Skip to content

Commit

Permalink
Simplify. SSLHostConfig always returns an OpenSSL configuration string.
Browse files Browse the repository at this point in the history 
git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1723193 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
@markt-asf
markt-asf committed Jan 5, 2016
1 parent 21eecfd commit 5ac40b7
Showing 1 changed file with 3 additions and 17 deletions.
20 changes: 3 additions & 17 deletions java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
View file
Expand Up @@ -25,7 +25,6 @@
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Base64; import java.util.Base64;
import java.util.List; import java.util.List;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater; import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;


import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
Expand All @@ -49,7 +48,6 @@
import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate; import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.jsse.JSSEKeyManager; import org.apache.tomcat.util.net.jsse.JSSEKeyManager;
import org.apache.tomcat.util.net.openssl.ciphers.CipherSuiteConverter;
import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser; import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
import org.apache.tomcat.util.res.StringManager; import org.apache.tomcat.util.res.StringManager;


Expand Down Expand Up @@ -299,21 +297,9 @@ public synchronized void init(KeyManager[] kms, TrustManager[] tms, SecureRandom
} }


// List the ciphers that the client is permitted to negotiate // List the ciphers that the client is permitted to negotiate
String ciphers = sslHostConfig.getCiphers(); String opensslCipherConfig = sslHostConfig.getCiphers();
if (!("ALL".equals(ciphers)) && ciphers.indexOf(':') == -1) { this.ciphers = OpenSSLCipherConfigurationParser.parseExpression(opensslCipherConfig);
StringTokenizer tok = new StringTokenizer(ciphers, ","); SSLContext.setCipherSuite(ctx, opensslCipherConfig);
this.ciphers = new ArrayList<>();
while (tok.hasMoreTokens()) {
String token = tok.nextToken().trim();
if (!"".equals(token)) {
this.ciphers.add(token);
}
}
ciphers = CipherSuiteConverter.toOpenSsl(ciphers);
} else {
this.ciphers = OpenSSLCipherConfigurationParser.parseExpression(ciphers);
}
SSLContext.setCipherSuite(ctx, ciphers);
// Load Server key and certificate // Load Server key and certificate
if (certificate.getCertificateFile() != null) { if (certificate.getCertificateFile() != null) {
// Set certificate // Set certificate
Expand Down

0 comments on commit 5ac40b7

Please sign in to comment.