Return-Path: <users-return-260157-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 35B5F200BF3
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu,  5 Jan 2017 22:05:48 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 345A8160B26; Thu,  5 Jan 2017 21:05:48 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 807EB160B33
	for <archive-asf-public@cust-asf.ponee.io>; Thu,  5 Jan 2017 22:05:47 +0100 (CET)
Received: (qmail 32203 invoked by uid 500); 5 Jan 2017 21:05:46 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 32192 invoked by uid 99); 5 Jan 2017 21:05:45 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2017 21:05:45 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 82044C03A0
	for <users@tomcat.apache.org>; Thu,  5 Jan 2017 21:05:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.48
X-Spam-Level: **
X-Spam-Status: No, score=2.48 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2,
	RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5] autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key)
	header.d=dreamtsoft-com.20150623.gappssmtp.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id 8ygetuzkpsmA for <users@tomcat.apache.org>;
	Thu,  5 Jan 2017 21:05:44 +0000 (UTC)
Received: from mail-oi0-f51.google.com (mail-oi0-f51.google.com [209.85.218.51])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 18DF35FCB1
	for <users@tomcat.apache.org>; Thu,  5 Jan 2017 21:05:44 +0000 (UTC)
Received: by mail-oi0-f51.google.com with SMTP id 128so400063748oig.0
        for <users@tomcat.apache.org>; Thu, 05 Jan 2017 13:05:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=dreamtsoft-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:from:date:message-id:subject:to;
        bh=KLCKPu2JUNPYK775t9pYycjFAWuoqK82iBxj6qxsosY=;
        b=iB39hPvNIDUr5fJ2GnFK8cAEtgImo109fe4DcqwzDJ7bhQCs7qf+yrF7HKIEg3mwUa
         JP5vGRWojrQ7uhjS87heF5AfcNiD7PV03uEo6jBnW9aR1kxDoGVUAlVVbowylmn8MedQ
         b6ux8m9JsbpWbIOK5Xe9I8uXbsQj0O/lsdZfjuBpn1kintrZztb0tIHwZqeQpK3tRIgJ
         LRXojhlqN2RnxCJeLT2JMO6ExOe338IvNV+Fh4jgwQ804wld09cEcua021B0R+RRg69T
         pazIgGDB1rI2pfyg7/yDLfdnSqdJD7yFoXnYKwwpS4xz7EXrOSDGXh0ISwGvVQ/MYTkj
         OUpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=KLCKPu2JUNPYK775t9pYycjFAWuoqK82iBxj6qxsosY=;
        b=sG785dcRStj3byjbyiSyRYKdrvxZF7YRS10mqksFBhhyALo/7sY1lBENs6vSaNBs5B
         6mxCCWVV79NAasf/74M+FTowpOfH9g8nzfP9aZ98K0H7WeaCyjKMln2Sr46sTw7QqYmC
         3IFiFwljAjhUGywAvWeuW28abDSqieyBIYz1X+TbQvz4wWzxEFsfGc7LY578a2kpHagk
         v+fz5EPTg/poMAezrXr/YhT5RB+s/2bX4vngMoT23H7jGHb1eZvndgEk95CNjjLeYwmJ
         M3nSgVdfDN7qFVmdyvtYnpC4FWqswgC2X0QThwlUxP2E2RAbExaTJcO4v4eazdsXYhOb
         DfwQ==
X-Gm-Message-State: AIkVDXLQh2pBdECJpcfrwQrhvSNwfEuCYHJeWYuwxBGh7mhw1zeS1O8ZedB1M5Zp1eP9zKpQfs7Cz7Iy7SzXXw==
X-Received: by 10.157.11.13 with SMTP id a13mr35023492ota.82.1483650343276;
 Thu, 05 Jan 2017 13:05:43 -0800 (PST)
MIME-Version: 1.0
From: Jesse Schulman <jesse@dreamtsoft.com>
Date: Thu, 05 Jan 2017 21:05:32 +0000
Message-ID: <CABeKdLX-ovP=FtF=6Vf2pWCKn=EZv-0Z-YHTvrwaYwXV5hjVNA@mail.gmail.com>
Subject: tomcat-embed 8.5.9 - runtime changes to SSLHostConfig objects
To: users@tomcat.apache.org
Content-Type: multipart/alternative; boundary=001a113e56c6aea4ee05455f4346
archived-at: Thu, 05 Jan 2017 21:05:48 -0000

--001a113e56c6aea4ee05455f4346
Content-Type: text/plain; charset=UTF-8

We are using tomcat-embed 8.5.9, java8 and running on Centos7.  Given
Tomcat's new support for SNI, we wish to support adding/removing/updating
certificates via our application at runtime without restarting tomcat or
binding/unbinding the port.

Our configuration is very simple, we have a single servlet for all
requests, so we have a single connector/endpoint to manage all
SSLHostConfigs.

It appears that by manipulating the list of SSLHostConfig objects in the
AbstractEndpoint we can achieve what we want, there however don't appear to
be any public methods available that allow that kind of operation.

I was able to extend a few tomcat classes (Connector,
AbstractHttp11JsseProtocol, NioEndpoint) to expose what I need and verify
that I can change the SSLHostConfig at runtime, however I would prefer to
use APIs fully supported by tomcat.

Is there any way to do what I want with the currently available APIs, or
are there any plans to expose this kind of functionality?

If not, are there any risks or issues with taking the approach described
above by extending classes to expose what I need?

Thanks!
Jesse

--001a113e56c6aea4ee05455f4346--