mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: bc4167 | patch | commitdiff
Jean-Noel Rouvignac
23.19.2013 e97c9f71197fcea5cddc0f7c36f16df1714fb0bb
refs
author Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Thursday, May 23, 2013 18:19 +0200
committer Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Thursday, May 23, 2013 18:19 +0200
commite97c9f71197fcea5cddc0f7c36f16df1714fb0bb
tree b1dcbdcd414831e3ba96316eb118e41dd1b5324c tree | zip | gz
parent bc4167193e73ef8206233394704695f996d22f48 view | diff 
OPENDJ-917 (CR-1731) HTTP Connection Handler - Fix HTTPS support



HTTPS was wrongly configured: code was configuring an SSLEngine that was then never used.
Changed the code to configure an SSLEngineConfigurator that is passed down to Grizzly HTTP server.



(Un)surprisingly I hit a bug on my Linux Mint:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776
I had to modify /etc/java-6-openjdk/security/java.security so it uses the sun Elliptic Curve implementation by changing the line
    security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
to
    security.provider.9=sun.security.ec.SunEC
    #security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg



HTTPConnectionHandler.java:
Replaced instance members sslContext and sslEngine with sslEngineConfigurator.
Renamed createSSLEngine() into createSSLEngineConfigurator().
In createSSLContext(), removed the try / catch block duplicated with the one in createSSLEngineConfigurator().
As a consequence, the following methods changed: configureSSL(), getEnabledSSLCipherSuites(), getEnabledSSLProtocols(), getSSLEngine(), isConfigurationAcceptable(), startHttpServer().
1 files modified
146 ■■■■■ changed files
opends/src/server/org/opends/server/protocols/http/HTTPConnectionHandler.java 146 ●●●●● diff | view | raw | blame | history