diff options
| author | Jose <jose@zeroc.com> | 2019-09-06 18:49:02 +0200 |
|---|---|---|
| committer | Jose <jose@zeroc.com> | 2019-09-06 18:52:30 +0200 |
| commit | f77a9b7847525d56ba64a0631652401885457a9e (patch) | |
| tree | a3283476120c498a6e28bc0712d51886e64125e3 /java | |
| parent | Mark SNI support in UWP as not tested (diff) | |
| download | ice-f77a9b7847525d56ba64a0631652401885457a9e.tar.bz2 ice-f77a9b7847525d56ba64a0631652401885457a9e.tar.xz ice-f77a9b7847525d56ba64a0631652401885457a9e.zip | |
Enable SNI extension with CheckCertName > 1
- Remove IceSSL.ServerNameIndication, IceSSL.CheckCertName = 2 should be used
instead.
- Minor style fixes
Diffstat (limited to 'java')
| -rw-r--r-- | java/src/Ice/src/main/java/com/zeroc/IceInternal/PropertyNames.java | 3 | ||||
| -rw-r--r-- | java/src/IceSSL/src/main/java/com/zeroc/IceSSL/SSLEngine.java | 17 |
2 files changed, 8 insertions, 12 deletions
diff --git a/java/src/Ice/src/main/java/com/zeroc/IceInternal/PropertyNames.java b/java/src/Ice/src/main/java/com/zeroc/IceInternal/PropertyNames.java index 3b1cbb414c5..60078543e6f 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceInternal/PropertyNames.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceInternal/PropertyNames.java @@ -1,7 +1,7 @@ // // Copyright (c) ZeroC, Inc. All rights reserved. // -// Generated by makeprops.py from file ./config/PropertyNames.xml, Mon Aug 19 09:05:47 2019 +// Generated by makeprops.py from file ./config/PropertyNames.xml, Fri Sep 6 18:11:04 2019 // IMPORTANT: Do not edit this file -- any edits made here will be lost! @@ -1118,7 +1118,6 @@ public final class PropertyNames new Property("IceSSL\\.ProtocolVersionMin", false, null), new Property("IceSSL\\.Random", false, null), new Property("IceSSL\\.SchannelStrongCrypto", false, null), - new Property("IceSSL\\.ServerNameIndication", false, null), new Property("IceSSL\\.Trace\\.Security", false, null), new Property("IceSSL\\.TrustOnly", false, null), new Property("IceSSL\\.TrustOnly\\.Client", false, null), diff --git a/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/SSLEngine.java b/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/SSLEngine.java index e4170efe016..1c0c9d24168 100644 --- a/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/SSLEngine.java +++ b/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/SSLEngine.java @@ -90,10 +90,10 @@ class SSLEngine _checkCertName = properties.getPropertyAsIntWithDefault(prefix + "CheckCertName", 0) > 0; // - // ServerNameIndication determines whether the SNI extension applies to client connections, + // CheckCertName > 1 enables SNI, the SNI extension applies to client connections, // indicating the hostname to the server (must be DNS hostname, not an IP address). // - _serverNameIndication = properties.getPropertyAsIntWithDefault(prefix + "ServerNameIndication", 1) > 0; + _serverNameIndication = properties.getPropertyAsIntWithDefault(prefix + "CheckCertName", 0) > 1; // // VerifyDepthMax establishes the maximum length of a peer's certificate @@ -886,25 +886,22 @@ class SSLEngine } // Server name indication - if (!incoming && _serverNameIndication) + if(!incoming && _serverNameIndication) { SNIHostName serverName = null; try { serverName = new SNIHostName(host); - } - catch(IllegalArgumentException ex) - { - // Invalid SNI hostname, ignore because it might be an IP - } - if (serverName != null) - { SSLParameters sslParams = engine.getSSLParameters(); List<SNIServerName> serverNames = new ArrayList<>(); serverNames.add(serverName); sslParams.setServerNames(serverNames); engine.setSSLParameters(sslParams); } + catch(IllegalArgumentException ex) + { + // Invalid SNI hostname, ignore because it might be an IP + } } try |