Merge remote-tracking branch 'origin/jetty-9.4.x'

2016-07-14 14:12:12 +10:00 · 2016-07-14 14:12:12 +10:00 · 868eb50625
parent e47052f706 05260b63c9
commit 868eb50625
2 changed files with 26 additions and 35 deletions
--- a/jetty-osgi/jetty-osgi-alpn/pom.xml
+++ b/jetty-osgi/jetty-osgi-alpn/pom.xml
@ -24,6 +24,7 @@
            </goals>
            <configuration>
              <versionString>${alpn.api.version}</versionString>
+              <propertyPrefix>alpn</propertyPrefix>
            </configuration>
          </execution>
        </executions>
@ -36,7 +37,7 @@
              <Bundle-SymbolicName>${bundle-symbolic-name};singleton:=true</Bundle-SymbolicName>
              <Bundle-Name>Jetty OSGi ALPN Fragment</Bundle-Name>
              <Import-Package>!javax.*;!org.eclipse.jetty.*</Import-Package>
-              <Export-Package>org.eclipse.jetty.alpn;version="${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.${parsedVersion.incrementalVersion}"</Export-Package>
+              <Export-Package>org.eclipse.jetty.alpn;version="${alpn.majorVersion}.${alpn.minorVersion}.${alpn.incrementalVersion}"</Export-Package>
              <Fragment-Host>system.bundle;extension:=framework</Fragment-Host>
            </instructions>
        </configuration>
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@ -399,9 +399,7 @@ public class SslContextFactory extends AbstractLifeCycle
        
        // select the protocols and ciphers
        SSLEngine sslEngine=context.createSSLEngine();
-        selectCipherSuites(
-                sslEngine.getEnabledCipherSuites(),
-                sslEngine.getSupportedCipherSuites());
+        selectCipherSuites(sslEngine.getEnabledCipherSuites(),sslEngine.getSupportedCipherSuites());
        selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols());

        _factory = new Factory(keyStore,trustStore,context);
@ -1487,20 +1485,11 @@ public class SslContextFactory extends AbstractLifeCycle
        checkIsStarted();

        SSLServerSocketFactory factory = _factory._context.getServerSocketFactory();
-
        SSLServerSocket socket =
            (SSLServerSocket) (host==null ?
                        factory.createServerSocket(port,backlog):
                        factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
-
-        if (getWantClientAuth())
-            socket.setWantClientAuth(getWantClientAuth());
-        if (getNeedClientAuth())
-            socket.setNeedClientAuth(getNeedClientAuth());
-
-        socket.setEnabledCipherSuites(_selectedCipherSuites);
-        socket.setEnabledProtocols(_selectedProtocols);
-
+        socket.setSSLParameters(customize(socket.getSSLParameters()));
        return socket;
    }

@ -1509,17 +1498,8 @@ public class SslContextFactory extends AbstractLifeCycle
        checkIsStarted();

        SSLSocketFactory factory = _factory._context.getSocketFactory();
-
        SSLSocket socket = (SSLSocket)factory.createSocket();
-
-        if (getWantClientAuth())
-            socket.setWantClientAuth(getWantClientAuth());
-        if (getNeedClientAuth())
-            socket.setNeedClientAuth(getNeedClientAuth());
-
-        socket.setEnabledCipherSuites(_selectedCipherSuites);
-        socket.setEnabledProtocols(_selectedProtocols);
-
+        socket.setSSLParameters(customize(socket.getSSLParameters()));
        return socket;
    }

@ -1586,31 +1566,41 @@ public class SslContextFactory extends AbstractLifeCycle
        return newSSLEngine(hostName, address.getPort());
    }

+    /**
+     * Customize an SslEngine instance with the configuration of this factory,
+     * by calling {@link #customize(SSLParameters)}
+     * @param sslEngine
+     */
    public void customize(SSLEngine sslEngine)
    {
        if (LOG.isDebugEnabled())
            LOG.debug("Customize {}",sslEngine);

-        SSLParameters sslParams = sslEngine.getSSLParameters();
+        sslEngine.setSSLParameters(customize(sslEngine.getSSLParameters()));
+    }
+    
+    /**
+     * Customize an SslParameters instance with the configuration of this factory.
+     * @param sslParams The parameters to customize
+     * @return The passed instance of sslParams (returned as a convenience)
+     */
+    public SSLParameters customize(SSLParameters sslParams)
+    {
        sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm);
        sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder);
        if (!_certHosts.isEmpty() || !_certWilds.isEmpty())
-        {
-            if (LOG.isDebugEnabled())
-                LOG.debug("Enable SNI matching {}",sslEngine);
            sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher()));
-        }
-        sslParams.setCipherSuites(_selectedCipherSuites);
-        sslParams.setProtocols(_selectedProtocols);
-
+        if (_selectedCipherSuites!=null)
+            sslParams.setCipherSuites(_selectedCipherSuites);
+        if (_selectedProtocols!=null)
+            sslParams.setProtocols(_selectedProtocols);
        if (getWantClientAuth())
            sslParams.setWantClientAuth(true);
        if (getNeedClientAuth())
            sslParams.setNeedClientAuth(true);
-
-        sslEngine.setSSLParameters(sslParams);
+        return sslParams;
    }
-
+    
    public static X509Certificate[] getCertChain(SSLSession sslSession)
    {
        try