- registerDefaultCertificate();
-
defaultCertificate.setCertificateKeystorePassword(certificateKeystorePassword);
- }
-
-
- public String getCertificateKeystoreProvider() {
- if (defaultCertificate == null) {
- return null;
- } else {
- return defaultCertificate.getCertificateKeystoreProvider();
- }
- }
- public void setCertificateKeystoreProvider(String
certificateKeystoreProvider) {
- registerDefaultCertificate();
-
defaultCertificate.setCertificateKeystoreProvider(certificateKeystoreProvider);
- }
-
-
- public String getCertificateKeystoreType() {
- if (defaultCertificate == null) {
- return null;
- } else {
- return defaultCertificate.getCertificateKeystoreType();
- }
- }
- public void setCertificateKeystoreType(String certificateKeystoreType) {
- registerDefaultCertificate();
- defaultCertificate.setCertificateKeystoreType(certificateKeystoreType);
- }
-
-
public void setKeyManagerAlgorithm(String keyManagerAlgorithm) {
setProperty("keyManagerAlgorithm", Type.JSSE);
this.keyManagerAlgorithm = keyManagerAlgorithm;
@@ -734,48 +650,6 @@ public class SSLHostConfig implements Serializable {
// ------------------------------- OpenSSL specific configuration
properties
- // TODO: These certificate setters can be removed once it is no longer
- // necessary to support the old configuration attributes (Tomcat 10?).
-
- public String getCertificateChainFile() {
- if (defaultCertificate == null) {
- return null;
- } else {
- return defaultCertificate.getCertificateChainFile();
- }
- }
- public void setCertificateChainFile(String certificateChainFile) {
- registerDefaultCertificate();
- defaultCertificate.setCertificateChainFile(certificateChainFile);
- }
-
-
- public String getCertificateFile() {
- if (defaultCertificate == null) {
- return null;
- } else {
- return defaultCertificate.getCertificateFile();
- }
- }
- public void setCertificateFile(String certificateFile) {
- registerDefaultCertificate();
- defaultCertificate.setCertificateFile(certificateFile);
- }
-
-
- public String getCertificateKeyFile() {
- if (defaultCertificate == null) {
- return null;
- } else {
- return defaultCertificate.getCertificateKeyFile();
- }
- }
- public void setCertificateKeyFile(String certificateKeyFile) {
- registerDefaultCertificate();
- defaultCertificate.setCertificateKeyFile(certificateKeyFile);
- }
-
-
public void setCertificateRevocationListPath(String
certificateRevocationListPath) {
setProperty("certificateRevocationListPath", Type.OPENSSL);
this.certificateRevocationListPath = certificateRevocationListPath;
diff --git a/test/org/apache/coyote/http11/TestAbstractHttp11Protocol.java
b/test/org/apache/coyote/http11/TestAbstractHttp11Protocol.java
deleted file mode 100644
index 80023d9..0000000
--- a/test/org/apache/coyote/http11/TestAbstractHttp11Protocol.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.coyote.http11;
-
-import org.junit.Test;
-
-public class TestAbstractHttp11Protocol {
-
- @Test
- public void testGetSslProtocol() {
- Http11Nio2Protocol protocol = new Http11Nio2Protocol();
- protocol.getSSLProtocol();
- }
-}
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index eb7e1b4..f3c868d 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1537,352 +1537,6 @@
</subsection>
- <subsection name="SSL Support - Connector - NIO and NIO2 (deprecated)">
-
- <p>The following NIO and NIO2 SSL configuration attributes have been
- deprecated in favor of the default
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created..
- </p>
-
- <attributes>
-
- <attribute name="algorithm" required="false">
- <p>This is an alias for the <code>keyManagerAlgorithm</code> attribute of
- the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="ciphers" required="false">
- <p>This is an alias for the <code>ciphers</code> attribute of the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with the
- <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="clientAuth" required="false">
- <p>This is an alias for the <code>certificateVerification</code>
attribute
- of the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element
- with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="crlFile" required="false">
- <p>This is an alias for the <code>certificateRevocationListFile</code>
- attribute of the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="keyAlias" required="false">
- <p>This is an alias for the <code>certificateKeyAlias</code> attribute of
- the first <a href="#SSL_Support_-_Certificate">Certificate</a> element
- nested in the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_Certificate">Certificate</a> and/or
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, they will be created.</p>
- </attribute>
-
- <attribute name="keyPass" required="false">
- <p>This is an alias for the <code>certificateKeyPassword</code> attribute
- of the first <a href="#SSL_Support_-_Certificate">Certificate</a> element
- nested in the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_Certificate">Certificate</a> and/or
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, they will be created.</p>
- </attribute>
-
- <attribute name="keystoreFile" required="false">
- <p>This is an alias for the <code>certificateKeystoreFile</code>
attribute
- of the first <a href="#SSL_Support_-_Certificate">Certificate</a> element
- nested in the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_Certificate">Certificate</a> and/or
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, they will be created.</p>
- </attribute>
-
- <attribute name="keystorePass" required="false">
- <p>This is an alias for the <code>certificateKeystorePassword</code>
- attribute of the first
- <a href="#SSL_Support_-_Certificate">Certificate</a> element nested in
the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_Certificate">Certificate</a> and/or
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, they will be created.</p>
- </attribute>
-
- <attribute name="keystoreProvider" required="false">
- <p>This is an alias for the <code>certificateKeystoreProvider</code>
- attribute of the first
- <a href="#SSL_Support_-_Certificate">Certificate</a> element nested in
the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_Certificate">Certificate</a> and/or
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, they will be created.</p>
- </attribute>
-
- <attribute name="keystoreType" required="false">
- <p>This is an alias for the <code>certificateKeystoreType</code>
attribute
- of the first <a href="#SSL_Support_-_Certificate">Certificate</a> element
- nested in the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_Certificate">Certificate</a> and/or
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, they will be created.</p>
- </attribute>
-
- <attribute name="sessionCacheSize" required="false">
- <p>This is an alias for the <code>sessionCacheSize</code> attribute of
the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="sessionTimeout" required="false">
- <p>This is an alias for the <code>sessionTimeout</code> attribute of the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="sslEnabledProtocols" required="false">
- <p>This is an alias for the <code>protocols</code> attribute of the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="sslProtocol" required="false">
- <p>This is an alias for the <code>sslProtocol</code> attribute of the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="trustManagerClassName" required="false">
- <p>This is an alias for the <code>trustManagerClassName</code> attribute
- of the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element
- with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="trustMaxCertLength" required="false">
- <p>This is an alias for the <code>certificateVerificationDepth</code>
- attribute of the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="truststoreAlgorithm" required="false">
- <p>This is an alias for the <code>truststoreAlgorithm</code> attribute of
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="truststoreFile" required="false">
- <p>This is an alias for the <code>truststoreFile</code> attribute of
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="truststorePass" required="false">
- <p>This is an alias for the <code>truststorePassword</code> attribute of
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="truststoreProvider" required="false">
- <p>This is an alias for the <code>truststoreProvider</code> attribute of
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="truststoreType" required="false">
- <p>This is an alias for the <code>truststoreType</code> attribute of
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="useServerCipherSuitesOrder" required="false">
- <p>This is an alias for the <code>honorCipherOrder</code> attribute of
the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- </attributes>
-
- </subsection>
-
- <subsection name="SSL Support - Connector - APR/Native (deprecated)">
-
- <p>When APR/native is enabled, the HTTPS connector will use a socket poller
- for keep-alive, increasing scalability of the server. It also uses OpenSSL,
- which may be more optimized than JSSE depending on the processor being used,
- and can be complemented with many commercial accelerator components. Unlike
- the HTTP connector, the HTTPS connector cannot use sendfile to optimize
static
- file processing.</p>
-
- <p>The HTTPS APR/native connector has the same attributes than the HTTP
- APR/native connector, but adds OpenSSL specific ones. For the full details on
- using OpenSSL, please refer to OpenSSL documentations and the many books
- available for it (see the <a href="http://www.openssl.org";>Official OpenSSL
- website</a>). The SSL specific attributes for the APR/native connector are:
- </p>
-
- <attributes>
-
- <attribute name="SSLCACertificateFile" required="false">
- <p>This is an alias for the <code>caCertificateFile</code> attribute of
- the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="SSLCACertificatePath" required="false">
- <p>This is an alias for the <code>caCertificatePath</code> attribute of
- the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="SSLCARevocationFile" required="false">
- <p>This is an alias for the <code>certificateRevocationListFile</code>
- attribute of the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="SSLCARevocationPath" required="false">
- <p>This is an alias for the <code>certificateRevocationListPath</code>
- attribute of the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="SSLCertificateFile" required="true">
- <p>This is an alias for the <code>certificateFile</code> attribute of the
- first <a href="#SSL_Support_-_Certificate">Certificate</a> element nested
- in the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element
- with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_Certificate">Certificate</a> and/or
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, they will be created.</p>
- </attribute>
-
- <attribute name="SSLCertificateKeyFile" required="false">
- <p>This is an alias for the <code>certificateKeyFile</code> attribute of
- the first <a href="#SSL_Support_-_Certificate">Certificate</a> element
- nested in the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_Certificate">Certificate</a> and/or
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, they will be created.</p>
- </attribute>
-
- <attribute name="SSLCipherSuite" required="false">
- <p>This is an alias for the <code>ciphers</code> attribute of the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with the
- <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="SSLDisableCompression" required="false">
- <p>This is an alias for the <code>disableCompression</code> attribute of
- the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with
- the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="SSLHonorCipherOrder" required="false">
- <p>This is an alias for the <code>honorCipherOrder</code> attribute of
the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with the
- <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="SSLPassword" required="false">
- <p>This is an alias for the <code>certificateKeyPassword</code> attribute
- of the first <a href="#SSL_Support_-_Certificate">Certificate</a> element
- nested in the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_Certificate">Certificate</a> and/or
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, they will be created.</p>
- </attribute>
-
- <attribute name="SSLProtocol" required="false">
- <p>This is an alias for the <code>protocols</code> attribute of the
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element with the
- <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="SSLVerifyClient" required="false">
- <p>This is an alias for the <code>certificateVerification</code>
attribute
- of the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element
- with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="SSLVerifyDepth" required="false">
- <p>This is an alias for the <code>certificateVerificationDepth</code>
- attribute of the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
- element with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- <attribute name="SSLDisableSessionTickets" required="false">
- <p>This is an alias for the <code>disableSessionTickets</code> attribute
- of the <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element
- with the <code>hostName</code> of <code>_default_</code>. If this
- <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> element is not
- explicitly defined, it will be created.</p>
- </attribute>
-
- </attributes>
-
- </subsection>
-
<subsection name="Connector Comparison">
<p>Below is a small chart that shows how the connectors differ.</p>
diff --git a/webapps/docs/ssl-howto.xml b/webapps/docs/ssl-howto.xml
index a7a3a88..4262c4c 100644
--- a/webapps/docs/ssl-howto.xml
+++ b/webapps/docs/ssl-howto.xml
@@ -330,40 +330,52 @@ sources like "/dev/urandom" that will allow quicker
starts of Tomcat.
<code>$CATALINA_BASE</code> represents the base directory for the
Tomcat instance. An example <code><Connector></code> element
for an SSL connector is included in the default <code>server.xml</code>
-file installed with Tomcat. To configure an SSL connector that uses JSSE, you
-will need to remove the comments and edit it so it looks something like
-this:</p>
+file installed with Tomcat. To configure an SSL connector that uses JSSE with
+the JSSE configuration style, you will need to remove the comments and edit it
+so it looks something like this:</p>
<source><![CDATA[<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
- protocol="org.apache.coyote.http11.Http11NioProtocol"
- port="8443" maxThreads="200"
- scheme="https" secure="true" SSLEnabled="true"
- keystoreFile="${user.home}/.keystore" keystorePass="changeit"
- clientAuth="false" sslProtocol="TLS"/>]]></source>
+ protocol="org.apache.coyote.http11.Http11NioProtocol"
+ port="8443"
+ maxThreads="150"
+ SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate
+ certificateKeystoreFile="${user.home}/.keystore"
+ certificateKeystorePassword="changeit"
+ type="RSA"
+ />
+ </SSLHostConfig>
+</Connector>]]></source>
<p>
Note: If tomcat-native is installed, the configuration will use JSSE with
- an OpenSSL implementation, which supports either this configuration or the
APR
- configuration example given below.</p>
+ an OpenSSL implementation.</p>
<p>
- The APR connector uses different attributes for many SSL settings,
- particularly keys and certificates. An example of an APR configuration
is:</p>
+ The APR configuration style uses different attributes for many SSL settings,
+ particularly keys and certificates. An example of an APR configuration style
+ is:</p>
<source><![CDATA[<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
- protocol="org.apache.coyote.http11.Http11AprProtocol"
- port="8443" maxThreads="200"
- scheme="https" secure="true" SSLEnabled="true"
- SSLCertificateFile="/usr/local/ssl/server.crt"
- SSLCertificateKeyFile="/usr/local/ssl/server.pem"
- SSLVerifyClient="optional"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/>]]></source>
+ protocol="org.apache.coyote.http11.Http11AprProtocol"
+ port="8443"
+ maxThreads="150"
+ SSLEnabled="true" >
+ <SSLHostConfig>
+ <Certificate
+ certificateKeyFile="conf/localhost-rsa-key.pem"
+ certificateFile="conf/localhost-rsa-cert.pem"
+ certificateChainFile="conf/localhost-rsa-chain.pem"
+ type="RSA"
+ />
+ </SSLHostConfig>
+</Connector>]]></source>
<p>The configuration options and information on which attributes
are mandatory, are documented in the SSL Support section of the
<a href="config/http.html#SSL_Support">HTTP connector</a> configuration
-reference. Make sure that you use the correct attributes for the connector you
-are using. The NIO and NIO2 connectors use JSSE unless the JSSE OpenSSL
implementation is
-installed (in which case it supports either the JSSE or OpenSSL configuration
styles),
-whereas the APR/native connector uses APR.</p>
+reference. Tomcat supports either configuration style (JSSE or OpenSSL) with
all
+TLS connectors.</p>
<p>The <code>port</code> attribute is the TCP/IP
port number on which Tomcat will listen for secure connections. You can
@@ -568,7 +580,8 @@ SSL communications, and what to do about them.</p>
be named <code>.keystore</code> in the user home directory under which
Tomcat is running (which may or may not be the same as yours :-). If
the keystore file is anywhere else, you will need to add a
- <code>keystoreFile</code> attribute to the <code><Connector></code>
+ <code>certificateKeystoreFile</code> attribute to the
+ <code><Certificate></code>
element in the <a href="#Edit_the_Tomcat_Configuration_File">Tomcat
configuration file</a>.</p>
</li>
@@ -595,8 +608,8 @@ SSL communications, and what to do about them.</p>
<p>A likely explanation is that Tomcat cannot find the alias for the server
key within the specified keystore. Check that the correct
- <code>keystoreFile</code> and <code>keyAlias</code> are specified in the
- <code><Connector></code> element in the
+ <code>certificateKeystoreFile</code> and <code>certificateKeyAlias</code>
+ are specified in the <code><Certificate></code> element in the
<a href="#Edit_the_Tomcat_Configuration_File">Tomcat configuration
file</a>.
<strong>REMINDER</strong> - <code>keyAlias</code> values may be case
sensitive!</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
