mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
Browse Source

Allow SSL renegotiation on Java 1.6.0_22 and later

tags/v0.7.0
James Moger 12 years ago
parent
63ee41d918
commit
c7ebb24071
3 changed files with 23 additions and 1 deletions
Split View Show Diff Stats
  1. 1
    0
      docs/00_index.mkd
  2. 1
    0
      docs/04_releases.mkd
  3. 21
    1
      src/com/gitblit/GitBlitServer.java

+ 1
- 0
docs/00_index.mkd View File

@@ -28,6 +28,7 @@ Gitblit requires a Java 6 Runtime Environment (JRE) or a Java 6 Development Kit
**%VERSION%** ([go](http://code.google.com/p/gitblit/downloads/detail?name=%GO%)|[war](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%)|[fedclient](http://code.google.com/p/gitblit/downloads/detail?name=%FEDCLIENT%)) based on [%JGIT%][jgit]   *released %BUILDDATE%*
- fixed: Gitblit GO allows SSL renegotiation if running on Java 1.6.0_22 or later
- added: IUserService.setup(IStoredSettings) for custom user service implementations
issues, binaries, and sources @ [Google Code][googlecode]<br/>

+ 1
- 0
docs/04_releases.mkd View File

@@ -3,6 +3,7 @@
### Current Release
**%VERSION%** ([go](http://code.google.com/p/gitblit/downloads/detail?name=%GO%)|[war](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%)|[fedclient](http://code.google.com/p/gitblit/downloads/detail?name=%FEDCLIENT%)) based on [%JGIT%][jgit] &nbsp; *released %BUILDDATE%*
- fixed: Gitblit GO allows SSL renegotiation if running on Java 1.6.0_22 or later
- added: IUserService.setup(IStoredSettings) for custom user service implementations
### Older Releases

+ 21
- 1
src/com/gitblit/GitBlitServer.java View File

@@ -288,6 +288,9 @@ public class GitBlitServer {
/**
* Creates an https connector.
*
* SSL renegotiation will be enabled if the JVM is 1.6.0_22 or later.
* oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html
*
* @param keystore
* @param password
* @param useNIO
@@ -308,7 +311,24 @@ public class GitBlitServer {
SslSocketConnector ssl = new SslSocketConnector();
connector = ssl;
}
connector.setAllowRenegotiate(false);
// disable renegotiation unless this is a patched JVM
boolean allowRenegotiation = false;
String v = System.getProperty("java.version");
if (v.startsWith("1.7")) {
allowRenegotiation = true;
} else if (v.startsWith("1.6")) {
// 1.6.0_22 was first release with RFC-5746 implemented fix.
if (v.indexOf('_') > -1) {
String b = v.substring(v.indexOf('_') + 1);
if (Integer.parseInt(b) >= 22) {
allowRenegotiation = true;
}
}
}
if (allowRenegotiation) {
logger.info(" allowing SSL renegotiation on Java " + v);
}
connector.setAllowRenegotiate(true);
connector.setKeystore(keystore.getAbsolutePath());
connector.setPassword(password);
connector.setPort(port);

Write Preview
Loading…
Cancel
Save