View | Details | Raw Unified | Return to bug 46950
Collapse All | Expand All

(-)java/org/apache/coyote/http11/Http11AprProcessor.java (+4 lines)
Lines 1174-1179 Link Here
1174
                ((BufferedInputFilter) inputFilters[Constants.BUFFERED_FILTER]).setLimit(maxSavePostSize);
1174
                ((BufferedInputFilter) inputFilters[Constants.BUFFERED_FILTER]).setLimit(maxSavePostSize);
1175
                inputBuffer.addActiveFilter(inputFilters[Constants.BUFFERED_FILTER]);
1175
                inputBuffer.addActiveFilter(inputFilters[Constants.BUFFERED_FILTER]);
1176
                try {
1176
                try {
1177
                    // If no client certificate was being asked, ask now
1178
                    if ("none".equals(endpoint.getSSLVerifyClient())) {
1179
                        endpoint.setSSLVerifyClient("optionalNoCA");
1180
                    }
1177
                    // Renegociate certificates
1181
                    // Renegociate certificates
1178
                    SSLSocket.renegotiate(socket);
1182
                    SSLSocket.renegotiate(socket);
1179
                    // Get client certificate and the certificate chain if present
1183
                    // Get client certificate and the certificate chain if present
(-)java/org/apache/tomcat/util/net/AprEndpoint.java (-9 / +21 lines)
Lines 487-495 Link Here
487
     */
487
     */
488
    protected String SSLVerifyClient = "none";
488
    protected String SSLVerifyClient = "none";
489
    public String getSSLVerifyClient() { return SSLVerifyClient; }
489
    public String getSSLVerifyClient() { return SSLVerifyClient; }
490
    public void setSSLVerifyClient(String SSLVerifyClient) { this.SSLVerifyClient = SSLVerifyClient; }
490
    public void setSSLVerifyClient(String SSLVerifyClient) {
491
        this.SSLVerifyClient = SSLVerifyClient;
491
492
493
        if (initialized) {
494
            initCertValidation();
495
        }
496
    }
492
497
498
493
    /**
499
    /**
494
     * SSL verify depth.
500
     * SSL verify depth.
495
     */
501
     */
Lines 702-708 Link Here
702
            // Set revocation
708
            // Set revocation
703
            SSLContext.setCARevocation(sslContext, SSLCARevocationFile, SSLCARevocationPath);
709
            SSLContext.setCARevocation(sslContext, SSLCARevocationFile, SSLCARevocationPath);
704
            // Client certificate verification
710
            // Client certificate verification
705
            value = SSL.SSL_CVERIFY_NONE;
711
            initCertValidation();
712
            // For now, sendfile is not supported with SSL
713
            useSendfile = false;
714
        }
715
716
        initialized = true;
717
718
    }
719
720
    /**
721
     * Client certificate verification.
722
     */
723
    private void initCertValidation() {
724
        int value = SSL.SSL_CVERIFY_NONE;
706
            if ("optional".equalsIgnoreCase(SSLVerifyClient)) {
725
            if ("optional".equalsIgnoreCase(SSLVerifyClient)) {
707
                value = SSL.SSL_CVERIFY_OPTIONAL;
726
                value = SSL.SSL_CVERIFY_OPTIONAL;
708
            } else if ("require".equalsIgnoreCase(SSLVerifyClient)) {
727
            } else if ("require".equalsIgnoreCase(SSLVerifyClient)) {
Lines 711-725 Link Here
711
                value = SSL.SSL_CVERIFY_OPTIONAL_NO_CA;
730
                value = SSL.SSL_CVERIFY_OPTIONAL_NO_CA;
712
            }
731
            }
713
            SSLContext.setVerify(sslContext, value, SSLVerifyDepth);
732
            SSLContext.setVerify(sslContext, value, SSLVerifyDepth);
714
            // For now, sendfile is not supported with SSL
715
            useSendfile = false;
716
        }
733
        }
717
734
718
        initialized = true;
719
720
    }
721
722
723
    /**
735
    /**
724
     * Start the APR endpoint, creating acceptor, poller and sendfile threads.
736
     * Start the APR endpoint, creating acceptor, poller and sendfile threads.
725
     */
737
     */

Return to bug 46950