| commit 2c522795166c930741a9cecca76797bf48cb1634 |
| Author: Mark Thomas <markt@apache.org> |
| Date: Mon Jun 18 19:45:13 2018 +0000 |
| |
| Enable host name verification for secure WebSocket client connections by default. |
| |
| git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1833760 13f79535-47bb-0310-9956-ffa450edef68 |
| |
| diff --git a/java/org/apache/tomcat/websocket/WsWebSocketContainer.java b/java/org/apache/tomcat/websocket/WsWebSocketContainer.java |
| index ac5122a89c..b526022958 100644 |
| |
| |
| @@ -53,6 +53,7 @@ import java.util.concurrent.TimeoutException; |
| import javax.net.ssl.SSLContext; |
| import javax.net.ssl.SSLEngine; |
| import javax.net.ssl.SSLException; |
| +import javax.net.ssl.SSLParameters; |
| import javax.net.ssl.TrustManagerFactory; |
| import javax.websocket.ClientEndpoint; |
| import javax.websocket.ClientEndpointConfig; |
| @@ -363,7 +364,7 @@ public class WsWebSocketContainer |
| // proxy CONNECT, need to use TLS from this point on so wrap the |
| // original AsynchronousSocketChannel |
| SSLEngine sslEngine = createSSLEngine( |
| - clientEndpointConfiguration.getUserProperties()); |
| + clientEndpointConfiguration.getUserProperties(), host, port); |
| channel = new AsyncChannelWrapperSecure(socketChannel, sslEngine); |
| } else if (channel == null) { |
| // Only need to wrap as this point if it wasn't wrapped to process a |
| @@ -931,7 +932,7 @@ public class WsWebSocketContainer |
| } |
| |
| |
| - private SSLEngine createSSLEngine(Map<String,Object> userProperties) |
| + private SSLEngine createSSLEngine(Map<String,Object> userProperties, String host, int port) |
| throws DeploymentException { |
| |
| try { |
| @@ -979,7 +980,7 @@ public class WsWebSocketContainer |
| } |
| } |
| |
| - SSLEngine engine = sslContext.createSSLEngine(); |
| + SSLEngine engine = sslContext.createSSLEngine(host, port); |
| |
| String sslProtocolsValue = |
| (String) userProperties.get(SSL_PROTOCOLS_PROPERTY); |
| @@ -989,6 +990,14 @@ public class WsWebSocketContainer |
| |
| engine.setUseClientMode(true); |
| |
| + // Enable host verification |
| + // Start with current settings (returns a copy) |
| + SSLParameters sslParams = engine.getSSLParameters(); |
| + // Use HTTPS since WebSocket starts over HTTP(S) |
| + sslParams.setEndpointIdentificationAlgorithm("HTTPS"); |
| + // Write the parameters back |
| + engine.setSSLParameters(sslParams); |
| + |
| return engine; |
| } catch (Exception e) { |
| throw new DeploymentException(sm.getString( |
| diff -up webapps/docs/changelog.xml.orig webapps/docs/changelog.xml |
| |
| |
| @@ -84,6 +84,14 @@ |
| </fix> |
| </changelog> |
| </subsection> |
| + <subsection name="WebSocket"> |
| + <changelog> |
| + <fix> |
| + Enable host name verification when using TLS with the WebSocket client. |
| + (markt) |
| + </fix> |
| + </changelog> |
| + </subsection> |
| </section> |
| <section name="Tomcat 7.0.76-8 (csutherl)"> |
| <subsection name="Catalina"> |
| diff -up webapps/docs/web-socket-howto.xml.orig webapps/docs/web-socket-howto.xml |
| |
| |
| @@ -148,10 +148,21 @@ implement its own timeout mechanism to h |
| <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code></li> |
| </ul> |
| <p>The default truststore password is <code>changeit</code>.</p> |
| - <p>If the <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> property is |
| - set then the <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code> and |
| - <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code> properties |
| - will be ignored.</p> |
| + |
| +<p>If the <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> property is |
| + set then the <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code> and |
| + <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code> properties |
| + will be ignored.</p> |
| + |
| +<p>For secure server end points, host name verification is enabled by default. |
| + To bypass this verification (not recommended), it is necessary to provide a |
| + custom <code>SSLContext</code> via the |
| + <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> user property. The |
| + custom <code>SSLContext</code> must be configured with a custom |
| + <code>TrustManager</code> that extends |
| + <code>javax.net.ssl.X509ExtendedTrustManager</code>. The desired verification |
| + (or lack of verification) can then be controlled by appropriate |
| + implementations of the individual abstract methods.</p> |
| </section> |
| |
| <section name="Deprecated proprietary API"> |