tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cos...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE14Support.java
Date Wed, 16 Apr 2003 19:23:35 GMT
costin      2003/04/16 12:23:35

  Modified:    util/java/org/apache/tomcat/util/net/jsse JSSE14Support.java
  Log:
  Allow connections from clients with untrusted certificates.
  The connection will be secure, but the cert can't be verified.
  
  We should try to extract the cert even if it can't be verified - but that's more
  complex ( JSSE throws exception "Invalid certificate" )
  
  Revision  Changes    Path
  1.3       +14 -3     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java
  
  Index: JSSE14Support.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- JSSE14Support.java	29 Mar 2003 07:37:25 -0000	1.2
  +++ JSSE14Support.java	16 Apr 2003 19:23:34 -0000	1.3
  @@ -140,10 +140,21 @@
           }
       }
   
  +    /** Return the X509certificates or null if we can't get them.
  +     *  XXX We should allow unverified certificates 
  +     */ 
       protected X509Certificate [] getX509Certificates(SSLSession session) 
  -	throws IOException {
  -	Certificate [] certs = session.getPeerCertificates();
  -	X509Certificate [] x509Certs = new X509Certificate[certs.length];
  +	throws IOException 
  +    {
  +        Certificate [] certs=null;
  +        try {
  +	    certs = session.getPeerCertificates();
  +        } catch( Throwable t ) {
  +            return null;
  +        }
  +        if( certs==null ) return null;
  +        
  +        X509Certificate [] x509Certs = new X509Certificate[certs.length];
   	for(int i=0; i < certs.length; i++) {
   	    if( certs[i] instanceof X509Certificate ) {
   		// always currently true with the JSSE 1.1.x
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message