Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Date: 8 Jul 2005 14:19:04 -0000
Message-ID: <20050708141904.79414.qmail@minotaur.apache.org>
From: remm@apache.org
To: jakarta-tomcat-connectors-cvs@apache.org
Subject: cvs commit:
 jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11
 Http11AprProtocol.java

remm        2005/07/08 07:19:04

  Modified:    util/java/org/apache/tomcat/util/net AprEndpoint.java
               http11/src/java/org/apache/coyote/http11
                        Http11AprProtocol.java
  Log:
  - Add some basic configuration for protocol and client cert.
  
  Revision  Changes    Path
  1.61      +31 -5     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/AprEndpoint.java
  
  Index: AprEndpoint.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/AprEndpoint.java,v
  retrieving revision 1.60
  retrieving revision 1.61
  diff -u -r1.60 -r1.61
  --- AprEndpoint.java	7 Jul 2005 14:26:25 -0000	1.60
  +++ AprEndpoint.java	8 Jul 2005 14:19:04 -0000	1.61
  @@ -343,6 +343,14 @@
   
       
       /**
  +     * SSL protocols.
  +     */
  +    protected String SSLProtocol = "all";
  +    public String getSSLProtocol() { return SSLProtocol; }
  +    public void setSSLProtocol(String SSLProtocol) { this.SSLProtocol = SSLProtocol; }
  +
  +    
  +    /**
        * SSL password (if a cert is encrypted, and no password has been provided, a callback
        * will ask for a password).
        */
  @@ -418,9 +426,9 @@
       /**
        * SSL verify client.
        */
  -    protected int SSLVerifyClient = 0;
  -    public int getSSLVerifyClient() { return SSLVerifyClient; }
  -    public void setSSLVerifyClient(int SSLVerifyClient) { this.SSLVerifyClient = SSLVerifyClient; }
  +    protected String SSLVerifyClient = "none";
  +    public String getSSLVerifyClient() { return SSLVerifyClient; }
  +    public void setSSLVerifyClient(String SSLVerifyClient) { this.SSLVerifyClient = SSLVerifyClient; }
        
       
       /**
  @@ -527,8 +535,17 @@
               } else {
                   SSL.initialize(SSLEngine);
               }
  +            // SSL protocol
  +            int value = SSL.SSL_PROTOCOL_ALL;
  +            if ("SSLv2".equalsIgnoreCase(SSLProtocol)) {
  +                value = SSL.SSL_PROTOCOL_SSLV2;
  +            } else if ("SSLv3".equalsIgnoreCase(SSLProtocol)) {
  +                value = SSL.SSL_PROTOCOL_SSLV3;
  +            } else if ("TLSv1".equalsIgnoreCase(SSLProtocol)) {
  +                value = SSL.SSL_PROTOCOL_TLSV1;
  +            }
               // Create SSL Context
  -            sslContext = SSLContext.make(rootPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
  +            sslContext = SSLContext.make(rootPool, value, SSL.SSL_MODE_SERVER);
               // List the ciphers that the client is permitted to negotiate
               SSLContext.setCipherSuite(sslContext, SSLCipherSuite);
               // Load Server key and certificate
  @@ -537,7 +554,16 @@
               if (SSLCACertificateFile != null) {
                   SSLContext.setCACertificate(sslContext, SSLCACertificateFile, null);
               }
  -            SSLContext.setVerify(sslContext, SSLVerifyClient, SSLVerifyDepth);
  +            // Client certificate verification
  +            value = SSL.SSL_CVERIFY_NONE;
  +            if ("optional".equalsIgnoreCase(SSLVerifyClient)) {
  +                value = SSL.SSL_CVERIFY_OPTIONAL;
  +            } else if ("require".equalsIgnoreCase(SSLVerifyClient)) {
  +                value = SSL.SSL_CVERIFY_REQUIRE;
  +            } else if ("optionalNoCA".equalsIgnoreCase(SSLVerifyClient)) {
  +                value = SSL.SSL_CVERIFY_OPTIONAL_NO_CA;
  +            }
  +            SSLContext.setVerify(sslContext, value, SSLVerifyDepth);
               // For now, sendfile is not supported with SSL
               useSendfile = false;
           }
  
  
  
  1.15      +9 -2      jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11AprProtocol.java
  
  Index: Http11AprProtocol.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11AprProtocol.java,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- Http11AprProtocol.java	7 Jul 2005 22:54:13 -0000	1.14
  +++ Http11AprProtocol.java	8 Jul 2005 14:19:04 -0000	1.15
  @@ -501,6 +501,13 @@
   
   
       /**
  +     * SSL protocol.
  +     */
  +    public String getSSLProtocol() { return ep.getSSLProtocol(); }
  +    public void setSSLProtocol(String SSLProtocol) { ep.setSSLProtocol(SSLProtocol); }
  +
  +
  +    /**
        * SSL password (if a cert is encrypted, and no password has been provided, a callback
        * will ask for a password).
        */
  @@ -567,8 +574,8 @@
       /**
        * SSL verify client.
        */
  -    public int getSSLVerifyClient() { return ep.getSSLVerifyClient(); }
  -    public void setSSLVerifyClient(int SSLVerifyClient) { ep.setSSLVerifyClient(SSLVerifyClient); }
  +    public String getSSLVerifyClient() { return ep.getSSLVerifyClient(); }
  +    public void setSSLVerifyClient(String SSLVerifyClient) { ep.setSSLVerifyClient(SSLVerifyClient); }
   
   
       /**
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org