import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
-import java.net.SocketTimeoutException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CRL;
* Configures the given SSL server socket with the requested cipher suites,
* protocol versions, and need for client authentication
*/
- private void initServerSocket(ServerSocket ssocket) throws IOException {
+ private void initServerSocket(ServerSocket ssocket) {
SSLServerSocket socket = (SSLServerSocket) ssocket;
setEnabledProtocols(socket, getEnabledProtocols(socket,
requestedProtocols));
- // Check the SSL config is OK
- checkSocket(ssocket);
-
// we don't know if client auth is needed -
// after parsing the request we may re-handshake
configureClientAuth(socket);
}
- /**
- * Checks that the cetificate is compatible with the enabled cipher suites.
- * If we don't check now, the JIoEndpoint can enter a nasty logging loop.
- * See bug 45528.
- */
- private void checkSocket(ServerSocket socket) throws IOException {
- int timeout = socket.getSoTimeout();
-
- socket.setSoTimeout(1);
- Socket s = null;
- try {
- s = socket.accept();
- // No expecting to get here but if we do, at least we know things
- // are working.
- } catch (SSLException ssle) {
- // Cert doesn't match ciphers
- IOException ioe =
- new IOException("Certificate / cipher mismatch");
- ioe.initCause(ssle);
- throw ioe;
- } catch (SocketTimeoutException ste) {
- // Expected - do nothing
- } finally {
- // In case we actually got a connection - close it.
- if (s != null) {
- try {
- s.close();
- } catch (IOException ioe) {
- // Ignore
- }
- }
- // Reset the timeout
- socket.setSoTimeout(timeout);
- }
-
- }
}
projects / tomcat7.0 / commitdiff