This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit bbed3ec1e901ed0edcc6bf075d756cde764263a3
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 28 10:34:07 2021 +0000
Make the calls to remove/reload the SSLHostConfig case insensitive
The is the fifth and final part of the fix to make mapping of SNI values
to SSL virtual hosts case insensitive.
While not strictly related to SNI processing, a review of all of the
uses of sslHostConfigs identified these additional locations where the
host name may be provided in mixed case.
---
java/org/apache/tomcat/util/net/AbstractEndpoint.java | 17 +++++++++++++----
webapps/docs/changelog.xml | 10 ++++++++++
2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 7f414b5..b950909 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -290,12 +290,15 @@ public abstract class AbstractEndpoint<S> {
if (hostName == null) {
return null;
}
- // Host names are case insensitive
- if (hostName.equalsIgnoreCase(getDefaultSSLHostConfigName())) {
+ // Host names are case insensitive but stored/processed in lower case
+ // internally because they are used as keys in a ConcurrentMap where
+ // keys are compared in a case sensitive manner.
+ String hostNameLower = hostName.toLowerCase(Locale.ENGLISH);
+ if (hostNameLower.equals(getDefaultSSLHostConfigName())) {
throw new IllegalArgumentException(
sm.getString("endpoint.removeDefaultSslHostConfig",
hostName));
}
- SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostName);
+ SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostNameLower);
unregisterJmx(sslHostConfig);
return sslHostConfig;
}
@@ -308,7 +311,13 @@ public abstract class AbstractEndpoint<S> {
* reloaded. This must match a current SSL host
*/
public void reloadSslHostConfig(String hostName) {
- SSLHostConfig sslHostConfig = sslHostConfigs.get(hostName);
+ // Host names are case insensitive but stored/processed in lower case
+ // internally because they are used as keys in a ConcurrentMap where
+ // keys are compared in a case sensitive manner.
+ // This method can be called via various paths so convert the supplied
+ // host name to lower case here to ensure the conversion occurs
whatever
+ // the call path.
+ SSLHostConfig sslHostConfig =
sslHostConfigs.get(hostName.toLowerCase(Locale.ENGLISH));
if (sslHostConfig == null) {
throw new IllegalArgumentException(
sm.getString("endpoint.unknownSslHostName", hostName));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9be25cb..6e9ee77 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,16 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 8.5.62 (markt)" rtext="in development">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Ensure that SNI provided host names are matched to SSL virtual host
+ configurations in a case insensitive manner. (markt)
+ </fix>
+ </changelog>
+ </subsection>
+</section>
+<section name="Tomcat 9.0.42 (markt)" rtext="release in progress">
<subsection name="Catalina">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
