This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f3faa70cf0098fcabda6e2ce1074c128b9b7f491
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 28 09:29:01 2021 +0000
Ensure the hostName field of SSLHostConfig is always lower case.
This is the first part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
DNS names are case insensitive and while some browsers appear to always
convert provided host names to lower case, I have found no requirement
for this in the RFCs.
The overall plan is to always store and process host names in lower
case. This is because they are used as keys in a ConcurrentMap and keys
are compared in a case sensitive manner.
Using CaseInsensitiveKeyMap was rejected as a solution as that as it is
not thread safe.
---
java/org/apache/catalina/manager/ManagerServlet.java | 2 ++
java/org/apache/tomcat/util/net/SSLHostConfig.java | 7 ++++++-
webapps/docs/config/http.xml | 3 ++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/manager/ManagerServlet.java
b/java/org/apache/catalina/manager/ManagerServlet.java
index ee4247d..d5b3723 100644
--- a/java/org/apache/catalina/manager/ManagerServlet.java
+++ b/java/org/apache/catalina/manager/ManagerServlet.java
@@ -572,6 +572,8 @@ public class ManagerServlet extends HttpServlet implements
ContainerServlet {
} else {
SSLHostConfig[] sslHostConfigs =
http11Protoocol.findSslHostConfigs();
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
+ // tlsHostName is as provided by the user so use a
case insensitive
+ // comparison as host names are case insensitive.
if
(sslHostConfig.getHostName().equalsIgnoreCase(tlsHostName)) {
found = true;
http11Protoocol.reloadSslHostConfig(tlsHostName);
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 744ce9b..4e72bb3 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -25,6 +25,7 @@ import java.security.UnrecoverableKeyException;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
+import java.util.Locale;
import java.util.Set;
import javax.management.ObjectName;
@@ -436,10 +437,14 @@ public class SSLHostConfig implements Serializable {
public void setHostName(String hostName) {
- this.hostName = hostName;
+ this.hostName = hostName.toLowerCase(Locale.ENGLISH);
}
+ /**
+ * @return The host name associated with this SSL configuration - always in
+ * lower case.
+ */
public String getHostName() {
return hostName;
}
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 9d66d5d..26439b5 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1330,7 +1330,8 @@
<p>The name of the SSL Host. This should either be the fully qualified
domain name (e.g. <code>tomcat.apache.org</code>) or a wild card domain
name (e.g. <code>*.apache.org</code>). If not specified, the default
value
- of <code>_default_</code> will be used.</p>
+ of <code>_default_</code> will be used. Provided values are always
+ converted to lower case.</p>
</attribute>
<attribute name="insecureRenegotiation" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
