This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 35addcab7fe1b487626b5d5e9e74b04e65f2ceae
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 28 10:34:07 2021 +0000
Make the calls to remove/reload the SSLHostConfig case insensitive
The is the fifth and final part of the fix to make mapping of SNI values
to SSL virtual hosts case insensitive.
While not strictly related to SNI processing, a review of all of the
uses of sslHostConfigs identified these additional locations where the
host name may be provided in mixed case.
---
java/org/apache/tomcat/util/net/AbstractEndpoint.java | 17 +++++++++++++----
webapps/docs/changelog.xml | 8 ++++++++
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 5707645..62f8045 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -298,12 +298,15 @@ public abstract class AbstractEndpoint<S,U> {
if (hostName == null) {
return null;
}
- // Host names are case insensitive
- if (hostName.equalsIgnoreCase(getDefaultSSLHostConfigName())) {
+ // Host names are case insensitive but stored/processed in lower case
+ // internally because they are used as keys in a ConcurrentMap where
+ // keys are compared in a case sensitive manner.
+ String hostNameLower = hostName.toLowerCase(Locale.ENGLISH);
+ if (hostNameLower.equals(getDefaultSSLHostConfigName())) {
throw new IllegalArgumentException(
sm.getString("endpoint.removeDefaultSslHostConfig",
hostName));
}
- SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostName);
+ SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostNameLower);
unregisterJmx(sslHostConfig);
return sslHostConfig;
}
@@ -316,7 +319,13 @@ public abstract class AbstractEndpoint<S,U> {
* reloaded. This must match a current SSL host
*/
public void reloadSslHostConfig(String hostName) {
- SSLHostConfig sslHostConfig = sslHostConfigs.get(hostName);
+ // Host names are case insensitive but stored/processed in lower case
+ // internally because they are used as keys in a ConcurrentMap where
+ // keys are compared in a case sensitive manner.
+ // This method can be called via various paths so convert the supplied
+ // host name to lower case here to ensure the conversion occurs
whatever
+ // the call path.
+ SSLHostConfig sslHostConfig =
sslHostConfigs.get(hostName.toLowerCase(Locale.ENGLISH));
if (sslHostConfig == null) {
throw new IllegalArgumentException(
sm.getString("endpoint.unknownSslHostName", hostName));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 26850c2..d92f253 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,14 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 10.0.2 (markt)" rtext="in development">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Ensure that SNI provided host names are matched to SSL virtual host
+ configurations in a case insensitive manner. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 10.0.1 (markt)" rtext="release in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
