tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Issue while using SSL with Embedded Tomcat 6.0.37
Date Wed, 09 Oct 2013 15:40:13 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chirag,

I have a bunch of non-SSL-related questions about your code.

On 10/9/13 9:59 AM, Chirag Dewan wrote:
> I have a wrapper connector class :
> 
> public HTTPConnector(int port, String keystoreFile, String
> password, int maxKeepAliveRequests, int maxThreads, int
> connectionTimeout, Logger logger) throws Exception { myLogger =
> logger; this.keyStoreFile = keystoreFile; this.keyStorePassword =
> password;
> 
> if( maxKeepAliveRequests != 0 && maxKeepAliveRequests >= -1 ) { 
> IntrospectionUtils.setProperty( this, "maxKeepAliveRequests",
> String.valueOf( maxKeepAliveRequests ) ); }

What's wrong with calling
this.setMaxKeepAliveRequests(maxKeepAliveRequests)?

It seems like you have way more code than necessary in this class.

> if( keystoreFile != null ) { String cipherSet =
> System.getProperty("https.cipher.set");
> 
> setSecure( true );

Here, you're using this.serSecure(true) instead of using
IntrospectionUtils. Why some settings via IntrospectionUtils and
others with direct method calls?

> setScheme( "https" );
> 
> try { // Added TLS since there is a bug in Tomcat 5.5.9. No default
> protocol is set. IntrospectionUtils.setProperty( this,
> "sslProtocol", "TLS" ); IntrospectionUtils.setProperty( this,
> "keystore", keyStoreFile ); IntrospectionUtils.setProperty( this,
> "keypass", keyStorePassword ); IntrospectionUtils.setProperty(
> this, "SSLEnabled", "true" ); if(cipherSet != null &&
> !cipherSet.equalsIgnoreCase("")){

It might be worth calling trim() on the cipherSet value before
checking for equality with "". Using "ignore case" on an empty string
is not going to add anything, FYI.

> catch( Exception exception ) { myLogger.severe( "Could not load SSL
> server socket factory." ); throw new Exception( "Could not load SSL
> server socket factory." ); }

How about just "throw exception;"... any reason to completely swallow
the original exception and throw a new one? That just seems confusing.

This constructor seems much more appropriate to be a "factory" method
instead of a constructor for a class that trivially extends the
existing Connector. With a factory, you could also choose the type of
connector to use instead of having to extend a specific one (e.g. NIO
vs. BIO, etc.).

> and I attach it to the container by :
> 
> Embedded embedded = new Embedded();
> 
> embedded.addConnector( connector ); connector.start();
> 
> and I call embedded.start(); during intialization,so I have the
> Tomcat running.
> 
> Chris,"cipherSet" is a configurable parameter. I am usually using
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA for testing purpose.

That all seems fairly straightforward. I have no idea why SSL would be
acting up, there.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSVXjbAAoJEBzwKT+lPKRYdpYP/jJfmjmJunQ6vGpuVuEQuRqd
lmAE3IflDuubcTls6XHyGrR2CM1X/3ALuu3ISm6HiRMsqACJ8EYLvOYcp821uom6
y7Gy21DkjUg7T51X1QjBQVvpt8LtKGmsQeGxmYZN91gNYJG8MFQaugPn3GDbDpVj
f8WQgDwUG5JYrKtHY1MF+neDEUkkz3xUjlTak5S2YEFi4o2wF6bCigexVUavae4v
gZgCtoTmcBhyWL/t4M0/BaAm7PdNce7GGHDl1/+yZS6rlvMC8wlxxPNCicROHySo
lTirs5boNlIVJuAXqf3pEequk+IowtoZD6Dix+Y90YX0DlExVnTkPY86n7A4QQUK
3lxvWOjjbsJn8hY4Pq8RjR64uTi/Exy6qczTeJmDVu3sY+KhtpZ1Ez+sMlCHNrHP
KlNKFEwtnO97hxZBzBUiiLl+6nMWxpWoGRXeMqYozNg6qxV2bzG3q141I5OmHjs5
fu/kGtHHZFkNIXgsxpdo/w3chSLLUFY6AtCIQdBeQ6A36Kei6ccyw1vWZL6kfLJT
UK51b+27kOpgW085dnfUncUx4bQoUrEo9+aCbRJBRbj233CMI+LOQCh+VLJqu4K+
vnlNMY2SZchSHwyoYGTCeYNg9GB9TbPjFI6T7Hq+cDdYI0hONS545ohfFojCaa8F
szV4iCbcDwgJDOrFDG1w
=g/8J
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message