svn commit: r1673193 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AbstractJsseEndpoint.java LocalStrings.properties SecureNio2Channel.java SecureNioChannel.java

[markt]

Author: markt
Date: Mon Apr 13 13:53:56 2015
New Revision: 1673193

URL: http://svn.apache.org/r1673193
Log:
Pass the SNI host name to the SSLEngine creation since the engine
created is going to have to depend on the SNI host name.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
    tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
    tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1673193&r1=1673192&r2=1673193&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Mon 
Apr 13 13:53:56 2015
@@ -66,7 +66,7 @@ public abstract class AbstractJsseEndpoi
     }
 
 
-    protected SSLEngine createSSLEngine() {
+    protected SSLEngine createSSLEngine(String sniHostName) {
         SSLEngine engine = sslContext.createSSLEngine();
         if ("false".equals(getClientAuth())) {
             engine.setNeedClientAuth(false);

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1673193&r1=1673192&r2=1673193&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties Mon 
Apr 13 13:53:56 2015
@@ -96,6 +96,7 @@ channel.nio.ssl.closing=Channel is in cl
 channel.nio.ssl.invalidBuffer=You can only read using the application read 
buffer provided by the handler.
 channel.nio.ssl.expandNetInBuffer=Expanding network input buffer to [{0}] bytes
 channel.nio.ssl.expandNetOutBuffer=Expanding network output buffer to [{0}] 
bytes
+channel.nio.ssl.sniHostName=The SNI host name extracted for this connection 
was [{0}]
 
 sniExtractor.clientHelloTooBig=The ClientHello was not presented in a single 
TLS record so no SNI information could be extracted
 

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1673193&r1=1673192&r2=1673193&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Mon Apr 
13 13:53:56 2015
@@ -346,12 +346,11 @@ public class SecureNio2Channel extends N
             break;
         }
 
-        // TODO: Extract the correct configuration for the requested host name
-        //       and set up the SSLEngine accordingly. At that point this can
-        //       become a debug level message.
-        log.info("SNI hostname was [" + hostName + "]");
+        if (log.isDebugEnabled()) {
+            log.debug(sm.getString("channel.nio.ssl.sniHostName", hostName));
+        }
 
-        sslEngine = endpoint.createSSLEngine();
+        sslEngine = endpoint.createSSLEngine(hostName);
 
         // Ensure the application buffers (which have to be created earlier) 
are
         // big enough.

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1673193&r1=1673192&r2=1673193&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Mon Apr 
13 13:53:56 2015
@@ -261,12 +261,11 @@ public class SecureNioChannel extends Ni
             break;
         }
 
-        // TODO: Extract the correct configuration for the requested host name
-        //       and set up the SSLEngine accordingly. At that point this can
-        //       become a debug level message.
-        log.info("SNI hostname was [" + hostName + "]");
+        if (log.isDebugEnabled()) {
+            log.debug(sm.getString("channel.nio.ssl.sniHostName", hostName));
+        }
 
-        sslEngine = endpoint.createSSLEngine();
+        sslEngine = endpoint.createSSLEngine(hostName);
 
         // Ensure the application buffers (which have to be created earlier) 
are
         // big enough.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org