-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Chirag,
I have a bunch of non-SSL-related questions about your code.
On 10/9/13 9:59 AM, Chirag Dewan wrote:
> I have a wrapper connector class :
>
> public HTTPConnector(int port, String keystoreFile, String
> password, int maxKeepAliveRequests, int maxThreads, int
> connectionTimeout, Logger logger) throws Exception { myLogger =
> logger; this.keyStoreFile = keystoreFile; this.keyStorePassword =
> password;
>
> if( maxKeepAliveRequests != 0 && maxKeepAliveRequests >= -1 ) {
> IntrospectionUtils.setProperty( this, "maxKeepAliveRequests",
> String.valueOf( maxKeepAliveRequests ) ); }
What's wrong with calling
this.setMaxKeepAliveRequests(maxKeepAliveRequests)?
It seems like you have way more code than necessary in this class.
> if( keystoreFile != null ) { String cipherSet =
> System.getProperty("https.cipher.set");
>
> setSecure( true );
Here, you're using this.serSecure(true) instead of using
IntrospectionUtils. Why some settings via IntrospectionUtils and
others with direct method calls?
> setScheme( "https" );
>
> try { // Added TLS since there is a bug in Tomcat 5.5.9. No default
> protocol is set. IntrospectionUtils.setProperty( this,
> "sslProtocol", "TLS" ); IntrospectionUtils.setProperty( this,
> "keystore", keyStoreFile ); IntrospectionUtils.setProperty( this,
> "keypass", keyStorePassword ); IntrospectionUtils.setProperty(
> this, "SSLEnabled", "true" ); if(cipherSet != null &&
> !cipherSet.equalsIgnoreCase("")){
It might be worth calling trim() on the cipherSet value before
checking for equality with "". Using "ignore case" on an empty string
is not going to add anything, FYI.
> catch( Exception exception ) { myLogger.severe( "Could not load SSL
> server socket factory." ); throw new Exception( "Could not load SSL
> server socket factory." ); }
How about just "throw exception;"... any reason to completely swallow
the original exception and throw a new one? That just seems confusing.
This constructor seems much more appropriate to be a "factory" method
instead of a constructor for a class that trivially extends the
existing Connector. With a factory, you could also choose the type of
connector to use instead of having to extend a specific one (e.g. NIO
vs. BIO, etc.).
> and I attach it to the container by :
>
> Embedded embedded = new Embedded();
>
> embedded.addConnector( connector ); connector.start();
>
> and I call embedded.start(); during intialization,so I have the
> Tomcat running.
>
> Chris,"cipherSet" is a configurable parameter. I am usually using
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA for testing purpose.
That all seems fairly straightforward. I have no idea why SSL would be
acting up, there.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSVXjbAAoJEBzwKT+lPKRYdpYP/jJfmjmJunQ6vGpuVuEQuRqd
lmAE3IflDuubcTls6XHyGrR2CM1X/3ALuu3ISm6HiRMsqACJ8EYLvOYcp821uom6
y7Gy21DkjUg7T51X1QjBQVvpt8LtKGmsQeGxmYZN91gNYJG8MFQaugPn3GDbDpVj
f8WQgDwUG5JYrKtHY1MF+neDEUkkz3xUjlTak5S2YEFi4o2wF6bCigexVUavae4v
gZgCtoTmcBhyWL/t4M0/BaAm7PdNce7GGHDl1/+yZS6rlvMC8wlxxPNCicROHySo
lTirs5boNlIVJuAXqf3pEequk+IowtoZD6Dix+Y90YX0DlExVnTkPY86n7A4QQUK
3lxvWOjjbsJn8hY4Pq8RjR64uTi/Exy6qczTeJmDVu3sY+KhtpZ1Ez+sMlCHNrHP
KlNKFEwtnO97hxZBzBUiiLl+6nMWxpWoGRXeMqYozNg6qxV2bzG3q141I5OmHjs5
fu/kGtHHZFkNIXgsxpdo/w3chSLLUFY6AtCIQdBeQ6A36Kei6ccyw1vWZL6kfLJT
UK51b+27kOpgW085dnfUncUx4bQoUrEo9+aCbRJBRbj233CMI+LOQCh+VLJqu4K+
vnlNMY2SZchSHwyoYGTCeYNg9GB9TbPjFI6T7Hq+cDdYI0hONS545ohfFojCaa8F
szV4iCbcDwgJDOrFDG1w
=g/8J
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
