On 06/05/2015 15:26, Konstantin Kolinko wrote:
> 2015-05-06 15:36 GMT+03:00 <[email protected]>:
>> Author: markt
>> Date: Wed May 6 12:36:50 2015
>> New Revision: 1677971
>>
>> URL: http://svn.apache.org/r1677971
>> Log:
>> Use the truststoreProvider rather than the keystoreProvider for the trust
>> manager
>>
>> Modified:
>> tomcat/tc7.0.x/trunk/ (props changed)
>>
>> tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
>> tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
>
>
>> Modified:
>> tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
>> URL:
>> http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677971&r1=1677970&r2=1677971&view=diff
>> ==============================================================================
>> ---
>> tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
>> (original)
>> +++
>> tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
>> Wed May 6 12:36:50 2015
>> @@ -545,8 +545,7 @@ public class JSSESocketFactory implement
>> algorithm = TrustManagerFactory.getDefaultAlgorithm();
>> }
>>
>> - return getTrustManagers(truststoreType,
>> endpoint.getKeystoreProvider(),
>> - algorithm);
>> + return getTrustManagers(truststoreType,
>> endpoint.getTruststoreProvider(), algorithm);
>> }
>>
>> @Override
>>
>> Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
>> URL:
>> http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1677971&r1=1677970&r2=1677971&view=diff
>> ==============================================================================
>> --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
>> +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed May 6 12:36:50 2015
>> @@ -128,6 +128,12 @@
>> <bug>57837</bug>: Add <code>text/css</code> to the default list of
>> compressable MIME types. (markt)
>> </fix>
>> + <fix>
>> + For the JSSE based TLS connectors, use the
>> + <code>truststoreProvider</code> rather than the
>> + <code>keystoreProvider</code> when creating the
>> + <code>TrustManager</code>s. (markt)
>> + </fix>
>> </changelog>
>> </subsection>
>> <subsection name="Jasper">
>
>
> Hi!
>
> I voted for TC 6 backport of this revision, but on further review
> there are two problems:
>
> 1. In other place that calls endpoint.getTruststoreProvider() --
> JSSESocketFactory.getTrustStore() -- there is some logic to fallback
> to getKeystoreProvider(). It also consults a system property.
>
> If we call endpoint.getTruststoreProvider() directly then there is no
> such fallback logic.
I'll look at fixing that.
> 2. The patch is not applicable to Tomcat 6 as is, as its endpoint
> classes do not have "getTruststoreProvider()" method.
>
> Searching for "truststoreProvider" I see that documentation mentions
> such option in config/http.xml, and the code in
> JSSESocketFactory.getTrustStore() does
>
> String truststoreProvider =
> (String)attributes.get("truststoreProvider");
>
> instead of using a getter method.
Once I fix the first issue, I'll put together a specific 6.0.x patch.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
