Merge remote-tracking branch 'origin/jetty-9.4.x'

examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java

@@ -89,13 +89,17 @@ public class ManyConnectors
         // including things like choosing the particular certificate out of a
         // keystore to be used.
         
-        Security.addProvider((Provider)ClassLoader.getSystemClassLoader().loadClass("org.conscrypt.OpenSSLProvider").newInstance());
-        
         SslContextFactory sslContextFactory = new SslContextFactory();
         sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
         sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
         sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
 
+        // OPTIONAL: Un-comment the following to use Conscrypt for SSL instead of
+        // the native JSSE implementation.
+
+        //Security.addProvider((Provider)ClassLoader.getSystemClassLoader().loadClass("org.conscrypt.OpenSSLProvider").newInstance());
+        //sslContextFactory.setProvider("Conscrypt");
+
         // HTTPS Configuration
         // A new HttpConfiguration object is needed for the next connector and
         // you can pass the old one as an argument to effectively clone the

jetty-documentation/src/main/asciidoc/configuring/connectors/configuring-ssl-distribution.adoc

@@ -17,18 +17,16 @@
 [[jetty-ssl-distribution]]
 === SSL in the Jetty Distribution
 
-==== Configuration
-
 When making use of the Jetty Distribution, enabling SSL support is as easy as activating the appropriate module.
 Jetty provides support for both the native https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html[JSSE] and https://github.com/google/conscrypt/[Conscrypt] SSL implementations.
 
-For native support, simply activate the `ssl` module:
+==== Native SSL Configuration
+
+For native support, simply activate the `ssl` link:#startup-modules[module:]
 
 [source, plain, subs="{sub-order}"]
 ----
 $ cd /path/to/mybase
-$ java -jar ${JETTY_HOME}/start.jar --create-startd
-...
 $ java -jar ${JETTY_HOME}/start.jar --add-to-startd=ssl
 INFO : server          initialised (transitively) in ${jetty.base}/start.d/server.ini
 INFO : ssl             initialised in ${jetty.base}/start.d/ssl.ini
@@ -57,13 +55,14 @@ jetty.sslContext.keyStorePath::
 jetty.sslContext.keyStorePassword::
   Sets the Password for the `keystore`.
 
-Enabling Conscrypt SSL is just as easy as native SSL - enable both the `conscrypt` and `ssl` modules:
+[[jetty-conscrypt-distribution]]
+==== Conscrypt SSL Configuration
+
+Enabling Conscrypt SSL is just as easy as native SSL - enable both the `conscrypt` and `ssl` link:#startup-modules[modules:]
 
 [source, plain, subs="{sub-order}"]
 ----
 $ cd ${JETTY_HOME}
-$ java -jar ${JETTY_HOME}/start.jar --create-startd
-...
 $ java -jar ../start.jar --add-to-start=ssl,conscrypt
 
 ALERT: There are enabled module(s) with licenses.

jetty-documentation/src/main/asciidoc/configuring/connectors/configuring-ssl.adoc

@@ -716,6 +716,26 @@ The keystore and truststore passwords may also be set using the system propertie
 This is _not_ a recommended usage.
 ____
 
+===== Conscrypt SSL
+
+Jetty also includes support for Google's https://github.com/google/conscrypt/[Conscrypt SSL], which is built on their fork of https://www.openssl.org/[OpenSSL], https://boringssl.googlesource.com/boringssl/[BoringSSL].
+Implementing Conscrypt is very straightforward process - simply instantiate an instance of Conscrypt's `OpenSSLProvider` and set `Conscrypt` as a provider for Jetty's `SslContextFactory`:
+
+[source, java, subs="{sub-order}"]
+----
+...
+Security.addProvider((Provider)ClassLoader.getSystemClassLoader().loadClass("org.conscrypt.OpenSSLProvider").newInstance());
+...
+SslContextFactory sslContextFactory = new SslContextFactory();
+sslContextFactory.setKeyStorePath("path/to/keystore");
+sslContextFactory.setKeyStorePassword("CleverKeyStorePassword");
+sslContextFactory.setKeyManagerPassword("OBF:VerySecretManagerPassword");
+sslContextFactory.setProvider("Conscrypt");
+...
+----
+
+If you are using the Jetty Distribution, please see the section on enabling the link:#jetty-conscrypt-distribution[Conscrypt SSL module.]
+
 ==== Configuring SNI
 
 From Java 8, the JVM contains support for the http://en.wikipedia.org/wiki/Server_Name_Indication[Server Name Indicator (SNI)] extension, which allows a SSL connection handshake to indicate one or more DNS names that it applies to.

jetty-rewrite/pom.xml

@@ -34,11 +34,6 @@
       <artifactId>jetty-server</artifactId>
       <version>${project.version}</version>
     </dependency>
-    <dependency>
-      <groupId>org.eclipse.jetty</groupId>
-      <artifactId>jetty-client</artifactId>
-      <version>${project.version}</version>
-    </dependency>
     <dependency>
       <groupId>javax.servlet</groupId>
       <artifactId>javax.servlet-api</artifactId>

jetty-start/src/main/java/org/eclipse/jetty/start/Main.java

@@ -376,8 +376,6 @@ public class Main
         // Get Desired Classpath based on user provided Active Options.
         Classpath classpath = args.getClasspath();
 
-        System.setProperty("java.class.path",classpath.toString());
-
         // Show the usage information and return
         if (args.isHelp())
         {

jetty-util/src/main/java/org/eclipse/jetty/util/resource/URLResource.java

@@ -171,15 +171,6 @@ public class URLResource extends Resource
     public File getFile()
         throws IOException
     {
-        // Try the permission hack
-        if (checkConnection())
-        {
-            Permission perm = _connection.getPermission();
-            if (perm instanceof java.io.FilePermission)
-                return new File(perm.getName());
-        }
-
-        // Don't know the file
         return null;    
     }