svn commit: r685981 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

Thu, 14 Aug 2008 11:12:22 -0700 

Author: markt
Date: Thu Aug 14 11:11:28 2008
New Revision: 685981

URL: http://svn.apache.org/viewvc?rev=685981&view=rev
Log:
Revert the previous fix. Filip has suggested an alternative approach that 
should address the various objections. New patch will follow in the next few 
days.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=685981&r1=685980&r2=685981&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 
Thu Aug 14 11:11:28 2008
@@ -26,7 +26,6 @@
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.SocketException;
-import java.net.SocketTimeoutException;
 import java.security.KeyStore;
 import java.security.SecureRandom;
 import java.security.cert.CRL;
@@ -693,7 +692,7 @@
      * Configures the given SSL server socket with the requested cipher suites,
      * protocol versions, and need for client authentication
      */
-    private void initServerSocket(ServerSocket ssocket) throws IOException {
+    private void initServerSocket(ServerSocket ssocket) {
 
         SSLServerSocket socket = (SSLServerSocket) ssocket;
 
@@ -705,48 +704,9 @@
         setEnabledProtocols(socket, getEnabledProtocols(socket, 
                                                          requestedProtocols));
 
-        // Check the SSL config is OK
-        checkSocket(ssocket);
-
         // we don't know if client auth is needed -
         // after parsing the request we may re-handshake
         configureClientAuth(socket);
     }
 
-    /**
-     * Checks that the cetificate is compatible with the enabled cipher suites.
-     * If we don't check now, the JIoEndpoint can enter a nasty logging loop.
-     * See bug 45528.
-     */
-    private void checkSocket(ServerSocket socket) throws IOException {
-        int timeout = socket.getSoTimeout();
-        
-        socket.setSoTimeout(1);
-        Socket s = null;
-        try {
-            s = socket.accept();
-            // No expecting to get here but if we do, at least we know things
-            // are working.
-        } catch (SSLException ssle) {
-            // Cert doesn't match ciphers
-            IOException ioe =
-                new IOException("Certificate / cipher mismatch");
-            ioe.initCause(ssle);
-            throw ioe;
-        } catch (SocketTimeoutException ste) {
-            // Expected - do nothing
-        } finally {
-            // In case we actually got a connection - close it.
-            if (s != null) {
-                try {
-                    s.close();
-                } catch (IOException ioe) {
-                    // Ignore
-                }
-            }
-            // Reset the timeout
-            socket.setSoTimeout(timeout);
-        }
-        
-    }
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to