We are using tomcat-embed 8.5.9, java8 and running on Centos7. Given Tomcat's new support for SNI, we wish to support adding/removing/updating certificates via our application at runtime without restarting tomcat or binding/unbinding the port.
Our configuration is very simple, we have a single servlet for all requests, so we have a single connector/endpoint to manage all SSLHostConfigs. It appears that by manipulating the list of SSLHostConfig objects in the AbstractEndpoint we can achieve what we want, there however don't appear to be any public methods available that allow that kind of operation. I was able to extend a few tomcat classes (Connector, AbstractHttp11JsseProtocol, NioEndpoint) to expose what I need and verify that I can change the SSLHostConfig at runtime, however I would prefer to use APIs fully supported by tomcat. Is there any way to do what I want with the currently available APIs, or are there any plans to expose this kind of functionality? If not, are there any risks or issues with taking the approach described above by extending classes to expose what I need? Thanks! Jesse
