From 92397c3112e0a1ed8ae46fcc9404ffec4e0ccaa7 Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Fri, 21 Dec 2012 14:48:16 +0000
Subject: [PATCH] Fix OPENDJ-668 Cannot configure ssl-cipher-suites on admin connector
---
opends/resource/schema/02-config.ldif | 4 +
opends/src/server/org/opends/server/admin/AdministrationConnector.java | 4 +-
opends/src/admin/messages/AdministrationConnectorCfgDefn.properties | 6 +++
opends/src/admin/defn/org/opends/server/admin/std/AdministrationConnectorConfiguration.xml | 63 +++++++++++++++++++++++++++++++
4 files changed, 74 insertions(+), 3 deletions(-)
diff --git a/opends/resource/schema/02-config.ldif b/opends/resource/schema/02-config.ldif
index 507d0ed..e878311 100644
--- a/opends/resource/schema/02-config.ldif
+++ b/opends/resource/schema/02-config.ldif
@@ -4952,7 +4952,9 @@
ds-cfg-key-manager-provider $
ds-cfg-trust-manager-provider $
ds-cfg-ssl-cert-nickname )
- MAY ( ds-cfg-listen-address )
+ MAY ( ds-cfg-listen-address $
+ ds-cfg-ssl-cipher-suite $
+ ds-cfg-ssl-protocol )
X-ORIGIN 'OpenDS Directory Server' )
objectClasses: ( 1.3.6.1.4.1.26027.1.2.199
NAME 'ds-cfg-qos-policy'
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/AdministrationConnectorConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/AdministrationConnectorConfiguration.xml
index 2fc8871..a62ab9d 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/AdministrationConnectorConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/AdministrationConnectorConfiguration.xml
@@ -24,6 +24,7 @@
!
!
! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2012 ForgeRock, AS.
! -->
<adm:managed-object name="administration-connector"
plural-name="administration-connectors"
@@ -163,4 +164,66 @@
</ldap:attribute>
</adm:profile>
</adm:property>
+ <adm:property name="ssl-protocol" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the SSL protocols that are allowed for
+ use in SSL or StartTLS communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but only
+ impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL protocols provided by the server's
+ JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-protocol</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-cipher-suite" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the SSL cipher suites that are allowed
+ for use in SSL communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but will
+ only impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL cipher suites provided by the
+ server's JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-cipher-suite</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
</adm:managed-object>
diff --git a/opends/src/admin/messages/AdministrationConnectorCfgDefn.properties b/opends/src/admin/messages/AdministrationConnectorCfgDefn.properties
index f098329..c39e8d7 100644
--- a/opends/src/admin/messages/AdministrationConnectorCfgDefn.properties
+++ b/opends/src/admin/messages/AdministrationConnectorCfgDefn.properties
@@ -10,5 +10,11 @@
property.listen-port.description=Only a single port number may be provided.
property.ssl-cert-nickname.synopsis=Specifies the nickname (also called the alias) of the certificate that the Administration Connector will use when performing SSL communication.
property.ssl-cert-nickname.default-behavior.alias.synopsis=Let the server decide.
+property.ssl-cipher-suite.synopsis=Specifies the names of the SSL cipher suites that are allowed for use in SSL communication.
+property.ssl-cipher-suite.default-behavior.alias.synopsis=Uses the default set of SSL cipher suites provided by the server's JVM.
+property.ssl-cipher-suite.requires-admin-action.synopsis=Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change.
+property.ssl-protocol.synopsis=Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication.
+property.ssl-protocol.default-behavior.alias.synopsis=Uses the default set of SSL protocols provided by the server's JVM.
+property.ssl-protocol.requires-admin-action.synopsis=Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.
property.trust-manager-provider.synopsis=Specifies the name of the trust manager that is used with the Administration Connector .
property.trust-manager-provider.syntax.aggregation.constraint-synopsis=The referenced trust manager provider must be enabled.
diff --git a/opends/src/server/org/opends/server/admin/AdministrationConnector.java b/opends/src/server/org/opends/server/admin/AdministrationConnector.java
index 605f479..2221182 100644
--- a/opends/src/server/org/opends/server/admin/AdministrationConnector.java
+++ b/opends/src/server/org/opends/server/admin/AdministrationConnector.java
@@ -457,7 +457,7 @@
*/
public SortedSet<String> getSSLCipherSuite()
{
- return ADMIN_SSL_CIPHER_SUITE;
+ return config.getSSLCipherSuite();
}
@@ -477,7 +477,7 @@
*/
public SortedSet<String> getSSLProtocol()
{
- return ADMIN_SSL_PROTOCOL;
+ return config.getSSLProtocol();
}
--
Gitblit v1.10.0