This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 48f2d41c931a0684aa169e8c6f727f55298244bd
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 28 10:34:07 2021 +0000
Make the calls to remove/reload the SSLHostConfig case insensitive
The is the fifth and final part of the fix to make mapping of SNI values
to SSL virtual hosts case insensitive.
While not strictly related to SNI processing, a review of all of the
uses of sslHostConfigs identified these additional locations where the
host name may be provided in mixed case.
---
java/org/apache/tomcat/util/net/AbstractEndpoint.java | 17 +++++++++++++----
webapps/docs/changelog.xml | 8 ++++++++
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 504074f..a0f9719 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -309,12 +309,15 @@ public abstract class AbstractEndpoint<S,U> {
if (hostName == null) {
return null;
}
- // Host names are case insensitive
- if (hostName.equalsIgnoreCase(getDefaultSSLHostConfigName())) {
+ // Host names are case insensitive but stored/processed in lower case
+ // internally because they are used as keys in a ConcurrentMap where
+ // keys are compared in a case sensitive manner.
+ String hostNameLower = hostName.toLowerCase(Locale.ENGLISH);
+ if (hostNameLower.equals(getDefaultSSLHostConfigName())) {
throw new IllegalArgumentException(
sm.getString("endpoint.removeDefaultSslHostConfig",
hostName));
}
- SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostName);
+ SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostNameLower);
unregisterJmx(sslHostConfig);
return sslHostConfig;
}
@@ -327,7 +330,13 @@ public abstract class AbstractEndpoint<S,U> {
* reloaded. This must match a current SSL host
*/
public void reloadSslHostConfig(String hostName) {
- SSLHostConfig sslHostConfig = sslHostConfigs.get(hostName);
+ // Host names are case insensitive but stored/processed in lower case
+ // internally because they are used as keys in a ConcurrentMap where
+ // keys are compared in a case sensitive manner.
+ // This method can be called via various paths so convert the supplied
+ // host name to lower case here to ensure the conversion occurs
whatever
+ // the call path.
+ SSLHostConfig sslHostConfig =
sslHostConfigs.get(hostName.toLowerCase(Locale.ENGLISH));
if (sslHostConfig == null) {
throw new IllegalArgumentException(
sm.getString("endpoint.unknownSslHostName", hostName));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 80c7d51..84a997e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,14 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 9.0.43 (markt)" rtext="in development">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Ensure that SNI provided host names are matched to SSL virtual host
+ configurations in a case insensitive manner. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 9.0.42 (markt)" rtext="release in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
