tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1174931 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSESupport.java java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties webapps/docs/changelog.xml
Date Fri, 23 Sep 2011 18:14:17 GMT
Author: markt
Date: Fri Sep 23 18:14:17 2011
New Revision: 1174931

URL: http://svn.apache.org/viewvc?rev=1174931&view=rev
Log: (empty)

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
    tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 23 18:14:17 2011
@@ -1 +1 @@
-/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096,1173241,1173256,1173288,1173461
 ,1173614,1173630,1173659,1173722,1174061,1174239,1174330,1174337-1174338,1174343,1174353
+/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096,1173241,1173256,1173288,1173461
 ,1173614,1173630,1173659,1173722,1174061,1174239,1174330,1174337-1174338,1174343,1174353,1174882,1174884

Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=1174931&r1=1174930&r2=1174931&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java Fri Sep 23
18:14:17 2011
@@ -35,6 +35,7 @@ import javax.security.cert.X509Certifica
 
 import org.apache.tomcat.util.net.SSLSessionManager;
 import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.res.StringManager;
 
 /** JSSESupport
 
@@ -56,6 +57,9 @@ class JSSESupport implements SSLSupport,
     private static final org.apache.juli.logging.Log log =
         org.apache.juli.logging.LogFactory.getLog(JSSESupport.class);
     
+    private static final StringManager sm =
+        StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
+
     private static final Map<SSLSession,Integer> keySizeCache =
         new WeakHashMap<SSLSession, Integer>();
 
@@ -94,7 +98,7 @@ class JSSESupport implements SSLSupport,
         try {
             certs = session.getPeerCertificates();
         } catch( Throwable t ) {
-            log.debug("Error getting client certs",t);
+            log.debug(sm.getString("jsseSupport.clientCertError"), t);
             return null;
         }
         if( certs==null ) return null;
@@ -115,7 +119,8 @@ class JSSESupport implements SSLSupport,
                     x509Certs[i] = (java.security.cert.X509Certificate)
                             cf.generateCertificate(stream);
                 } catch(Exception ex) { 
-                    log.info("Error translating cert " + certs[i], ex);
+                    log.info(sm.getString(
+                            "jseeSupport.certTranslationError", certs[i]), ex);
                     return null;
                 }
             }
@@ -153,7 +158,7 @@ class JSSESupport implements SSLSupport,
 
     protected void handShake() throws IOException {
         if( ssl.getWantClientAuth() ) {
-            log.debug("No client cert sent for want");
+            log.debug(sm.getString("jsseSupport.noCertWant"));
         } else {
             ssl.setNeedClientAuth(true);
         }
@@ -161,7 +166,7 @@ class JSSESupport implements SSLSupport,
         if (ssl.getEnabledCipherSuites().length == 0) {
             // Handshake is never going to be successful.
             // Assume this is because handshakes are disabled
-            log.warn("SSL server initiated renegotiation is disabled, closing connection");
+            log.warn(sm.getString("jsseSupport.serverRenegDisabled"));
             session.invalidate();
             ssl.close();
             return;
@@ -170,7 +175,7 @@ class JSSESupport implements SSLSupport,
         InputStream in = ssl.getInputStream();
         int oldTimeout = ssl.getSoTimeout();
         ssl.setSoTimeout(1000);
-        byte[] b = new byte[0];
+        byte[] b = new byte[1];
         listener.reset();
         ssl.startHandshake();
         int maxTries = 60; // 60 * 1000 = example 1 minute time out
@@ -178,9 +183,16 @@ class JSSESupport implements SSLSupport,
             if (log.isTraceEnabled())
                 log.trace("Reading for try #" + i);
             try {
-                in.read(b);
+                int read = in.read(b);
+                if (read > 0) {
+                    // Shouldn't happen as all input should have been swallowed
+                    // before trying to do the handshake. If it does, something
+                    // went wrong so lets bomb out now.
+                    throw new SSLException(
+                            sm.getString("jsseSupport.unexpectedData"));
+                }
             } catch(SSLException sslex) {
-                log.info("SSL Error getting client Certs",sslex);
+                log.info(sm.getString("jsseSupport.clientCertError"), sslex);
                 throw sslex;
             } catch (IOException e) {
                 // ignore - presumably the timeout

Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties?rev=1174931&r1=1174930&r2=1174931&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties
Fri Sep 23 18:14:17 2011
@@ -17,4 +17,9 @@ jsse.alias_no_key_entry=Alias name {0} d
 jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2}
 jsse.invalid_ssl_conf=SSL configuration is invalid due to {0}
 jsse.invalid_truststore_password=The provided trust store password could not be used to unlock
and/or validate the trust store. Retrying to access the trust store with a null password which
will skip validation.
-jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement
javax.net.ssl.TrustManager 
\ No newline at end of file
+jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement
javax.net.ssl.TrustManager
+jsseSupport.clientCertError=Error trying to obtain a certificate from the client
+jseeSupport.certTranslationError=Error translating certificate [{0}]
+jsseSupport.noCertWant=No client certificate sent for want
+jsseSupport.serverRenegDisabled=SSL server initiated renegotiation is disabled, closing connection
+jsseSupport.unexpectedData=Unexpected data read from input stream
\ No newline at end of file

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1174931&r1=1174930&r2=1174931&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Sep 23 18:14:17 2011
@@ -158,6 +158,10 @@
         <bug>51860</bug>: Fix issues if using NIO with a custom
         SSLImplementation. Based on a suggestion by Roman Tsirulnikov. (markt)
       </fix>
+      <fix>
+        Allow the BIO HTTP connector to be used with SSL when running under Java
+        7. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message