As you can see from the commit messages, I committed a variation on your
#1 approach that lets you define a JSSE_HOME environment variable to
locate the JSSE jar files. Coupled with registering the provider
automatically (your #2 approach), this simplifies the process of getting
set up to use SSL on Tomcat 4. Thanks for the patches!
Craig
On Mon, 10 Sep 2001, Wolfgang Hoschek wrote:
> Date: Mon, 10 Sep 2001 16:50:26 +0200
> From: Wolfgang Hoschek <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: [PATCH] SSLServerSocketFactory.java
>
> It itched me a lot that to enable SSL in TC4 a standard JDK has to be modified
> (copy JSSE libs into jdk/jre/lib/ext and add
> security.provider.3=com.sun.net.ssl.internal.ssl.Provider).
> This was not necessary in TC 3.2.x because of different class loading
> semantics.
> In our environment jdks cannot well be modified due to separate JDKs/archs,
> TCs, JSSEs, etc on shared read-only filesystems.
>
> So here are three TC4 patches (against the latest CVS) that allow JSSE to
> be picked up from anywhere on the filesystem.
> Patches are along the lines Craig suggested yesterday.
> 1) Modify catalina.sh and catalina.bat as indicated below to be able to add
> external jars to the system classpath (new env var CATALINA_SYSTEM_CLASSPATH).
> 2) Modify
>
>jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/net/SSLServerSocketFactory.java
> to dynamically add the com.sun.net.ssl.internal.ssl.Provider provider
>
> In case you don't like 1) because it allows external things to be added,
> then 2) is still of value because people don't need to write their own
> SSLServerSocketFactory
> Hope someone wants to try this out and commit before 4.0 FCS.
> Wolfgang.
>
> --- SSLServerSocketFactory.java.orig Fri Sep 7 20:39:08 2001
> +++ SSLServerSocketFactory.java Mon Sep 10 15:31:16 2001
> @@ -386,6 +386,14 @@
> Security.addProvider(new sun.security.provider.Sun());
> Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
> */
> + // even if jsse provider is already installed it can't hurt to
> make sure
> + // and we do need to install it here if it isn't hard-wired in
> jdk/jre/lib/security/java.security
> + try {
> +
> java.security.Security.addProvider(((java.security.Provider)
> Class.forName("com.sun.net.ssl.internal.ssl.Provider").newInstance()));
> + }
> + catch (IllegalAccessException exc) {}
> + catch (ClassNotFoundException exc) {}
> + catch (InstantiationException exc) {}
>
> // Create an SSL context used to create an SSL socket factory
> SSLContext context = SSLContext.getInstance(protocol);
>
>
>
> --- jakarta-tomcat-4.0/catalina/src/bin/catalina.sh.orig Sat Sep 8
> 12:13:28 2001
> +++ jakarta-tomcat-4.0/catalina/src/bin/catalina.sh Mon Sep 10 16:28:25 2001
> @@ -70,6 +70,12 @@
> CP=$CP:"$JAVA_HOME/lib/tools.jar"
> fi
>
> +# add CATALINA_SYSTEM_CLASSPATH custom jars to classpath. For example define
> +# export
>
>CATALINA_SYSTEM_CLASSPATH=/path/to/jsse/lib/jsse.jar:/path/to/jsse/lib/jnet.jar:/path/to/jsse/lib/jcert.jar
> +if [ ! -z "$CATALINA_SYSTEM_CLASSPATH" ] ; then
> + CP=$CP:$CATALINA_SYSTEM_CLASSPATH
> +fi
> +
> # convert the existing path to windows
> if [ "$OSTYPE" = "cygwin32" ] || [ "$OSTYPE" = "cygwin" ] ; then
> CP=`cygpath --path --windows "$CP"`
>
>
>
>
>
>
> --- jakarta-tomcat-4.0/catalina/src/bin/catalina.bat.orig Mon Aug 27
> 21:10:25 2001
> +++ jakarta-tomcat-4.0/catalina/src/bin/catalina.bat Mon Sep 10 16:16:43 2001
> @@ -65,6 +65,11 @@
> rem ----- Set Up The Runtime Classpath
> ----------------------------------------
>
> set CP=%CATALINA_HOME%\bin\bootstrap.jar;%JAVA_HOME%\lib\tools.jar
> +
> +# add CATALINA_SYSTEM_CLASSPATH custom jars to classpath. For example define
> +# set
>
>CATALINA_SYSTEM_CLASSPATH=\path\to\jsse\lib\jsse.jar;\path\to\jsse\lib\jnet.jar;\path\to\jsse\lib\jcert.jar
> +set CP=%CP%;%CATALINA_SYSTEM_CLASSPATH%
> +
> set CLASSPATH=%CP%
> echo Using CATALINA_BASE: %CATALINA_BASE%
> echo Using CATALINA_HOME: %CATALINA_HOME%
