changelog.xml

markt Thu, 18 Aug 2011 10:05:51 -0700

Author: markt
Date: Thu Aug 18 17:05:25 2011
New Revision: 1159317

URL: http://svn.apache.org/viewvc?rev=1159317&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51073
Throw an exception and do not start the APR connector if it is configured for 
SSL and an invalid value is provided for SSLProtocol.


Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt
    
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/AprEndpoint.java
    
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/res/LocalStrings.properties
    tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1159317&r1=1159316&r2=1159317&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Thu Aug 18 17:05:25 2011
@@ -37,13 +37,6 @@ PATCHES PROPOSED TO BACKPORT:
     - Why DeltaSession#setIdInternal(String) public method is removed?
     - I agree that it is OK to add methods to the Session interface like this 
patch does.
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51073
-  Throw an exception and do not start the APR connector if it is configured for
-  SSL and an invalid value is provided for SSLProtocol.
-  http://svn.apache.org/viewvc?view=revision&revision=1094089
-  +1: markt, kkolinko, jfclere
-  -1: 
-  
 * Multiple improvements to the Windows Installer
   - https://issues.apache.org/bugzilla/show_bug.cgi?id=33262
     Install monitor to auto-start for current user only rather than all users 
to

Modified: 
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1159317&r1=1159316&r2=1159317&view=diff
==============================================================================
--- 
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/AprEndpoint.java
 (original)
+++ 
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/AprEndpoint.java
 Thu Aug 18 17:05:25 2011
@@ -645,7 +645,17 @@ public class AprEndpoint {
                 value = SSL.SSL_PROTOCOL_TLSV1;
             } else if ("SSLv2+SSLv3".equalsIgnoreCase(SSLProtocol)) {
                 value = SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3;
+            } else if ("all".equalsIgnoreCase(SSLProtocol) ||
+                    SSLProtocol == null || SSLProtocol.length() == 0) {
+                // NOOP, use the default defined above
+            } else {
+                // Protocol not recognized, fail to start as it is safer than
+                // continuing with the default which might enable more than the
+                // is required
+                throw new Exception(sm.getString(
+                        "endpoint.apr.invalidSslProtocol", SSLProtocol));
             }
+
             // Create SSL Context
             sslContext = SSLContext.make(rootPool, value, SSL.SSL_MODE_SERVER);
             // List the ciphers that the client is permitted to negotiate

Modified: 
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/res/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/res/LocalStrings.properties?rev=1159317&r1=1159316&r2=1159317&view=diff
==============================================================================
--- 
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/res/LocalStrings.properties
 (original)
+++ 
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/res/LocalStrings.properties
 Thu Aug 18 17:05:25 2011
@@ -37,3 +37,5 @@ endpoint.poll.error=Unexpected poller er
 endpoint.sendfile.error=Unexpected sendfile error
 endpoint.sendfile.addfail=Sednfile failure: [{0}] {1}
 endpoint.sendfile.nosupport=Disabling sendfile, since either the APR version 
or the system doesn't support it
+
+endpoint.apr.invalidSslProtocol=An invalid value [{0}] was provided for the 
SSLProtocol attribute
\ No newline at end of file

Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1159317&r1=1159316&r2=1159317&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Thu Aug 18 
17:05:25 2011
@@ -94,6 +94,11 @@
         <bug>50744</bug>: Skip the SSL configuration check on platforms where 
an
         unbounded socket cannot be created. (kkolinko)
       </fix>
+      <fix>
+        <bug>51073</bug>: Throw an exception and do not start the APR connector
+        if it is configured for SSL and an invalid value is provided for
+        SSLProtocol. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1159317 - in /tomcat/tc5.5.x/trunk: STATUS.txt connectors/util/java/org/apache/tomcat/util/net/AprEndpoint.java connectors/util/java/org/apache/tomcat/util/net/res/LocalStrings.properties container/webapps/docs/changelog.xml

Reply via email to