import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
-import java.net.SocketTimeoutException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CRL;
* Configures the given SSL server socket with the requested cipher suites,
* protocol versions, and need for client authentication
*/
- private void initServerSocket(ServerSocket ssocket) throws IOException {
+ private void initServerSocket(ServerSocket ssocket) {
SSLServerSocket socket = (SSLServerSocket) ssocket;
}
/**
- * Checks that the cetificate is compatible with the enabled cipher suites.
+ * Checks that the certificate is compatible with the enabled cipher suites.
* If we don't check now, the JIoEndpoint can enter a nasty logging loop.
* See bug 45528.
*/
ServerSocket socket = sslProxy.createServerSocket();
initServerSocket(socket);
- // Set the timeout to 1ms as all we care about is if it throws an
- // exception on accept.
- socket.setSoTimeout(1);
try {
+ // Set the timeout to 1ms as all we care about is if it throws an
+ // SSLException on accept.
+ socket.setSoTimeout(1);
+
socket.accept();
// Will never get here - no client can connect to an unbound port
} catch (SSLException ssle) {
"jsse.invalid_ssl_conf", ssle.getMessage()));
ioe.initCause(ssle);
throw ioe;
- } catch (SocketTimeoutException ste) {
- // Expected if all is well - do nothing
+ } catch (Exception e) {
+ /*
+ * Possible ways of getting here
+ * socket.accept() throws a SecurityException
+ * socket.setSoTimeout() throws a SocketException
+ * socket.accept() throws some other exception (after a JDK change)
+ * In these cases the test won't work so carry on - essentially
+ * the behaviour before this patch
+ * socket.accept() throws a SocketTimeoutException
+ * In this case all is well so carry on
+ */
} finally {
- socket.close();
+ // Should be open here but just in case
+ if (!socket.isClosed()) {
+ socket.close();
+ }
}
}
projects / tomcat7.0 / commitdiff