diff options
| author | Michael Gorovoy | 2011-05-13 17:52:09 +0000 |
|---|---|---|
| committer | Michael Gorovoy | 2011-05-13 17:52:09 +0000 |
| commit | dbcdcc6ce676b3e7b1e9b0b3a3150fbc1401100a (patch) | |
| tree | 1decaca5de57af521f69000c6b4543af7043f769 | |
| parent | 6a2ecc493e010ff33c4280a1d7aa5dfe7ae78283 (diff) | |
| download | org.eclipse.jetty.project-dbcdcc6ce676b3e7b1e9b0b3a3150fbc1401100a.tar.gz org.eclipse.jetty.project-dbcdcc6ce676b3e7b1e9b0b3a3150fbc1401100a.tar.xz org.eclipse.jetty.project-dbcdcc6ce676b3e7b1e9b0b3a3150fbc1401100a.zip | |
345656 Disambiguate SslContextFactory#validateCerts property
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@3141 7e9141cc-0065-0410-87d8-b60c137991c4
| -rw-r--r-- | VERSION.txt | 1 | ||||
| -rw-r--r-- | jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java | 25 |
2 files changed, 25 insertions, 1 deletions
diff --git a/VERSION.txt b/VERSION.txt index 52e191839d..dd632e40ce 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -20,6 +20,7 @@ jetty-7.4.1.v20110513 + 345047 Readded deprecated ScanningAppDeployer#setMonitoredDir + 345290 Weak references from SessionIdManager. HashSessionManager cleanup. + 345543 Always close endpoint on SSLException + + 345656 Disambiguate SslContextFactory#validateCerts property + 345679 Allow setting an initialized KeyStore as keystore/truststore of SslContextFactory + 345704 jetty-nested works with forwarded SSL in cloudfoundry + JETTY-954 WebAppContext eats any start exceptions instead of stopping the server load diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java index c9036ba445..8b13985160 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java @@ -137,6 +137,8 @@ public class SslContextFactory extends AbstractLifeCycle /** Set to true if SSL certificate validation is required */ private boolean _validateCerts; + /** Set to true if SSL certificate of the peer validation is required */ + private boolean _validatePeerCerts; /** Maximum certification path length (n - number of intermediate certs, -1 for unlimited) */ private int _maxCertPathLength = -1; /** Path to file that contains Certificate Revocation List */ @@ -543,6 +545,27 @@ public class SslContextFactory extends AbstractLifeCycle /* ------------------------------------------------------------ */ /** + * @return true if SSL certificates of the peer have to be validated + */ + public boolean isValidatePeerCerts() + { + return _validatePeerCerts; + } + + /* ------------------------------------------------------------ */ + /** + * @param validatePeerCerts + * true if SSL certificates of the peer have to be validated + */ + public void setValidatePeerCerts(boolean validatePeerCerts) + { + checkStarted(); + + _validatePeerCerts = validatePeerCerts; + } + + /* ------------------------------------------------------------ */ + /** * @return True if SSL re-negotiation is allowed (default false) */ public boolean isAllowRenegotiate() @@ -928,7 +951,7 @@ public class SslContextFactory extends AbstractLifeCycle if (trustStore != null) { // Revocation checking is only supported for PKIX algorithm - if (_validateCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX")) + if (_validatePeerCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX")) { PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore,new X509CertSelector()); |