svn commit: r1678141 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/

markt Thu, 07 May 2015 00:30:34 -0700

Author: markt
Date: Thu May  7 07:30:11 2015
New Revision: 1678141

URL: http://svn.apache.org/r1678141
Log:
Move sslProtocol to SSLHostConfig


Modified:
    tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
    tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
    tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
    tomcat/trunk/webapps/docs/config/http.xml

Modified: 
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java 
Thu May  7 07:30:11 2015
@@ -25,9 +25,6 @@ public abstract class AbstractHttp11Jsse
         super(endpoint);
     }
 
-    public String getSslProtocol() { return getEndpoint().getSslProtocol();}
-    public void setSslProtocol(String s) { getEndpoint().setSslProtocol(s);}
-
     public void setSessionCacheSize(String 
s){getEndpoint().setSessionCacheSize(s);}
     public String getSessionCacheSize(){ return 
getEndpoint().getSessionCacheSize();}
 

Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Thu 
May  7 07:30:11 2015
@@ -506,6 +506,12 @@ public abstract class AbstractHttp11Prot
     }
 
 
+    public void setSslProtocol(String sslProtocol) {
+        registerDefaultSSLHostConfig();
+        defaultSSLHostConfig.setSslProtocol(sslProtocol);
+    }
+
+
     // ------------------------------------------------------------- Common 
code
 
     // Common configuration required for all new HTTP11 processors

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Thu May  
7 07:30:11 2015
@@ -963,10 +963,6 @@ public abstract class AbstractEndpoint<S
         this.sslImplementationName = s;
     }
 
-    private String sslProtocol = "TLS";
-    public String getSslProtocol() { return sslProtocol;}
-    public void setSslProtocol(String s) { sslProtocol = s;}
-
     private String sessionCacheSize = null;
     public String getSessionCacheSize() { return sessionCacheSize;}
     public void setSessionCacheSize(String s) { sessionCacheSize = s;}

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Thu May  7 
07:30:11 2015
@@ -64,6 +64,7 @@ public class SSLHostConfig {
     private String certificateKeystoreProvider = 
System.getProperty("javax.net.ssl.keyStoreProvider");
     private String certificateKeystoreType = 
System.getProperty("javax.net.ssl.keyStoreType");
     private String keyManagerAlgorithm = 
KeyManagerFactory.getDefaultAlgorithm();
+    private String sslProtocol = "TLS";
     private String trustManagerClassName;
     private String truststoreAlgorithm = 
TrustManagerFactory.getDefaultAlgorithm();
     private String truststoreFile = 
System.getProperty("javax.net.ssl.trustStore");
@@ -315,6 +316,17 @@ public class SSLHostConfig {
     }
 
 
+    public void setSslProtocol(String sslProtocol) {
+        setProperty("sslProtocol", Type.JSSE);
+        this.sslProtocol = sslProtocol;
+    }
+
+
+    public String getSslProtocol() {
+        return sslProtocol;
+    }
+
+
     public void setTrustManagerClassName(String trustManagerClassName) {
         setProperty("trustManagerClassName", Type.JSSE);
         this.trustManagerClassName = trustManagerClassName;

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 
Thu May  7 07:30:11 2015
@@ -81,8 +81,6 @@ public class JSSESocketFactory implement
     private static final StringManager sm =
         StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
 
-    // Defaults - made public where re-used
-    private static final String defaultProtocol = "TLS";
     private static final int defaultSessionCacheSize = 0;
     private static final int defaultSessionTimeout = 86400;
 
@@ -96,15 +94,10 @@ public class JSSESocketFactory implement
         this.endpoint = endpoint;
         this.sslHostConfig = sslHostConfig;
 
-        String sslProtocol = endpoint.getSslProtocol();
-        if (sslProtocol == null) {
-            sslProtocol = defaultProtocol;
-        }
-
-        javax.net.ssl.SSLContext context;
+        SSLContext context;
         try {
-             context = javax.net.ssl.SSLContext.getInstance(sslProtocol);
-             context.init(null,  null,  null);
+            context = createSSLContext();
+            context.init(null,  null,  null);
         } catch (NoSuchAlgorithmException | KeyManagementException e) {
             // This is fatal for the connector so throw an exception to prevent
             // it from starting
@@ -268,16 +261,10 @@ public class JSSESocketFactory implement
         return ks;
     }
 
-    @Override
-    public SSLContext createSSLContext() throws Exception {
-
-        // SSL protocol variant (e.g., TLS, SSL v3, etc.)
-        String protocol = endpoint.getSslProtocol();
-        if (protocol == null) {
-            protocol = defaultProtocol;
-        }
 
-        return new JSSESSLContext(protocol);
+    @Override
+    public SSLContext createSSLContext() throws NoSuchAlgorithmException {
+        return new JSSESSLContext(sslHostConfig.getSslProtocol());
     }
 
 

Modified: tomcat/trunk/webapps/docs/config/http.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1678141&r1=1678140&r2=1678141&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Thu May  7 07:30:11 2015
@@ -1197,6 +1197,18 @@
       used.</p>
     </attribute>
 
+    <attribute name="sslProtocol" required="false">
+      <p>JSSE only.</p>
+      <p>The the SSL protocol(s) to use (a single value may enable multiple
+      protocols - see the JVM documentation for details). If not specified, the
+      default is <code>TLS</code>. The permitted values may be obtained from 
the
+      JVM documentation for the allowed values for algorithm when creating an
+      <code>SSLContext</code> instance e.g.
+      <a 
href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext";>
+      Oracle Java 7</a>. Note: There is overlap between this attribute and
+      <code>protocols</code>.</p>
+    </attribute>
+
     <attribute name="trustManagerClassName" required="false">
       <p>JSSE only.</p>
       <p>The name of a custom trust manager class to use to validate client
@@ -1349,14 +1361,9 @@
     </attribute>
 
     <attribute name="sslProtocol" required="false">
-      <p>The the SSL protocol(s) to use (a single value may enable multiple
-      protocols - see the JVM documentation for details). If not specified, the
-      default is <code>TLS</code>. The permitted values may be obtained from 
the
-      JVM documentation for the allowed values for algorithm when creating an
-      <code>SSLContext</code> instance e.g.
-      <a 
href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext";>
-      Oracle Java 7</a>. Note: There is overlap between this attribute and
-      <code>sslEnabledProtocols</code>.</p>
+      <p>This is an alias for the <code>sslProtocol</code> attribute of the
+      default <a href="#SSL_Support_-_SSLHostConfig">SSLHostConfig</a>
+      element.</p>
     </attribute>
 
     <attribute name="trustManagerClassName" required="false">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1678141 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/

Reply via email to