Merge remote-tracking branch 'origin/jetty-9.4.x'
This commit is contained in:
Jan Bartel
commit
868eb50625
|
|
@ -24,6 +24,7 @@
|
||||||
</goals>
|
</goals>
|
||||||
<configuration>
|
<configuration>
|
||||||
<versionString>${alpn.api.version}</versionString>
|
<versionString>${alpn.api.version}</versionString>
|
||||||
|
<propertyPrefix>alpn</propertyPrefix>
|
||||||
</configuration>
|
</configuration>
|
||||||
</execution>
|
</execution>
|
||||||
</executions>
|
</executions>
|
||||||
|
|
@ -36,7 +37,7 @@
|
||||||
<Bundle-SymbolicName>${bundle-symbolic-name};singleton:=true</Bundle-SymbolicName>
|
<Bundle-SymbolicName>${bundle-symbolic-name};singleton:=true</Bundle-SymbolicName>
|
||||||
<Bundle-Name>Jetty OSGi ALPN Fragment</Bundle-Name>
|
<Bundle-Name>Jetty OSGi ALPN Fragment</Bundle-Name>
|
||||||
<Import-Package>!javax.*;!org.eclipse.jetty.*</Import-Package>
|
<Import-Package>!javax.*;!org.eclipse.jetty.*</Import-Package>
|
||||||
<Export-Package>org.eclipse.jetty.alpn;version="${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.${parsedVersion.incrementalVersion}"</Export-Package>
|
<Export-Package>org.eclipse.jetty.alpn;version="${alpn.majorVersion}.${alpn.minorVersion}.${alpn.incrementalVersion}"</Export-Package>
|
||||||
<Fragment-Host>system.bundle;extension:=framework</Fragment-Host>
|
<Fragment-Host>system.bundle;extension:=framework</Fragment-Host>
|
||||||
</instructions>
|
</instructions>
|
||||||
</configuration>
|
</configuration>
|
||||||
|
|
|
||||||
|
|
@ -399,9 +399,7 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
|
|
||||||
// select the protocols and ciphers
|
// select the protocols and ciphers
|
||||||
SSLEngine sslEngine=context.createSSLEngine();
|
SSLEngine sslEngine=context.createSSLEngine();
|
||||||
selectCipherSuites(
|
selectCipherSuites(sslEngine.getEnabledCipherSuites(),sslEngine.getSupportedCipherSuites());
|
||||||
sslEngine.getEnabledCipherSuites(),
|
|
||||||
sslEngine.getSupportedCipherSuites());
|
|
||||||
selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols());
|
selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols());
|
||||||
|
|
||||||
_factory = new Factory(keyStore,trustStore,context);
|
_factory = new Factory(keyStore,trustStore,context);
|
||||||
|
|
@ -1487,20 +1485,11 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
checkIsStarted();
|
checkIsStarted();
|
||||||
|
|
||||||
SSLServerSocketFactory factory = _factory._context.getServerSocketFactory();
|
SSLServerSocketFactory factory = _factory._context.getServerSocketFactory();
|
||||||
|
|
||||||
SSLServerSocket socket =
|
SSLServerSocket socket =
|
||||||
(SSLServerSocket) (host==null ?
|
(SSLServerSocket) (host==null ?
|
||||||
factory.createServerSocket(port,backlog):
|
factory.createServerSocket(port,backlog):
|
||||||
factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
|
factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
|
||||||
|
socket.setSSLParameters(customize(socket.getSSLParameters()));
|
||||||
if (getWantClientAuth())
|
|
||||||
socket.setWantClientAuth(getWantClientAuth());
|
|
||||||
if (getNeedClientAuth())
|
|
||||||
socket.setNeedClientAuth(getNeedClientAuth());
|
|
||||||
|
|
||||||
socket.setEnabledCipherSuites(_selectedCipherSuites);
|
|
||||||
socket.setEnabledProtocols(_selectedProtocols);
|
|
||||||
|
|
||||||
return socket;
|
return socket;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1509,17 +1498,8 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
checkIsStarted();
|
checkIsStarted();
|
||||||
|
|
||||||
SSLSocketFactory factory = _factory._context.getSocketFactory();
|
SSLSocketFactory factory = _factory._context.getSocketFactory();
|
||||||
|
|
||||||
SSLSocket socket = (SSLSocket)factory.createSocket();
|
SSLSocket socket = (SSLSocket)factory.createSocket();
|
||||||
|
socket.setSSLParameters(customize(socket.getSSLParameters()));
|
||||||
if (getWantClientAuth())
|
|
||||||
socket.setWantClientAuth(getWantClientAuth());
|
|
||||||
if (getNeedClientAuth())
|
|
||||||
socket.setNeedClientAuth(getNeedClientAuth());
|
|
||||||
|
|
||||||
socket.setEnabledCipherSuites(_selectedCipherSuites);
|
|
||||||
socket.setEnabledProtocols(_selectedProtocols);
|
|
||||||
|
|
||||||
return socket;
|
return socket;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1586,31 +1566,41 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
return newSSLEngine(hostName, address.getPort());
|
return newSSLEngine(hostName, address.getPort());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Customize an SslEngine instance with the configuration of this factory,
|
||||||
|
* by calling {@link #customize(SSLParameters)}
|
||||||
|
* @param sslEngine
|
||||||
|
*/
|
||||||
public void customize(SSLEngine sslEngine)
|
public void customize(SSLEngine sslEngine)
|
||||||
{
|
{
|
||||||
if (LOG.isDebugEnabled())
|
if (LOG.isDebugEnabled())
|
||||||
LOG.debug("Customize {}",sslEngine);
|
LOG.debug("Customize {}",sslEngine);
|
||||||
|
|
||||||
SSLParameters sslParams = sslEngine.getSSLParameters();
|
sslEngine.setSSLParameters(customize(sslEngine.getSSLParameters()));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Customize an SslParameters instance with the configuration of this factory.
|
||||||
|
* @param sslParams The parameters to customize
|
||||||
|
* @return The passed instance of sslParams (returned as a convenience)
|
||||||
|
*/
|
||||||
|
public SSLParameters customize(SSLParameters sslParams)
|
||||||
|
{
|
||||||
sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm);
|
sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm);
|
||||||
sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder);
|
sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder);
|
||||||
if (!_certHosts.isEmpty() || !_certWilds.isEmpty())
|
if (!_certHosts.isEmpty() || !_certWilds.isEmpty())
|
||||||
{
|
|
||||||
if (LOG.isDebugEnabled())
|
|
||||||
LOG.debug("Enable SNI matching {}",sslEngine);
|
|
||||||
sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher()));
|
sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher()));
|
||||||
}
|
if (_selectedCipherSuites!=null)
|
||||||
sslParams.setCipherSuites(_selectedCipherSuites);
|
sslParams.setCipherSuites(_selectedCipherSuites);
|
||||||
sslParams.setProtocols(_selectedProtocols);
|
if (_selectedProtocols!=null)
|
||||||
|
sslParams.setProtocols(_selectedProtocols);
|
||||||
if (getWantClientAuth())
|
if (getWantClientAuth())
|
||||||
sslParams.setWantClientAuth(true);
|
sslParams.setWantClientAuth(true);
|
||||||
if (getNeedClientAuth())
|
if (getNeedClientAuth())
|
||||||
sslParams.setNeedClientAuth(true);
|
sslParams.setNeedClientAuth(true);
|
||||||
|
return sslParams;
|
||||||
sslEngine.setSSLParameters(sslParams);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static X509Certificate[] getCertChain(SSLSession sslSession)
|
public static X509Certificate[] getCertChain(SSLSession sslSession)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue