Issue #215 Conscrypt SSL provider

Added module to install Conscrupt SSL provider
2017-08-02 11:52:31 +10:00 · 2017-08-02 11:52:31 +10:00 · 7298bed572
parent 29d4fcf80e
commit 7298bed572
4 changed files with 38 additions and 0 deletions
--- a/jetty-home/src/main/resources/modules/conscrypt.mod
+++ b/jetty-home/src/main/resources/modules/conscrypt.mod
@ -0,0 +1,27 @@
+[description]
+Installs the Conscrypt JSSE provider
+
+[tags]
+3rdparty
+
+[depend]
+ssl
+
+[files]
+maven://org.conscrypt/conscrypt-openjdk-uber/${conscrypt.version}|lib/conscrypt/conscrypt-uber-${conscrypt.version}.jar
+basehome:modules/conscrypt/conscrypt.xml|etc/conscrypt.xml
+
+[lib]
+lib/conscrypt/**.jar
+
+[xml]
+etc/conscrypt.xml
+
+[license]
+Conscrypt is distributed under the Apache Licence 2.0
+https://github.com/google/conscrypt/blob/master/LICENSE
+
+[ini]
+conscrypt.version?=1.0.0.RC8
+jetty.sslContext.provider?=AndroidOpenSSL
+
--- a/jetty-home/src/main/resources/modules/conscrypt/conscrypt.xml
+++ b/jetty-home/src/main/resources/modules/conscrypt/conscrypt.xml
@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+<Configure id="Conscrypt" class="org.conscrypt.OpenSSLProvider">
+  <Call class="java.security.Security" name="addProvider">
+    <Arg><Ref refid="Conscrypt"/></Arg>
+  </Call>
+</Configure>
--- a/jetty-server/src/main/config/etc/jetty-ssl-context.xml
+++ b/jetty-server/src/main/config/etc/jetty-ssl-context.xml
@ -11,6 +11,7 @@
 -->

 <Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+  <Set name="Provider"><Property name="jetty.sslContext.provider"/></Set>
  <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/></Set>
  <Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
  <Set name="KeyStoreType"><Property name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
--- a/jetty-server/src/main/config/modules/ssl.mod
+++ b/jetty-server/src/main/config/modules/ssl.mod
@ -63,6 +63,9 @@ basehome:modules/ssl/keystore|etc/keystore
 ## Note that OBF passwords are not secure, just protected from casual observation
 ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html

+## SSL JSSE Provider
+# jetty.sslContext.provider=
+
 ## Keystore file path (relative to $jetty.base)
 # jetty.sslContext.keyStorePath=etc/keystore