\r
#### changes\r
\r
+- Added server setting to specify keystore alias for ssl certificate (issue 98)\r
- Added optional global and per-repository activity page commit contribution throttle to help tame *really* active repositories (issue 173)\r
- Added support for symlinks in tree page and commit page (issue 171)\r
- All access restricted servlets (e.g. DownloadZip, RSS, etc) will try to authenticate using X509 certificates, container principals, cookies, and BASIC headers, in that order.\r
});\r
\r
if (serverKeyStore.exists()) { \r
- Connector secureConnector = createSSLConnector(serverKeyStore, serverTrustStore, params.storePassword,\r
+ Connector secureConnector = createSSLConnector(params.alias, serverKeyStore, serverTrustStore, params.storePassword,\r
caRevocationList, params.useNIO, params.securePort, params.requireClientCertificates);\r
String bindInterface = settings.getString(Keys.server.httpsBindInterface, null);\r
if (!StringUtils.isEmpty(bindInterface)) {\r
* SSL renegotiation will be enabled if the JVM is 1.6.0_22 or later.\r
* oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html\r
* \r
+ * @param certAlias\r
* @param keyStore\r
* @param clientTrustStore\r
* @param storePassword\r
* @param requireClientCertificates\r
* @return an https connector\r
*/\r
- private static Connector createSSLConnector(File keyStore, File clientTrustStore,\r
+ private static Connector createSSLConnector(String certAlias, File keyStore, File clientTrustStore,\r
String storePassword, File caRevocationList, boolean useNIO, int port, \r
boolean requireClientCertificates) {\r
SslContextFactory sslContext = new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH);\r
sslContext.setTrustStore(clientTrustStore.getAbsolutePath());\r
sslContext.setTrustStorePassword(storePassword);\r
sslContext.setCrlPath(caRevocationList.getAbsolutePath());\r
+ if (!StringUtils.isEmpty(certAlias)) {\r
+ logger.info(" certificate alias = " + certAlias);\r
+ sslContext.setCertAlias(certAlias);\r
+ }\r
connector.setPort(port);\r
connector.setMaxIdleTime(30000);\r
return connector;\r
@Parameter(names = "--ajpPort", description = "AJP port to serve. (port <= 0 will disable this connector)")\r
public Integer ajpPort = FILESETTINGS.getInteger(Keys.server.ajpPort, 0);\r
\r
+ @Parameter(names = "--alias", description = "Alias of SSL certificate in keystore for serving https.")\r
+ public String alias = FILESETTINGS.getString(Keys.server.certificateAlias, "");\r
+\r
@Parameter(names = "--storePassword", description = "Password for SSL (https) keystore.")\r
public String storePassword = FILESETTINGS.getString(Keys.server.storePassword, "");\r
\r
projects / gitblit.git / commitdiff