mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: ebf688 | patch | commitdiff
Jean-Noel Rouvignac
23.19.2013 1370b49910cf6af2f509ddf05ae595ceced06766
refs
author Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Thursday, May 23, 2013 18:19 +0200
committer Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Thursday, May 23, 2013 18:19 +0200
commit1370b49910cf6af2f509ddf05ae595ceced06766
tree 75c454996be525cae7d4d604908d1a588763f85b tree | zip | gz
parent ebf68860bcd325a8871016b2717305b4a8f919d2 view | diff 
OPENDJ-917 (CR-1731) HTTP Connection Handler - Fix HTTPS support



HTTPS was wrongly configured: code was configuring an SSLEngine that was then never used.
Changed the code to configure an SSLEngineConfigurator that is passed down to Grizzly HTTP server.



(Un)surprisingly I hit a bug on my Linux Mint:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776
I had to modify /etc/java-6-openjdk/security/java.security so it uses the sun Elliptic Curve implementation by changing the line
    security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
to
    security.provider.9=sun.security.ec.SunEC
    #security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg



HTTPConnectionHandler.java:
Replaced instance members sslContext and sslEngine with sslEngineConfigurator.
Renamed createSSLEngine() into createSSLEngineConfigurator().
In createSSLContext(), removed the try / catch block duplicated with the one in createSSLEngineConfigurator().
As a consequence, the following methods changed: configureSSL(), getEnabledSSLCipherSuites(), getEnabledSSLProtocols(), getSSLEngine(), isConfigurationAcceptable(), startHttpServer().
1 files modified
146 ■■■■■ changed files
opendj-sdk/opends/src/server/org/opends/server/protocols/http/HTTPConnectionHandler.java 146 ●●●●● diff | view | raw | blame | history