Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/jetty-9.3.x' into jetty-9.4.x

This commit is contained in:
Greg Wilkins 2016-07-14 14:04:21 +10:00
parent 165a7082ba 112244d6ef
commit f5d59cacca
1 changed files with 24 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -399,9 +399,7 @@ public class SslContextFactory extends AbstractLifeCycle
// select the protocols and ciphers
SSLEngine sslEngine=context.createSSLEngine();
selectCipherSuites(
sslEngine.getEnabledCipherSuites(),
sslEngine.getSupportedCipherSuites());
selectCipherSuites(sslEngine.getEnabledCipherSuites(),sslEngine.getSupportedCipherSuites());
selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols());
_factory = new Factory(keyStore,trustStore,context);
@ -1487,20 +1485,11 @@ public class SslContextFactory extends AbstractLifeCycle
checkIsStarted();
SSLServerSocketFactory factory = _factory._context.getServerSocketFactory();
SSLServerSocket socket =
(SSLServerSocket) (host==null ?
factory.createServerSocket(port,backlog):
factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
if (getWantClientAuth())
socket.setWantClientAuth(getWantClientAuth());
if (getNeedClientAuth())
socket.setNeedClientAuth(getNeedClientAuth());
socket.setEnabledCipherSuites(_selectedCipherSuites);
socket.setEnabledProtocols(_selectedProtocols);
socket.setSSLParameters(customize(socket.getSSLParameters()));
return socket;
}
@ -1509,17 +1498,8 @@ public class SslContextFactory extends AbstractLifeCycle
checkIsStarted();
SSLSocketFactory factory = _factory._context.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket();
if (getWantClientAuth())
socket.setWantClientAuth(getWantClientAuth());
if (getNeedClientAuth())
socket.setNeedClientAuth(getNeedClientAuth());
socket.setEnabledCipherSuites(_selectedCipherSuites);
socket.setEnabledProtocols(_selectedProtocols);
socket.setSSLParameters(customize(socket.getSSLParameters()));
return socket;
}
@ -1586,31 +1566,41 @@ public class SslContextFactory extends AbstractLifeCycle
return newSSLEngine(hostName, address.getPort());
}
/**
* Customize an SslEngine instance with the configuration of this factory,
* by calling {@link #customize(SSLParameters)}
* @param sslEngine
*/
public void customize(SSLEngine sslEngine)
{
if (LOG.isDebugEnabled())
LOG.debug("Customize {}",sslEngine);
SSLParameters sslParams = sslEngine.getSSLParameters();
sslEngine.setSSLParameters(customize(sslEngine.getSSLParameters()));
}
/**
* Customize an SslParameters instance with the configuration of this factory.
* @param sslParams The parameters to customize
* @return The passed instance of sslParams (returned as a convenience)
*/
public SSLParameters customize(SSLParameters sslParams)
{
sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm);
sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder);
if (!_certHosts.isEmpty() || !_certWilds.isEmpty())
{
if (LOG.isDebugEnabled())
LOG.debug("Enable SNI matching {}",sslEngine);
sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher()));
}
sslParams.setCipherSuites(_selectedCipherSuites);
sslParams.setProtocols(_selectedProtocols);
if (_selectedCipherSuites!=null)
sslParams.setCipherSuites(_selectedCipherSuites);
if (_selectedProtocols!=null)
sslParams.setProtocols(_selectedProtocols);
if (getWantClientAuth())
sslParams.setWantClientAuth(true);
if (getNeedClientAuth())
sslParams.setNeedClientAuth(true);
sslEngine.setSSLParameters(sslParams);
return sslParams;
}
public static X509Certificate[] getCertChain(SSLSession sslSession)
{
try