Author: schultz
Date: Thu Feb 19 16:21:27 2015
New Revision: 1660924
URL: http://svn.apache.org/r1660924
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
Add SSL protocol to request attributes
("org.apache.tomcat.util.net.secure_protocol_version").
Note that this feature requires mod_jk 1.2.41 or later, or manual configuration
of a JkEnvVar to set and send an AJP_SSL_PROTOCOL environment variable.
Modified:
tomcat/trunk/java/org/apache/catalina/connector/Request.java
tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
tomcat/trunk/java/org/apache/coyote/ajp/Constants.java
tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLSupport.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=1660924&r1=1660923&r2=1660924&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Thu Feb 19
16:21:27 2015
@@ -98,6 +98,7 @@ import org.apache.tomcat.util.http.fileu
import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
import org.apache.tomcat.util.http.fileupload.servlet.ServletRequestContext;
import org.apache.tomcat.util.http.parser.AcceptLanguage;
+import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.res.StringManager;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
@@ -853,7 +854,7 @@ public class Request
if(attr != null) {
return attr;
}
- if( isSSLAttribute(name) ) {
+ if( isSSLAttribute(name) ||
name.equals(SSLSupport.PROTOCOL_VERSION_KEY)) {
coyoteRequest.action(ActionCode.REQ_SSL_ATTRIBUTE,
coyoteRequest);
attr = coyoteRequest.getAttribute(Globals.CERTIFICATES_ATTR);
@@ -876,6 +877,10 @@ public class Request
if(attr != null) {
attributes.put(Globals.SSL_SESSION_MGR_ATTR, attr);
}
+ attr = coyoteRequest.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY);
+ if(attr != null) {
+ attributes.put(SSLSupport.PROTOCOL_VERSION_KEY, attr);
+ }
attr = attributes.get(name);
sslAttributesParsed = true;
}
Modified: tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java?rev=1660924&r1=1660923&r2=1660924&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java Thu Feb 19
16:21:27 2015
@@ -1140,6 +1140,8 @@ public class AjpProcessor extends Abstra
} catch (NumberFormatException nfe) {
// Ignore invalid value
}
+ } else if(n.equals(Constants.SC_A_SSL_PROTOCOL)) {
+ request.setAttribute(SSLSupport.PROTOCOL_VERSION_KEY, v);
} else {
request.setAttribute(n, v );
}
Modified: tomcat/trunk/java/org/apache/coyote/ajp/Constants.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ajp/Constants.java?rev=1660924&r1=1660923&r2=1660924&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/ajp/Constants.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ajp/Constants.java Thu Feb 19 16:21:27
2015
@@ -76,6 +76,7 @@ public final class Constants {
*/
public static final String SC_A_REQ_LOCAL_ADDR = "AJP_LOCAL_ADDR";
public static final String SC_A_REQ_REMOTE_PORT = "AJP_REMOTE_PORT";
+ public static final String SC_A_SSL_PROTOCOL = "AJP_SSL_PROTOCOL";
// Terminates list of attributes
public static final byte SC_A_ARE_DONE = (byte)0xFF;
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=1660924&r1=1660923&r2=1660924&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java Thu Feb 19
16:21:27 2015
@@ -975,6 +975,11 @@ public class Http11Processor extends Abs
request.setAttribute
(SSLSupport.SESSION_ID_KEY, sslO);
}
+ sslO = sslSupport.getProtocol();
+ if (sslO != null) {
+ request.setAttribute
+ (SSLSupport.PROTOCOL_VERSION_KEY, sslO);
+ }
request.setAttribute(SSLSupport.SESSION_MGR, sslSupport);
}
} catch (Exception e) {
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java?rev=1660924&r1=1660923&r2=1660924&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java Thu Feb 19
16:21:27 2015
@@ -117,4 +117,18 @@ public class AprSSLSupport implements SS
throw new IOException(e);
}
}
+
+ @Override
+ public String getProtocol() throws IOException {
+ long socketRef = socketWrapper.getSocket().longValue();
+ if (socketRef == 0) {
+ return null;
+ }
+
+ try {
+ return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_PROTOCOL);
+ } catch (Exception e) {
+ throw new IOException(e);
+ }
+ }
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLSupport.java?rev=1660924&r1=1660923&r2=1660924&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLSupport.java Thu Feb 19
16:21:27 2015
@@ -55,6 +55,12 @@ public interface SSLSupport {
public static final String SESSION_MGR =
"javax.servlet.request.ssl_session_mgr";
+ /**
+ * The request attribute key under which the String indicating the protocol
+ * that created the SSL socket is recorded - e.g. TLSv1 or TLSv1.2 etc.
+ */
+ public static final String PROTOCOL_VERSION_KEY =
+ "org.apache.tomcat.util.net.secure_protocol_version";
/**
* The cipher suite being used on this connection.
@@ -106,5 +112,11 @@ public interface SSLSupport {
* @throws IOException If an error occurs trying to obtain the session ID
*/
public String getSessionId() throws IOException;
+
+ /**
+ * @return the protocol String indicating how the SSL socket was created
+ * e.g. TLSv1 or TLSv1.2 etc.
+ */
+ public String getProtocol() throws IOException;
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=1660924&r1=1660923&r2=1660924&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java Thu Feb
19 16:21:27 2015
@@ -180,5 +180,13 @@ public class JSSESupport implements SSLS
public void invalidateSession() {
session.invalidate();
}
+
+ @Override
+ public String getProtocol() throws IOException {
+ if (session == null) {
+ return null;
+ }
+ return session.getProtocol();
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
