345656 Disambiguate SslContextFactory#validateCerts property

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@3141 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Michael Gorovoy 2011-05-13 17:52:09 +00:00
parent 6a2ecc493e
commit dbcdcc6ce6
2 changed files with 25 additions and 1 deletions

View File

@ -20,6 +20,7 @@ jetty-7.4.1.v20110513
+ 345047 Readded deprecated ScanningAppDeployer#setMonitoredDir
+ 345290 Weak references from SessionIdManager. HashSessionManager cleanup.
+ 345543 Always close endpoint on SSLException
+ 345656 Disambiguate SslContextFactory#validateCerts property
+ 345679 Allow setting an initialized KeyStore as keystore/truststore of SslContextFactory
+ 345704 jetty-nested works with forwarded SSL in cloudfoundry
+ JETTY-954 WebAppContext eats any start exceptions instead of stopping the server load

View File

@ -137,6 +137,8 @@ public class SslContextFactory extends AbstractLifeCycle
/** Set to true if SSL certificate validation is required */
private boolean _validateCerts;
/** Set to true if SSL certificate of the peer validation is required */
private boolean _validatePeerCerts;
/** Maximum certification path length (n - number of intermediate certs, -1 for unlimited) */
private int _maxCertPathLength = -1;
/** Path to file that contains Certificate Revocation List */
@ -541,6 +543,27 @@ public class SslContextFactory extends AbstractLifeCycle
_validateCerts = validateCerts;
}
/* ------------------------------------------------------------ */
/**
* @return true if SSL certificates of the peer have to be validated
*/
public boolean isValidatePeerCerts()
{
return _validatePeerCerts;
}
/* ------------------------------------------------------------ */
/**
* @param validatePeerCerts
* true if SSL certificates of the peer have to be validated
*/
public void setValidatePeerCerts(boolean validatePeerCerts)
{
checkStarted();
_validatePeerCerts = validatePeerCerts;
}
/* ------------------------------------------------------------ */
/**
* @return True if SSL re-negotiation is allowed (default false)
@ -928,7 +951,7 @@ public class SslContextFactory extends AbstractLifeCycle
if (trustStore != null)
{
// Revocation checking is only supported for PKIX algorithm
if (_validateCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX"))
if (_validatePeerCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX"))
{
PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore,new X509CertSelector());