It itched me a lot that to enable SSL in TC4 a standard JDK has to be modified
(copy JSSE libs into jdk/jre/lib/ext and add
security.provider.3=com.sun.net.ssl.internal.ssl.Provider).
This was not necessary in TC 3.2.x because of different class loading
semantics.
In our environment jdks cannot well be modified due to separate JDKs/archs,
TCs, JSSEs, etc on shared read-only filesystems.
So here are three TC4 patches (against the latest CVS) that allow JSSE to
be picked up from anywhere on the filesystem.
Patches are along the lines Craig suggested yesterday.
1) Modify catalina.sh and catalina.bat as indicated below to be able to add
external jars to the system classpath (new env var CATALINA_SYSTEM_CLASSPATH).
2) Modify
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/net/SSLServerSocketFactory.java
to dynamically add the com.sun.net.ssl.internal.ssl.Provider provider
In case you don't like 1) because it allows external things to be added,
then 2) is still of value because people don't need to write their own
SSLServerSocketFactory
Hope someone wants to try this out and commit before 4.0 FCS.
Wolfgang.
--- SSLServerSocketFactory.java.orig Fri Sep 7 20:39:08 2001
+++ SSLServerSocketFactory.java Mon Sep 10 15:31:16 2001
@@ -386,6 +386,14 @@
Security.addProvider(new sun.security.provider.Sun());
Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());
*/
+ // even if jsse provider is already installed it can't hurt to
make sure
+ // and we do need to install it here if it isn't hard-wired in
jdk/jre/lib/security/java.security
+ try {
+
java.security.Security.addProvider(((java.security.Provider)
Class.forName("com.sun.net.ssl.internal.ssl.Provider").newInstance()));
+ }
+ catch (IllegalAccessException exc) {}
+ catch (ClassNotFoundException exc) {}
+ catch (InstantiationException exc) {}
// Create an SSL context used to create an SSL socket factory
SSLContext context = SSLContext.getInstance(protocol);
--- jakarta-tomcat-4.0/catalina/src/bin/catalina.sh.orig Sat Sep 8
12:13:28 2001
+++ jakarta-tomcat-4.0/catalina/src/bin/catalina.sh Mon Sep 10 16:28:25 2001
@@ -70,6 +70,12 @@
CP=$CP:"$JAVA_HOME/lib/tools.jar"
fi
+# add CATALINA_SYSTEM_CLASSPATH custom jars to classpath. For example define
+# export
CATALINA_SYSTEM_CLASSPATH=/path/to/jsse/lib/jsse.jar:/path/to/jsse/lib/jnet.jar:/path/to/jsse/lib/jcert.jar
+if [ ! -z "$CATALINA_SYSTEM_CLASSPATH" ] ; then
+ CP=$CP:$CATALINA_SYSTEM_CLASSPATH
+fi
+
# convert the existing path to windows
if [ "$OSTYPE" = "cygwin32" ] || [ "$OSTYPE" = "cygwin" ] ; then
CP=`cygpath --path --windows "$CP"`
--- jakarta-tomcat-4.0/catalina/src/bin/catalina.bat.orig Mon Aug 27
21:10:25 2001
+++ jakarta-tomcat-4.0/catalina/src/bin/catalina.bat Mon Sep 10 16:16:43 2001
@@ -65,6 +65,11 @@
rem ----- Set Up The Runtime Classpath
----------------------------------------
set CP=%CATALINA_HOME%\bin\bootstrap.jar;%JAVA_HOME%\lib\tools.jar
+
+# add CATALINA_SYSTEM_CLASSPATH custom jars to classpath. For example define
+# set
CATALINA_SYSTEM_CLASSPATH=\path\to\jsse\lib\jsse.jar;\path\to\jsse\lib\jnet.jar;\path\to\jsse\lib\jcert.jar
+set CP=%CP%;%CATALINA_SYSTEM_CLASSPATH%
+
set CLASSPATH=%CP%
echo Using CATALINA_BASE: %CATALINA_BASE%
echo Using CATALINA_HOME: %CATALINA_HOME%
SSLServerSocketFactory.diff
catalina.sh.diff
catalina.bat.diff
