From a623ee5641356ddd9a3bc435e04cee5eb3bd6ba9 Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Thu, 14 Aug 2008 18:11:28 +0000
Subject: [PATCH] Revert the previous fix. Filip has suggested an alternative
 approach that should address the various objections. New patch will follow in
 the next few days.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@685981 13f79535-47bb-0310-9956-ffa450edef68
---
 .../tomcat/util/net/jsse/JSSESocketFactory.java    | 42 +---------------------
 1 file changed, 1 insertion(+), 41 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
index 4d42fd9dc..5edf4f809 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
@@ -26,7 +26,6 @@ import java.net.InetAddress;
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.SocketException;
-import java.net.SocketTimeoutException;
 import java.security.KeyStore;
 import java.security.SecureRandom;
 import java.security.cert.CRL;
@@ -693,7 +692,7 @@ public class JSSESocketFactory
      * Configures the given SSL server socket with the requested cipher suites,
      * protocol versions, and need for client authentication
      */
-    private void initServerSocket(ServerSocket ssocket) throws IOException {
+    private void initServerSocket(ServerSocket ssocket) {
 
         SSLServerSocket socket = (SSLServerSocket) ssocket;
 
@@ -705,48 +704,9 @@ public class JSSESocketFactory
         setEnabledProtocols(socket, getEnabledProtocols(socket, 
                                                          requestedProtocols));
 
-        // Check the SSL config is OK
-        checkSocket(ssocket);
-
         // we don't know if client auth is needed -
         // after parsing the request we may re-handshake
         configureClientAuth(socket);
     }
 
-    /**
-     * Checks that the cetificate is compatible with the enabled cipher suites.
-     * If we don't check now, the JIoEndpoint can enter a nasty logging loop.
-     * See bug 45528.
-     */
-    private void checkSocket(ServerSocket socket) throws IOException {
-        int timeout = socket.getSoTimeout();
-        
-        socket.setSoTimeout(1);
-        Socket s = null;
-        try {
-            s = socket.accept();
-            // No expecting to get here but if we do, at least we know things
-            // are working.
-        } catch (SSLException ssle) {
-            // Cert doesn't match ciphers
-            IOException ioe =
-                new IOException("Certificate / cipher mismatch");
-            ioe.initCause(ssle);
-            throw ioe;
-        } catch (SocketTimeoutException ste) {
-            // Expected - do nothing
-        } finally {
-            // In case we actually got a connection - close it.
-            if (s != null) {
-                try {
-                    s.close();
-                } catch (IOException ioe) {
-                    // Ignore
-                }
-            }
-            // Reset the timeout
-            socket.setSoTimeout(timeout);
-        }
-        
-    }
 }
-- 
2.11.0