Author: remm
Date: Thu Jun 18 17:15:51 2015
New Revision: 1686281
URL: http://svn.apache.org/r1686281
Log:
- When using the OpenSSL SSL engine, use the OpenSSL style configuration.
- Add some "documentation" that says the APR SSL configuration should be used
when using the OpenSSL sslImplementationName. Better than nothing ...
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/http.xml
tomcat/trunk/webapps/docs/ssl-howto.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1686281&r1=1686280&r2=1686281&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Thu
Jun 18 17:15:51 2015
@@ -21,6 +21,7 @@ import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
import org.apache.tomcat.util.net.SSLHostConfig.Type;
+import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
public abstract class AbstractJsseEndpoint<S> extends AbstractEndpoint<S> {
@@ -57,7 +58,11 @@ public abstract class AbstractJsseEndpoi
@Override
protected Type getSslConfigType() {
- return SSLHostConfig.Type.JSSE;
+ if
(OpenSSLImplementation.IMPLEMENTATION_NAME.equals(sslImplementationName)) {
+ return SSLHostConfig.Type.OPENSSL;
+ } else {
+ return SSLHostConfig.Type.JSSE;
+ }
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1686281&r1=1686280&r2=1686281&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Jun 18 17:15:51 2015
@@ -82,6 +82,11 @@
has been significant changes to the SSL configuration in server.xml to
support this. (markt)
</add>
+ <add>
+ Add SSL engine backed by OpenSSL, based on code contributed by Numa de
+ Montmollin and derived from code developed by Twitter and Netty.
+ (remm)
+ </add>
</changelog>
</subsection>
<subsection name="Tribes">
Modified: tomcat/trunk/webapps/docs/config/http.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1686281&r1=1686280&r2=1686281&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Thu Jun 18 17:15:51 2015
@@ -1343,7 +1343,13 @@
<p>The class name of the SSL implementation to use. If not specified, the
default of
<code>org.apache.tomcat.util.net.jsse.JSSEImplementation</code>
will be used which wraps JVM's default JSSE provider. Note that the
- JVM can be configured to use a different JSSE provider as the
default.</p>
+ JVM can be configured to use a different JSSE provider as the default.
+ Tomcat also bundles a special SSL implementation for JSSE that is backed
+ by OpenSSL. To enable it, the native library should be enabled as if
+ intending to use the APR connector, the value of this attribute should be
+ <code>org.apache.tomcat.util.net.openssl.OpenSSLImplementation</code>,
+ and the SSL attributes configuration used should be the one from the APR
+ connector.</p>
</attribute>
</attributes>
Modified: tomcat/trunk/webapps/docs/ssl-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ssl-howto.xml?rev=1686281&r1=1686280&r2=1686281&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/trunk/webapps/docs/ssl-howto.xml Thu Jun 18 17:15:51 2015
@@ -300,12 +300,21 @@ loaded or not, use one of the following:
<!-- Define a HTTP/1.1 Connector on port 8443, JSSE NIO2 implementation -->
<Connector protocol="org.apache.coyote.http11.Http11Nio2Protocol"
port="8443" .../>]]></source>
+
+<p>Tomcat also provides a SSL engine that directly uses OpenSSL. If the APR
library
+is installed (as for using the APR connector), using the sslImplementationName
attribute
+allows enabling it. In that case, the configuration must not use the JSSE
attributes, but
+all the attributes that are defined for the APR connector.</p>
+<source><![CDATA[<!-- Define a HTTP/1.1 Connector on port 8443, JSSE NIO
implementation and OpenSSL -->
+<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443"
+
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
+ .../>]]></source>
+
<p>Alternatively, to specify an APR connector (the APR library must be
available) use:</p>
<source><![CDATA[<!-- Define a HTTP/1.1 Connector on port 8443, APR
implementation -->
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443" .../>]]></source>
-
<p>If you are using APR, you have the option of configuring an alternative
engine to OpenSSL.</p>
<source><![CDATA[<Listener
className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="someengine" SSLRandomSeed="somedevice" />]]></source>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
