Re: svn commit: r1432753 - in /tomcat/tc7.0.x/trunk: java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ java/org/apache/tomcat/util/net/jsse/res/ webapps/docs/ webapps/docs/config/

[Christopher Schultz]

Tim,

Repeating my comment on your BZ comment:

On 1/13/13 5:08 PM, t...@apache.org wrote:
> Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/SSLUtil.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/SSLUtil.java?rev=1432753&r1=1432752&r2=1432753&view=diff
> ==============================================================================
> --- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/SSLUtil.java 
> (original)
> +++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/SSLUtil.java Sun Jan 
> 13 22:08:14 2013
> @@ -30,4 +30,32 @@ public interface SSLUtil {
>      public TrustManager[] getTrustManagers() throws Exception;
>  
>      public void configureSessionContext(SSLSessionContext sslSessionContext);
> +
> +    /**
> +     * Determines the SSL cipher suites that can be enabled, based on the
> +     * configuration of the endpoint and the ciphers supported by the SSL
> +     * implementation.
> +     *
> +     * @param context An initialized context to obtain the supported ciphers 
> from.
> +     *
> +     * @return Array of SSL cipher suites that may be enabled (which may be
> +     *         empty if none of the specified ciphers are supported), or
> +     *         the defaults for the underlying SSL implementation if 
> +     *         the endpoint configuration does not specify any ciphers.
> +     */
> +    public String[] getEnableableCiphers(SSLContext context);
> +     
> +    /**
> +     * Determines the SSL protocol variants that can be enabled, based on the
> +     * configuration of the endpoint and the ciphers supported by the SSL
> +     * implementation.
> +     *
> +     * @param context An initialized context to obtain the supported 
> protocols from.
> +     *
> +     * @return Array of SSL protocol variants that may be enabled (which may 
> be
> +     *         empty if none of the specified protocols are supported), or
> +     *         the defaults for the underlying SSL implementation if 
> +     *         the endpoint configuration does not specify any protocols.
> +     */
> +    public String[] getEnableableProtocols(SSLContext context);
>  }

Since you have added methods to this interface, I'm afraid I might have
to by -1 to this commit (specifically to the 7.0.x branch) because it
means that Tomcat 7 is no longer binary-compatible and dependent code
won't compile without modification (which is obviously frustrating).

What about a different fix for 7.0.x which uses a separate class to
handle these two new methods? That would allow the fix with minimal
modification but still maintain binary compatibility. I would certainly
leave the patch to trunk in its current state.

-chris

signature.asc
Description: OpenPGP digital signature