tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantin Kolinko" <knst.koli...@gmail.com>
Subject Re: svn commit: r684559 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Date Thu, 14 Aug 2008 13:05:15 GMT
Hi,

I, personally, somehow like the idea of testing accept() before entering
the main loop. Although it looks more like an enhancement than a fix
for some specific bug.

((Am I right, that this code of  JSSESocketFactory.createSocket() /
initServerSocket() is executed only once, i.e. there is only one
ServerSocket per connector? Have no experience there.))

But an obvious issue: the exception message is too specific. It
does not match the test. There might be some other errors that
will be caught by the test.

Maybe some more general message would be better. E.g.:

new IOException("SSL configuration is invalid: accept() test failed.
See SSL-HOWTO for details.");

Also, s/cetificate/certificate/ in the JavaDoc.

Regarding the original issue:
I see that SSLServerSocket has a family of getSupported**() methods
(getSupportedProtocols(), getSupportedCipherSuites()). Are they of
any help here?

Best regards,
Konstantin Kolinko

2008/8/14 Mark Thomas <markt@apache.org>:
> Mark Thomas wrote:
>> There must be a way to test cert/cipher compatibility without opening a
>> socket but I couldn't find it when I looked. I'll take another look at the
>> javax.net.ssl API but if anyone has any bright ideas please, let me know.
>
> SSLEngine looks promising. I'll see if I can modify the patch to use this
> instead.
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message