Author: markt
Date: Fri Jun 19 14:17:43 2015
New Revision: 1686421
URL: http://svn.apache.org/r1686421
Log:
Some plumbing for supporting multiple certificate types for a virtual host
Incomplete and untested
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1686421&r1=1686420&r2=1686421&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Fri
Jun 19 14:17:43 2015
@@ -16,11 +16,14 @@
*/
package org.apache.tomcat.util.net;
+import java.util.List;
+
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
import org.apache.tomcat.util.net.SSLHostConfig.Type;
+import org.apache.tomcat.util.net.jsse.openssl.Cipher;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
public abstract class AbstractJsseEndpoint<S> extends AbstractEndpoint<S> {
@@ -87,7 +90,7 @@ public abstract class AbstractJsseEndpoi
}
- protected SSLEngine createSSLEngine(String sniHostName) {
+ protected SSLEngine createSSLEngine(String sniHostName, List<Cipher>
clientRequestedCiphers) {
SSLHostConfig sslHostConfig = getSSLHostConfig(sniHostName);
SSLContextWrapper sslContextWrapper = (SSLContextWrapper)
sslHostConfig.getSslContext();
if (sslContextWrapper == null) {
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1686421&r1=1686420&r2=1686421&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Fri Jun
19 14:17:43 2015
@@ -22,6 +22,7 @@ import java.nio.ByteBuffer;
import java.nio.channels.AsynchronousSocketChannel;
import java.nio.channels.CompletionHandler;
import java.nio.channels.WritePendingException;
+import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
@@ -37,6 +38,7 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult;
+import org.apache.tomcat.util.net.jsse.openssl.Cipher;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -330,9 +332,11 @@ public class SecureNio2Channel extends N
}
String hostName = null;
+ List<Cipher> clientRequestedCiphers = null;
switch (extractor.getResult()) {
case COMPLETE:
hostName = extractor.getSNIValue();
+ clientRequestedCiphers = extractor.getClientRequestedCiphers();
break;
case NOT_PRESENT:
// NO-OP
@@ -353,7 +357,7 @@ public class SecureNio2Channel extends N
log.debug(sm.getString("channel.nio.ssl.sniHostName", hostName));
}
- sslEngine = endpoint.createSSLEngine(hostName);
+ sslEngine = endpoint.createSSLEngine(hostName, clientRequestedCiphers);
// Ensure the application buffers (which have to be created earlier)
are
// big enough.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1686421&r1=1686420&r2=1686421&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Fri Jun
19 14:17:43 2015
@@ -23,6 +23,7 @@ import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
+import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
@@ -34,6 +35,7 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult;
+import org.apache.tomcat.util.net.jsse.openssl.Cipher;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -268,9 +270,11 @@ public class SecureNioChannel extends Ni
}
String hostName = null;
+ List<Cipher> clientRequestedCiphers = null;
switch (extractor.getResult()) {
case COMPLETE:
hostName = extractor.getSNIValue();
+ clientRequestedCiphers = extractor.getClientRequestedCiphers();
break;
case NOT_PRESENT:
// NO-OP
@@ -290,7 +294,7 @@ public class SecureNioChannel extends Ni
log.debug(sm.getString("channel.nio.ssl.sniHostName", hostName));
}
- sslEngine = endpoint.createSSLEngine(hostName);
+ sslEngine = endpoint.createSSLEngine(hostName, clientRequestedCiphers);
// Ensure the application buffers (which have to be created earlier)
are
// big enough.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
