tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: tomcat-embed 8.5.9 - runtime changes to SSLHostConfig objects
Date Thu, 05 Jan 2017 22:08:29 GMT
On 05/01/2017 21:05, Jesse Schulman wrote:
> We are using tomcat-embed 8.5.9, java8 and running on Centos7.  Given
> Tomcat's new support for SNI, we wish to support adding/removing/updating
> certificates via our application at runtime without restarting tomcat or
> binding/unbinding the port.
> Our configuration is very simple, we have a single servlet for all
> requests, so we have a single connector/endpoint to manage all
> SSLHostConfigs.
> It appears that by manipulating the list of SSLHostConfig objects in the
> AbstractEndpoint we can achieve what we want, there however don't appear to
> be any public methods available that allow that kind of operation.

It should be possible with the current API. What can't you do?

> I was able to extend a few tomcat classes (Connector,
> AbstractHttp11JsseProtocol, NioEndpoint) to expose what I need and verify
> that I can change the SSLHostConfig at runtime, however I would prefer to
> use APIs fully supported by tomcat.
> Is there any way to do what I want with the currently available APIs, or
> are there any plans to expose this kind of functionality?

It depends exactly what you want to do.


should be enough.

> If not, are there any risks or issues with taking the approach described
> above by extending classes to expose what I need?

It depends what you want to do. Generally, there is a risk we'll change
an API you are depending on since a lot of those are treated as internal
APIs. Some sample code might help.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message