Merge remote-tracking branch 'origin/jetty-9.3.x' into jetty-9.4.x
This commit is contained in:
Greg Wilkins
commit
f5d59cacca
|
|
@ -399,9 +399,7 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
|
|
||||||
// select the protocols and ciphers
|
// select the protocols and ciphers
|
||||||
SSLEngine sslEngine=context.createSSLEngine();
|
SSLEngine sslEngine=context.createSSLEngine();
|
||||||
selectCipherSuites(
|
selectCipherSuites(sslEngine.getEnabledCipherSuites(),sslEngine.getSupportedCipherSuites());
|
||||||
sslEngine.getEnabledCipherSuites(),
|
|
||||||
sslEngine.getSupportedCipherSuites());
|
|
||||||
selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols());
|
selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols());
|
||||||
|
|
||||||
_factory = new Factory(keyStore,trustStore,context);
|
_factory = new Factory(keyStore,trustStore,context);
|
||||||
|
|
@ -1487,20 +1485,11 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
checkIsStarted();
|
checkIsStarted();
|
||||||
|
|
||||||
SSLServerSocketFactory factory = _factory._context.getServerSocketFactory();
|
SSLServerSocketFactory factory = _factory._context.getServerSocketFactory();
|
||||||
|
|
||||||
SSLServerSocket socket =
|
SSLServerSocket socket =
|
||||||
(SSLServerSocket) (host==null ?
|
(SSLServerSocket) (host==null ?
|
||||||
factory.createServerSocket(port,backlog):
|
factory.createServerSocket(port,backlog):
|
||||||
factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
|
factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
|
||||||
|
socket.setSSLParameters(customize(socket.getSSLParameters()));
|
||||||
if (getWantClientAuth())
|
|
||||||
socket.setWantClientAuth(getWantClientAuth());
|
|
||||||
if (getNeedClientAuth())
|
|
||||||
socket.setNeedClientAuth(getNeedClientAuth());
|
|
||||||
|
|
||||||
socket.setEnabledCipherSuites(_selectedCipherSuites);
|
|
||||||
socket.setEnabledProtocols(_selectedProtocols);
|
|
||||||
|
|
||||||
return socket;
|
return socket;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1509,17 +1498,8 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
checkIsStarted();
|
checkIsStarted();
|
||||||
|
|
||||||
SSLSocketFactory factory = _factory._context.getSocketFactory();
|
SSLSocketFactory factory = _factory._context.getSocketFactory();
|
||||||
|
|
||||||
SSLSocket socket = (SSLSocket)factory.createSocket();
|
SSLSocket socket = (SSLSocket)factory.createSocket();
|
||||||
|
socket.setSSLParameters(customize(socket.getSSLParameters()));
|
||||||
if (getWantClientAuth())
|
|
||||||
socket.setWantClientAuth(getWantClientAuth());
|
|
||||||
if (getNeedClientAuth())
|
|
||||||
socket.setNeedClientAuth(getNeedClientAuth());
|
|
||||||
|
|
||||||
socket.setEnabledCipherSuites(_selectedCipherSuites);
|
|
||||||
socket.setEnabledProtocols(_selectedProtocols);
|
|
||||||
|
|
||||||
return socket;
|
return socket;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1586,29 +1566,39 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
return newSSLEngine(hostName, address.getPort());
|
return newSSLEngine(hostName, address.getPort());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Customize an SslEngine instance with the configuration of this factory,
|
||||||
|
* by calling {@link #customize(SSLParameters)}
|
||||||
|
* @param sslEngine
|
||||||
|
*/
|
||||||
public void customize(SSLEngine sslEngine)
|
public void customize(SSLEngine sslEngine)
|
||||||
{
|
{
|
||||||
if (LOG.isDebugEnabled())
|
if (LOG.isDebugEnabled())
|
||||||
LOG.debug("Customize {}",sslEngine);
|
LOG.debug("Customize {}",sslEngine);
|
||||||
|
|
||||||
SSLParameters sslParams = sslEngine.getSSLParameters();
|
sslEngine.setSSLParameters(customize(sslEngine.getSSLParameters()));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Customize an SslParameters instance with the configuration of this factory.
|
||||||
|
* @param sslParams The parameters to customize
|
||||||
|
* @return The passed instance of sslParams (returned as a convenience)
|
||||||
|
*/
|
||||||
|
public SSLParameters customize(SSLParameters sslParams)
|
||||||
|
{
|
||||||
sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm);
|
sslParams.setEndpointIdentificationAlgorithm(_endpointIdentificationAlgorithm);
|
||||||
sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder);
|
sslParams.setUseCipherSuitesOrder(_useCipherSuitesOrder);
|
||||||
if (!_certHosts.isEmpty() || !_certWilds.isEmpty())
|
if (!_certHosts.isEmpty() || !_certWilds.isEmpty())
|
||||||
{
|
|
||||||
if (LOG.isDebugEnabled())
|
|
||||||
LOG.debug("Enable SNI matching {}",sslEngine);
|
|
||||||
sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher()));
|
sslParams.setSNIMatchers(Collections.singletonList((SNIMatcher)new AliasSNIMatcher()));
|
||||||
}
|
if (_selectedCipherSuites!=null)
|
||||||
sslParams.setCipherSuites(_selectedCipherSuites);
|
sslParams.setCipherSuites(_selectedCipherSuites);
|
||||||
sslParams.setProtocols(_selectedProtocols);
|
if (_selectedProtocols!=null)
|
||||||
|
sslParams.setProtocols(_selectedProtocols);
|
||||||
if (getWantClientAuth())
|
if (getWantClientAuth())
|
||||||
sslParams.setWantClientAuth(true);
|
sslParams.setWantClientAuth(true);
|
||||||
if (getNeedClientAuth())
|
if (getNeedClientAuth())
|
||||||
sslParams.setNeedClientAuth(true);
|
sslParams.setNeedClientAuth(true);
|
||||||
|
return sslParams;
|
||||||
sslEngine.setSSLParameters(sslParams);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static X509Certificate[] getCertChain(SSLSession sslSession)
|
public static X509Certificate[] getCertChain(SSLSession sslSession)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue