diff options
author | Simone Bordet | 2013-06-18 08:58:09 +0000 |
---|---|---|
committer | Simone Bordet | 2013-06-18 08:58:09 +0000 |
commit | f7c9d5424d9b38da6f68a653581cc44e0e9d9eef (patch) | |
tree | df551fa3224d8cbb2b56fb997143e8b4bd1384cf /jetty-util | |
parent | 92400393667236c9d4a2823e610d725af0213cd3 (diff) | |
download | org.eclipse.jetty.project-f7c9d5424d9b38da6f68a653581cc44e0e9d9eef.tar.gz org.eclipse.jetty.project-f7c9d5424d9b38da6f68a653581cc44e0e9d9eef.tar.xz org.eclipse.jetty.project-f7c9d5424d9b38da6f68a653581cc44e0e9d9eef.zip |
410995 - Avoid reverse DNS lookups when creating SSLEngines.
Now using the host address, unless needClientAuth is true.
Diffstat (limited to 'jetty-util')
-rw-r--r-- | jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index f0ff187bb0..9869566234 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -1303,6 +1303,15 @@ public class SslContextFactory extends AbstractLifeCycle return socket; } + /** + * Factory method for "scratch" {@link SSLEngine}s, usually only used for retrieving configuration + * information such as the application buffer size or the list of protocols/ciphers. + * <p /> + * This method should not be used for creating {@link SSLEngine}s that are used in actual socket + * communication. + * + * @return a new, "scratch" {@link SSLEngine} + */ public SSLEngine newSSLEngine() { if (!isRunning()) @@ -1312,6 +1321,14 @@ public class SslContextFactory extends AbstractLifeCycle return sslEngine; } + /** + * General purpose factory method for creating {@link SSLEngine}s, although creation of + * {@link SSLEngine}s on the server-side should prefer {@link #newSSLEngine(InetSocketAddress)}. + * + * @param host the remote host + * @param port the remote port + * @return a new {@link SSLEngine} + */ public SSLEngine newSSLEngine(String host, int port) { if (!isRunning()) @@ -1323,10 +1340,32 @@ public class SslContextFactory extends AbstractLifeCycle return sslEngine; } + /** + * Server-side only factory method for creating {@link SSLEngine}s. + * <p /> + * If the given {@code address} is null, it is equivalent to {@link #newSSLEngine()}, otherwise + * {@link #newSSLEngine(String, int)} is called. + * <p /> + * If {@link #getNeedClientAuth()} is {@code true}, then the host name is passed to + * {@link #newSSLEngine(String, int)}, possibly incurring in a reverse DNS lookup, which takes time + * and may hang the selector (since this method is usually called by the selector thread). + * <p /> + * Otherwise, the host address is passed to {@link #newSSLEngine(String, int)} without DNS lookup + * penalties. + * <p /> + * Clients that wish to create {@link SSLEngine} instances must use {@link #newSSLEngine(String, int)}. + * + * @param address the remote peer address + * @return a new {@link SSLEngine} + */ public SSLEngine newSSLEngine(InetSocketAddress address) { - // Must use the hostName, not the hostAddress, to allow correct host name verification - return address != null ? newSSLEngine(address.getAddress().getHostName(), address.getPort()) : newSSLEngine(); + if (address == null) + return newSSLEngine(); + + boolean useHostName = getNeedClientAuth(); + String hostName = useHostName ? address.getHostName() : address.getAddress().getHostAddress(); + return newSSLEngine(hostName, address.getPort()); } public void customize(SSLEngine sslEngine) |