tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: [PATCH] SSLServerSocketFactory.java
Date Wed, 12 Sep 2001 17:40:17 GMT
As you can see from the commit messages, I committed a variation on your
#1 approach that lets you define a JSSE_HOME environment variable to
locate the JSSE jar files.  Coupled with registering the provider
automatically (your #2 approach), this simplifies the process of getting
set up to use SSL on Tomcat 4.  Thanks for the patches!

Craig


On Mon, 10 Sep 2001, Wolfgang Hoschek wrote:

> Date: Mon, 10 Sep 2001 16:50:26 +0200
> From: Wolfgang Hoschek <wolfgang.hoschek@cern.ch>
> Reply-To: tomcat-dev@jakarta.apache.org
> To: tomcat-dev@jakarta.apache.org
> Subject: [PATCH] SSLServerSocketFactory.java
>
> It itched me a lot that to enable SSL in TC4 a standard JDK has to be modified
> (copy JSSE libs into jdk/jre/lib/ext and add
> security.provider.3=com.sun.net.ssl.internal.ssl.Provider).
> This was not necessary in TC 3.2.x because of different class loading
> semantics.
> In our environment jdks cannot well be modified due to separate JDKs/archs,
> TCs, JSSEs, etc on shared read-only filesystems.
>
> So here are three TC4 patches (against the latest CVS) that allow JSSE to
> be picked up from anywhere on the filesystem.
> Patches are along the lines Craig suggested yesterday.
> 1) Modify catalina.sh and catalina.bat as indicated below to be able to add
> external jars to the system classpath (new env var CATALINA_SYSTEM_CLASSPATH).
> 2) Modify
> jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/net/SSLServerSocketFactory.java
> to dynamically add the com.sun.net.ssl.internal.ssl.Provider provider
>
> In case you don't like 1) because it allows external things to be added,
> then 2) is still of value because people don't need to write their own
> SSLServerSocketFactory
> Hope someone wants to try this out and commit before 4.0 FCS.
> Wolfgang.
>
> --- SSLServerSocketFactory.java.orig	Fri Sep  7 20:39:08 2001
> +++ SSLServerSocketFactory.java	Mon Sep 10 15:31:16 2001
> @@ -386,6 +386,14 @@
>               Security.addProvider(new sun.security.provider.Sun());
>               Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
>               */
> +            // even if jsse provider is already installed it can't hurt to
> make sure
> +            // and we do need to install it here if it isn't hard-wired in
> jdk/jre/lib/security/java.security
> +            try {
> +
> java.security.Security.addProvider(((java.security.Provider)
> Class.forName("com.sun.net.ssl.internal.ssl.Provider").newInstance()));
> +            }
> +            catch (IllegalAccessException exc) {}
> +            catch (ClassNotFoundException exc) {}
> +            catch (InstantiationException exc) {}
>
>               // Create an SSL context used to create an SSL socket factory
>               SSLContext context = SSLContext.getInstance(protocol);
>
>
>
> --- jakarta-tomcat-4.0/catalina/src/bin/catalina.sh.orig	Sat Sep  8
> 12:13:28 2001
> +++ jakarta-tomcat-4.0/catalina/src/bin/catalina.sh	Mon Sep 10 16:28:25 2001
> @@ -70,6 +70,12 @@
>     CP=$CP:"$JAVA_HOME/lib/tools.jar"
>   fi
>
> +# add CATALINA_SYSTEM_CLASSPATH custom jars to classpath. For example define
> +# export
> CATALINA_SYSTEM_CLASSPATH=/path/to/jsse/lib/jsse.jar:/path/to/jsse/lib/jnet.jar:/path/to/jsse/lib/jcert.jar
> +if [ ! -z "$CATALINA_SYSTEM_CLASSPATH" ] ; then
> +  CP=$CP:$CATALINA_SYSTEM_CLASSPATH
> +fi
> +
>   # convert the existing path to windows
>   if [ "$OSTYPE" = "cygwin32" ] || [ "$OSTYPE" = "cygwin" ] ; then
>      CP=`cygpath --path --windows "$CP"`
>
>
>
>
>
>
> --- jakarta-tomcat-4.0/catalina/src/bin/catalina.bat.orig	Mon Aug 27
> 21:10:25 2001
> +++ jakarta-tomcat-4.0/catalina/src/bin/catalina.bat	Mon Sep 10 16:16:43 2001
> @@ -65,6 +65,11 @@
>   rem ----- Set Up The Runtime Classpath
> ----------------------------------------
>
>   set CP=%CATALINA_HOME%\bin\bootstrap.jar;%JAVA_HOME%\lib\tools.jar
> +
> +# add CATALINA_SYSTEM_CLASSPATH custom jars to classpath. For example define
> +# set
> CATALINA_SYSTEM_CLASSPATH=\path\to\jsse\lib\jsse.jar;\path\to\jsse\lib\jnet.jar;\path\to\jsse\lib\jcert.jar
> +set CP=%CP%;%CATALINA_SYSTEM_CLASSPATH%
> +
>   set CLASSPATH=%CP%
>   echo Using CATALINA_BASE: %CATALINA_BASE%
>   echo Using CATALINA_HOME: %CATALINA_HOME%


Mime
View raw message