svn commit: r1615951 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Tue Aug  5 15:50:13 2014
New Revision: 1615951

URL: http://svn.apache.org/r1615951
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56780
Enable Tomcat to start when using SSL with an IBM JRE in strict SP800-131a mode.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1615947

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1615951&r1=1615950&r2=1615951&view=diff
==============================================================================
--- 
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
 Tue Aug  5 15:50:13 2014
@@ -108,6 +108,7 @@ public class JSSESocketFactory implement
         String[] ciphers = null;
         String[] protocols = null;
         try {
+            // BZ 56780 IBM JRE can throw IllegalArgumentException here
             context = SSLContext.getInstance("TLS");
             context.init(null, null, null);
             SSLServerSocketFactory ssf = context.getServerSocketFactory();
@@ -129,12 +130,17 @@ public class JSSESocketFactory implement
             SSLServerSocket socket = (SSLServerSocket) 
ssf.createServerSocket();
             ciphers = socket.getEnabledCipherSuites();
             protocols = socket.getEnabledProtocols();
-        } catch (NoSuchAlgorithmException e) {
-            // Assume no RFC 5746 support
+        } catch (NoSuchAlgorithmException e ) {
+            // Assume no RFC 5746 support if an SSLContext could not be created
+            // Unable to determine default ciphers/protocols so use none
         } catch (KeyManagementException e) {
-            // Assume no RFC 5746 support
+            // Assume no RFC 5746 support if an SSLContext could not be created
+            // Unable to determine default ciphers/protocols so use none
         } catch (IOException e) {
             // Unable to determine default ciphers/protocols so use none
+        } catch (IllegalArgumentException e) {
+            // Assume no RFC 5746 support if an SSLContext could not be created
+            // Unable to determine default ciphers/protocols so use none
         }
         RFC_5746_SUPPORTED = result;
         DEFAULT_SERVER_CIPHER_SUITES = ciphers;

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1615951&r1=1615950&r2=1615951&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Aug  5 15:50:13 2014
@@ -84,6 +84,14 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        <bug>56780</bug>: Enable Tomcat to start when using SSL with an IBM JRE
+        in strict SP800-131a mode. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Jasper">
     <changelog>
       <fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org