Merge branch 'master' into release-9
diff --git a/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java b/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java
index 6a61eb7..241fed6 100644
--- a/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java
+++ b/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java
@@ -965,7 +965,7 @@
}
else
{
- SSLEngine engine = sslContextFactory.newSSLEngine(endPoint.getRemoteAddress());
+ SSLEngine engine = sslContextFactory.newSSLEngine(destination.getHost(), destination.getPort());
engine.setUseClientMode(true);
SslConnection sslConnection = newSslConnection(HttpClient.this, endPoint, engine);
diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/ExternalSiteTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/ExternalSiteTest.java
index 5868eeb..1772a36 100644
--- a/jetty-client/src/test/java/org/eclipse/jetty/client/ExternalSiteTest.java
+++ b/jetty-client/src/test/java/org/eclipse/jetty/client/ExternalSiteTest.java
@@ -27,6 +27,7 @@
import org.eclipse.jetty.client.api.Response;
import org.eclipse.jetty.client.api.Result;
import org.eclipse.jetty.toolchain.test.TestTracker;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
@@ -99,6 +100,38 @@
Assert.assertTrue(latch2.await(10, TimeUnit.SECONDS));
}
+ @Test
+ public void testExternalSSLSite() throws Exception
+ {
+ client.stop();
+ client = new HttpClient(new SslContextFactory());
+ client.start();
+
+ String host = "api-3t.paypal.com";
+ int port = 443;
+
+ // Verify that we have connectivity
+ try
+ {
+ new Socket(host, port);
+ }
+ catch (IOException x)
+ {
+ Assume.assumeNoException(x);
+ }
+
+ final CountDownLatch latch = new CountDownLatch(1);
+ client.newRequest(host, port).scheme("https").path("/nvp").send(new Response.CompleteListener()
+ {
+ @Override
+ public void onComplete(Result result)
+ {
+ if (result.isSucceeded() && result.getResponse().getStatus() == 200)
+ latch.countDown();
+ }
+ });
+ Assert.assertTrue(latch.await(5, TimeUnit.SECONDS));
+ }
@Test
public void testExternalSiteWrongProtocol() throws Exception
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index 44a0581..da043b5 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -20,7 +20,6 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
-import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
@@ -98,15 +97,11 @@
public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM =
(Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ?
KeyManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.KeyManagerFactory.algorithm"));
-
+
public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM =
(Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ?
TrustManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.TrustManagerFactory.algorithm"));
- /** Default value for the keystore location path. */
- public static final String DEFAULT_KEYSTORE_PATH =
- System.getProperty("user.home") + File.separator + ".keystore";
-
/** String name of key password property. */
public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
@@ -150,9 +145,6 @@
/** Set to true if client certificate authentication is desired */
private boolean _wantClientAuth = false;
- /** Set to true if renegotiation is allowed */
- private boolean _allowRenegotiate = true;
-
/** Keystore password */
private transient Password _keyStorePassword;
/** Key manager password */
@@ -1028,8 +1020,7 @@
// Remove any excluded protocols
- if (_excludeProtocols != null)
- selected_protocols.removeAll(_excludeProtocols);
+ selected_protocols.removeAll(_excludeProtocols);
return selected_protocols.toArray(new String[selected_protocols.size()]);
}
@@ -1059,8 +1050,7 @@
// Remove any excluded ciphers
- if (_excludeCipherSuites != null)
- selected_ciphers.removeAll(_excludeCipherSuites);
+ selected_ciphers.removeAll(_excludeCipherSuites);
return selected_ciphers.toArray(new String[selected_ciphers.size()]);
}
@@ -1266,18 +1256,6 @@
return socket;
}
- public SSLEngine newSSLEngine(String host, int port)
- {
- if (!isRunning())
- throw new IllegalStateException("!STARTED");
- SSLContext context = _context;
- SSLEngine sslEngine=isSessionCachingEnabled()
- ? context.createSSLEngine(host, port)
- : context.createSSLEngine();
- customize(sslEngine);
- return sslEngine;
- }
-
public SSLEngine newSSLEngine()
{
if (!isRunning())
@@ -1287,6 +1265,23 @@
return sslEngine;
}
+ public SSLEngine newSSLEngine(String host, int port)
+ {
+ if (!isRunning())
+ throw new IllegalStateException("!STARTED");
+ SSLEngine sslEngine=isSessionCachingEnabled()
+ ? _context.createSSLEngine(host, port)
+ : _context.createSSLEngine();
+ customize(sslEngine);
+ return sslEngine;
+ }
+
+ public SSLEngine newSSLEngine(InetSocketAddress address)
+ {
+ // Must use the hostName, not the hostAddress, to allow correct host name verification
+ return address != null ? newSSLEngine(address.getAddress().getHostName(), address.getPort()) : newSSLEngine();
+ }
+
public void customize(SSLEngine sslEngine)
{
SSLParameters sslParams = sslEngine.getSSLParameters();
@@ -1305,11 +1300,6 @@
sslEngine.setEnabledProtocols(selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols()));
}
- public SSLEngine newSSLEngine(InetSocketAddress address)
- {
- return address != null ? newSSLEngine(address.getAddress().getHostAddress(), address.getPort()) : newSSLEngine();
- }
-
public static X509Certificate[] getCertChain(SSLSession sslSession)
{
try
@@ -1341,30 +1331,30 @@
return null;
}
}
-
+
/**
* Given the name of a TLS/SSL cipher suite, return an int representing it effective stream
* cipher key strength. i.e. How much entropy material is in the key material being fed into the
* encryption routines.
- *
+ *
* <p>
* This is based on the information on effective key lengths in RFC 2246 - The TLS Protocol
* Version 1.0, Appendix C. CipherSuite definitions:
- *
+ *
* <pre>
- * Effective
- * Cipher Type Key Bits
- *
- * NULL * Stream 0
- * IDEA_CBC Block 128
- * RC2_CBC_40 * Block 40
- * RC4_40 * Stream 40
- * RC4_128 Stream 128
- * DES40_CBC * Block 40
- * DES_CBC Block 56
- * 3DES_EDE_CBC Block 168
+ * Effective
+ * Cipher Type Key Bits
+ *
+ * NULL * Stream 0
+ * IDEA_CBC Block 128
+ * RC2_CBC_40 * Block 40
+ * RC4_40 * Stream 40
+ * RC4_128 Stream 128
+ * DES40_CBC * Block 40
+ * DES_CBC Block 56
+ * 3DES_EDE_CBC Block 168
* </pre>
- *
+ *
* @param cipherSuite String name of the TLS cipher suite.
* @return int indicating the effective key entropy bit-length.
*/
@@ -1373,28 +1363,28 @@
// Roughly ordered from most common to least common.
if (cipherSuite == null)
return 0;
- else if (cipherSuite.indexOf("WITH_AES_256_") >= 0)
+ else if (cipherSuite.contains("WITH_AES_256_"))
return 256;
- else if (cipherSuite.indexOf("WITH_RC4_128_") >= 0)
+ else if (cipherSuite.contains("WITH_RC4_128_"))
return 128;
- else if (cipherSuite.indexOf("WITH_AES_128_") >= 0)
+ else if (cipherSuite.contains("WITH_AES_128_"))
return 128;
- else if (cipherSuite.indexOf("WITH_RC4_40_") >= 0)
+ else if (cipherSuite.contains("WITH_RC4_40_"))
return 40;
- else if (cipherSuite.indexOf("WITH_3DES_EDE_CBC_") >= 0)
+ else if (cipherSuite.contains("WITH_3DES_EDE_CBC_"))
return 168;
- else if (cipherSuite.indexOf("WITH_IDEA_CBC_") >= 0)
+ else if (cipherSuite.contains("WITH_IDEA_CBC_"))
return 128;
- else if (cipherSuite.indexOf("WITH_RC2_CBC_40_") >= 0)
+ else if (cipherSuite.contains("WITH_RC2_CBC_40_"))
return 40;
- else if (cipherSuite.indexOf("WITH_DES40_CBC_") >= 0)
+ else if (cipherSuite.contains("WITH_DES40_CBC_"))
return 40;
- else if (cipherSuite.indexOf("WITH_DES_CBC_") >= 0)
+ else if (cipherSuite.contains("WITH_DES_CBC_"))
return 56;
else
return 0;
}
-
+
@Override
public String toString()
{
