http.xml

markt Thu, 04 Dec 2008 11:31:57 -0800

Author: markt
Date: Thu Dec  4 11:31:34 2008
New Revision: 723404

URL: http://svn.apache.org/viewvc?rev=723404&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44285
Provide support for configuring the JSSE SSL session cache size and timeout


Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
    tomcat/trunk/webapps/docs/config/http.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=723404&r1=723403&r2=723404&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Thu Dec  4 
11:31:34 2008
@@ -50,6 +50,7 @@
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSessionContext;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509KeyManager;
 
@@ -604,7 +605,6 @@
     public void setKeystoreType(String s ) { this.keystoreType = s;}
 
     protected String sslProtocol = "TLS"; 
-    
     public String getSslProtocol() { return sslProtocol;}
     public void setSslProtocol(String s) { sslProtocol = s;}
     
@@ -617,7 +617,6 @@
         for (int i=0; i<sslEnabledProtocolsarr.length; i++ ) 
sslEnabledProtocolsarr[i] = t.nextToken();
     }
     
-    
     protected String ciphers = null;
     protected String[] ciphersarr = new String[0];
     public String getCiphers() { return ciphers;}
@@ -630,7 +629,15 @@
             for (int i=0; i<ciphersarr.length; i++ ) ciphersarr[i] = 
t.nextToken();
         }
     }
-    
+
+    protected int sessionCacheSize = 0;
+    public int getSessionCacheSize() { return sessionCacheSize;}
+    public void setSessionCacheSize(int i) { sessionCacheSize = i;}
+
+    protected int sessionCacheTimeout = 86400;
+    public int getSessionCacheTimeout() { return sessionCacheTimeout;}
+    public void setSessionCacheTimeout(int i) { sessionCacheTimeout = i;}
+
     /**
      * SSL engine.
      */
@@ -808,6 +815,12 @@
 
             sslContext = SSLContext.getInstance(getSslProtocol());
             sslContext.init(wrap(kmf.getKeyManagers()), 
tmf.getTrustManagers(), null);
+            SSLSessionContext sessionContext =
+                sslContext.getServerSessionContext();
+            if (sessionContext != null) {
+                sessionContext.setSessionCacheSize(sessionCacheSize);
+                sessionContext.setSessionTimeout(sessionCacheTimeout);
+            }
         }
         
         if (oomParachute>0) reclaimParachute(true);

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=723404&r1=723403&r2=723404&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 
Thu Dec  4 11:31:34 2008
@@ -49,6 +49,7 @@
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
@@ -88,6 +89,9 @@
     private static final String defaultKeystoreFile
         = System.getProperty("user.home") + "/.keystore";
     private static final String defaultKeyPass = "changeit";
+    private static final int defaultSessionCacheSize = 0;
+    private static final int defaultSessionTimeout = 86400;
+    
     static org.apache.juli.logging.Log log =
         org.apache.juli.logging.LogFactory.getLog(JSSESocketFactory.class);
 
@@ -419,6 +423,28 @@
                                  trustAlgorithm),
                          new SecureRandom());
 
+            // Configure SSL session cache
+            int sessionCacheSize;
+            if (attributes.get("sessionCacheSize") != null) {
+                sessionCacheSize = Integer.parseInt(
+                        (String)attributes.get("sessionCacheSize"));
+            } else {
+                sessionCacheSize = defaultSessionCacheSize;
+            }
+            int sessionCacheTimeout;
+            if (attributes.get("sessionCacheTimeout") != null) {
+                sessionCacheTimeout = Integer.parseInt(
+                        (String)attributes.get("sessionCacheTimeout"));
+            } else {
+                sessionCacheTimeout = defaultSessionTimeout;
+            }
+            SSLSessionContext sessionContext =
+                context.getServerSessionContext();
+            if (sessionContext != null) {
+                sessionContext.setSessionCacheSize(sessionCacheSize);
+                sessionContext.setSessionTimeout(sessionCacheTimeout);
+            }
+
             // create proxy
             sslProxy = context.getServerSocketFactory();
 

Modified: tomcat/trunk/webapps/docs/config/http.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=723404&r1=723403&r2=723404&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Thu Dec  4 11:31:34 2008
@@ -103,20 +103,14 @@
       the container during FORM or CLIENT-CERT authentication. For both types
       of authentication, the POST will be saved/buffered before the user is
       authenticated. For CLIENT-CERT authentication, the POST is buffered for
-      the duration of
- the SSL handshake and the buffer emptied when the request
-      is processed. For FORM authentication the POST is
- saved whilst the user
+      the duration of the SSL handshake and the buffer emptied when the request
+      is processed. For FORM authentication the POST is saved whilst the user
       is re-directed to the login form and is retained until the user
       successfully authenticates or the session associated with the
       authentication request expires. The limit can be disabled by setting this
-      attribute to -1. Setting the attribute to
- zero will disable the saving of
-      POST data during authentication
-. If not
- specified, this attribute is set
-      to
- 4096 (4 kilobytes).</p>
+      attribute to -1. Setting the attribute to zero will disable the saving of
+      POST data during authentication. If not specified, this attribute is set
+      to 4096 (4 kilobytes).</p>
     </attribute>
 
     <attribute name="protocol" required="false">
@@ -748,6 +742,18 @@
       </p>
     </attribute>
 
+    <attribute name="sessionCacheSize" required="false">
+      <p>The number of SSL sessions to maintain in the session cache. Use 0 to
+      specify an unlimited cache size. If not specified, a default of 0 is
+      used.</p>
+    </attribute>
+    
+    <attribute name="sessionTimeout" required="false">
+      <p>The time, in seconds, after the creation of an SSL session that it 
will
+      timeout. Use 0 to specify an unlimited timeout. If not specified, a
+      default of 86400 (24 hours) is used.</p>
+    </attribute>
+    
   </attributes>
 
   <p>For more information, see the



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r723404 - in /tomcat/trunk: java/org/apache/tomcat/util/net/NioEndpoint.java java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/config/http.xml

Reply via email to