From 2f07a9eee6f11be0e709e5f4f06ccaca035a204b Mon Sep 17 00:00:00 2001 From: Jesse McConnell Date: Wed, 14 Sep 2016 20:04:52 +0000 Subject: [PATCH 1/3] test commit --- VERSION.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.txt b/VERSION.txt index 08a0fd0d4d2..9726b80f244 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1,4 +1,4 @@ -jetty-9.3.12-SNAPSHOT +jetty-9.3.12-SNAPSHOT jetty-9.3.11.v20160721 - 21 July 2016 + 230 customize Content-Type in ErrorHandler's default error page From 9e015653446b9c5cec3ffc9387217bfaf9cd8f4d Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Thu, 15 Sep 2016 12:00:50 +0200 Subject: [PATCH 2/3] Code cleanups. --- .../jetty/util/ssl/SslContextFactory.java | 22 +++++-------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index 9e65738728f..7fc7d2edeba 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -78,16 +78,12 @@ import org.eclipse.jetty.util.security.CertificateUtils; import org.eclipse.jetty.util.security.CertificateValidator; import org.eclipse.jetty.util.security.Password; - /** * SslContextFactory is used to configure SSL connectors * as well as HttpClient. It holds all SSL parameters and * creates SSL context based on these parameters to be * used by the SSL connectors. */ - -/** - */ public class SslContextFactory extends AbstractLifeCycle { public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager() @@ -106,7 +102,7 @@ public class SslContextFactory extends AbstractLifeCycle } }}; - static final Logger LOG = Log.getLogger(SslContextFactory.class); + private static final Logger LOG = Log.getLogger(SslContextFactory.class); public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM = (Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? @@ -228,9 +224,6 @@ public class SslContextFactory extends AbstractLifeCycle protected Factory _factory; - - - /** * Construct an instance of SslContextFactory * Default constructor for use in XmlConfiguration files @@ -1096,7 +1089,8 @@ public class SslContextFactory extends AbstractLifeCycle } } - LOG.debug("managers={} for {}",managers,this); + if (LOG.isDebugEnabled()) + LOG.debug("managers={} for {}",managers,this); return managers; } @@ -1183,18 +1177,13 @@ public class SslContextFactory extends AbstractLifeCycle else selected_protocols.addAll(Arrays.asList(enabledProtocols)); - // Remove any excluded protocols selected_protocols.removeAll(_excludeProtocols); - if (selected_protocols.isEmpty()) LOG.warn("No selected protocols from {}",Arrays.asList(supportedProtocols)); _selectedProtocols = selected_protocols.toArray(new String[selected_protocols.size()]); - - - } /** @@ -1459,7 +1448,6 @@ public class SslContextFactory extends AbstractLifeCycle _sslSessionTimeout = sslSessionTimeout; } - public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException { checkIsStarted(); @@ -1549,7 +1537,7 @@ public class SslContextFactory extends AbstractLifeCycle /** * Customize an SslEngine instance with the configuration of this factory, * by calling {@link #customize(SSLParameters)} - * @param sslEngine + * @param sslEngine the SSLEngine to customize */ public void customize(SSLEngine sslEngine) { @@ -1569,7 +1557,7 @@ public class SslContextFactory extends AbstractLifeCycle sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm); sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder); if (!_certHosts.isEmpty() || !_certWilds.isEmpty()) - sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher())); + sslParams.setSNIMatchers(Collections.singletonList(new AliasSNIMatcher())); if (_selectedCipherSuites!=null) sslParams.setCipherSuites(_selectedCipherSuites); if (_selectedProtocols!=null) From 01e29aa45a6b59333e090ad52fc449289456ab01 Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Thu, 15 Sep 2016 12:10:52 +0200 Subject: [PATCH 3/3] Fixes #870 - TLS protocol exclusion broken for SslContextFactory(String). Introduced a private constructor that performs the correct initialization, and have the other constructors delegate to it. --- .../eclipse/jetty/util/ssl/SslContextFactory.java | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index 7fc7d2edeba..a779a683d6a 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -241,9 +241,7 @@ public class SslContextFactory extends AbstractLifeCycle */ public SslContextFactory(boolean trustAll) { - setTrustAll(trustAll); - addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3"); - setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); + this(trustAll, null); } /** @@ -252,7 +250,16 @@ public class SslContextFactory extends AbstractLifeCycle */ public SslContextFactory(String keyStorePath) { - setKeyStorePath(keyStorePath); + this(false, keyStorePath); + } + + private SslContextFactory(boolean trustAll, String keyStorePath) + { + setTrustAll(trustAll); + addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3"); + setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); + if (keyStorePath != null) + setKeyStorePath(keyStorePath); } public String[] getSelectedProtocols()