svn commit: r1686281 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java webapps/docs/changelog.xml webapps/docs/config/http.xml webapps/docs/ssl-howto.xml

Thu, 18 Jun 2015 10:16:35 -0700 

Author: remm
Date: Thu Jun 18 17:15:51 2015
New Revision: 1686281

URL: http://svn.apache.org/r1686281
Log:
- When using the OpenSSL SSL engine, use the OpenSSL style configuration.
- Add some "documentation" that says the APR SSL configuration should be used 
when using the OpenSSL sslImplementationName. Better than nothing ...

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
    tomcat/trunk/webapps/docs/changelog.xml
    tomcat/trunk/webapps/docs/config/http.xml
    tomcat/trunk/webapps/docs/ssl-howto.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1686281&r1=1686280&r2=1686281&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Thu 
Jun 18 17:15:51 2015
@@ -21,6 +21,7 @@ import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSessionContext;
 
 import org.apache.tomcat.util.net.SSLHostConfig.Type;
+import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
 
 public abstract class AbstractJsseEndpoint<S> extends AbstractEndpoint<S> {
 
@@ -57,7 +58,11 @@ public abstract class AbstractJsseEndpoi
 
     @Override
     protected Type getSslConfigType() {
-        return SSLHostConfig.Type.JSSE;
+        if 
(OpenSSLImplementation.IMPLEMENTATION_NAME.equals(sslImplementationName)) {
+            return SSLHostConfig.Type.OPENSSL;
+        } else {
+            return SSLHostConfig.Type.JSSE;
+        }
     }
 
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1686281&r1=1686280&r2=1686281&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Jun 18 17:15:51 2015
@@ -82,6 +82,11 @@
         has been significant changes to the SSL configuration in server.xml to
         support this. (markt)
       </add>
+      <add>
+        Add SSL engine backed by OpenSSL, based on code contributed by Numa de
+        Montmollin and derived from code developed by Twitter and Netty.
+        (remm)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Tribes">

Modified: tomcat/trunk/webapps/docs/config/http.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1686281&r1=1686280&r2=1686281&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Thu Jun 18 17:15:51 2015
@@ -1343,7 +1343,13 @@
       <p>The class name of the SSL implementation to use. If not specified, the
       default of 
<code>org.apache.tomcat.util.net.jsse.JSSEImplementation</code>
       will be used which wraps JVM&apos;s default JSSE provider. Note that the
-      JVM can be configured to use a different JSSE provider as the 
default.</p>
+      JVM can be configured to use a different JSSE provider as the default.
+      Tomcat also bundles a special SSL implementation for JSSE that is backed
+      by OpenSSL. To enable it, the native library should be enabled as if
+      intending to use the APR connector, the value of this attribute should be
+      <code>org.apache.tomcat.util.net.openssl.OpenSSLImplementation</code>,
+      and the SSL attributes configuration used should be the one from the APR
+      connector.</p>
     </attribute>
 
   </attributes>

Modified: tomcat/trunk/webapps/docs/ssl-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ssl-howto.xml?rev=1686281&r1=1686280&r2=1686281&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/trunk/webapps/docs/ssl-howto.xml Thu Jun 18 17:15:51 2015
@@ -300,12 +300,21 @@ loaded or not, use one of the following:
 <!-- Define a HTTP/1.1 Connector on port 8443, JSSE NIO2 implementation -->
 <Connector protocol="org.apache.coyote.http11.Http11Nio2Protocol"
            port="8443" .../>]]></source>
+
+<p>Tomcat also provides a SSL engine that directly uses OpenSSL. If the APR 
library
+is installed (as for using the APR connector), using the sslImplementationName 
attribute
+allows enabling it. In that case, the configuration must not use the JSSE 
attributes, but
+all the attributes that are defined for the APR connector.</p>
+<source><![CDATA[<!-- Define a HTTP/1.1 Connector on port 8443, JSSE NIO 
implementation and OpenSSL -->
+<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443"
+           
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
+           .../>]]></source>
+
 <p>Alternatively, to specify an APR connector (the APR library must be 
available) use:</p>
 <source><![CDATA[<!-- Define a HTTP/1.1 Connector on port 8443, APR 
implementation -->
 <Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
            port="8443" .../>]]></source>
 
-
 <p>If you are using APR, you have the option of configuring an alternative 
engine to OpenSSL.</p>
 <source><![CDATA[<Listener 
className="org.apache.catalina.core.AprLifecycleListener"
           SSLEngine="someengine" SSLRandomSeed="somedevice" />]]></source>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to