345656 Disambiguate SslContextFactory#validateCerts property
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@3141 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
6a2ecc493e
commit
dbcdcc6ce6
|
@ -20,6 +20,7 @@ jetty-7.4.1.v20110513
|
||||||
+ 345047 Readded deprecated ScanningAppDeployer#setMonitoredDir
|
+ 345047 Readded deprecated ScanningAppDeployer#setMonitoredDir
|
||||||
+ 345290 Weak references from SessionIdManager. HashSessionManager cleanup.
|
+ 345290 Weak references from SessionIdManager. HashSessionManager cleanup.
|
||||||
+ 345543 Always close endpoint on SSLException
|
+ 345543 Always close endpoint on SSLException
|
||||||
|
+ 345656 Disambiguate SslContextFactory#validateCerts property
|
||||||
+ 345679 Allow setting an initialized KeyStore as keystore/truststore of SslContextFactory
|
+ 345679 Allow setting an initialized KeyStore as keystore/truststore of SslContextFactory
|
||||||
+ 345704 jetty-nested works with forwarded SSL in cloudfoundry
|
+ 345704 jetty-nested works with forwarded SSL in cloudfoundry
|
||||||
+ JETTY-954 WebAppContext eats any start exceptions instead of stopping the server load
|
+ JETTY-954 WebAppContext eats any start exceptions instead of stopping the server load
|
||||||
|
|
|
@ -137,6 +137,8 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
|
|
||||||
/** Set to true if SSL certificate validation is required */
|
/** Set to true if SSL certificate validation is required */
|
||||||
private boolean _validateCerts;
|
private boolean _validateCerts;
|
||||||
|
/** Set to true if SSL certificate of the peer validation is required */
|
||||||
|
private boolean _validatePeerCerts;
|
||||||
/** Maximum certification path length (n - number of intermediate certs, -1 for unlimited) */
|
/** Maximum certification path length (n - number of intermediate certs, -1 for unlimited) */
|
||||||
private int _maxCertPathLength = -1;
|
private int _maxCertPathLength = -1;
|
||||||
/** Path to file that contains Certificate Revocation List */
|
/** Path to file that contains Certificate Revocation List */
|
||||||
|
@ -541,6 +543,27 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
_validateCerts = validateCerts;
|
_validateCerts = validateCerts;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
/**
|
||||||
|
* @return true if SSL certificates of the peer have to be validated
|
||||||
|
*/
|
||||||
|
public boolean isValidatePeerCerts()
|
||||||
|
{
|
||||||
|
return _validatePeerCerts;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
/**
|
||||||
|
* @param validatePeerCerts
|
||||||
|
* true if SSL certificates of the peer have to be validated
|
||||||
|
*/
|
||||||
|
public void setValidatePeerCerts(boolean validatePeerCerts)
|
||||||
|
{
|
||||||
|
checkStarted();
|
||||||
|
|
||||||
|
_validatePeerCerts = validatePeerCerts;
|
||||||
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
/* ------------------------------------------------------------ */
|
||||||
/**
|
/**
|
||||||
* @return True if SSL re-negotiation is allowed (default false)
|
* @return True if SSL re-negotiation is allowed (default false)
|
||||||
|
@ -928,7 +951,7 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
if (trustStore != null)
|
if (trustStore != null)
|
||||||
{
|
{
|
||||||
// Revocation checking is only supported for PKIX algorithm
|
// Revocation checking is only supported for PKIX algorithm
|
||||||
if (_validateCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX"))
|
if (_validatePeerCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX"))
|
||||||
{
|
{
|
||||||
PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore,new X509CertSelector());
|
PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore,new X509CertSelector());
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue