[jetty-dev] trying to get jetty properties honored in private SSL module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-dev] trying to get jetty properties honored in private SSL module

From: Brian Reichert <reichert@xxxxxxxxxxx>
Date: Mon, 9 Oct 2017 15:11:43 -0400
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mutt/1.5.9i

I'm using jetty 9.3.21.v20170918, and I'm running into inconsistent
behavior about processing jetty properties.

The inconsistency is that this setting seemes to be only honored
from the start.ini file, but not from within a module file.

I'd appreciate a second set of eyes, if someone is willing to review. I must
be missing something basic here. :/

I'm specifically trying to set

  jetty.sslContext.wantClientAuth=true

Here, I do all my testing from
'jetty-distribution-9.3.21.v20170918/demo-base':

Create my own module based on the stock 'ssl' module; alter it to
set the property's value; basically, replace the commented-out
property with the value I want:

  cp -p ../modules/ssl.mod modules/my-ssl.mod
  perl -pi -e 's/^ssl$/my-ssl/' modules/my-ssl.mod
  perl -pi -e 's/^(# )*(jetty.sslContext.wantClientAuth)=.*/${2}=true/' \
    modules/my-ssl.mod
  grep wantClientAuth modules/my-ssl.mod

    (shows jetty.sslContext.wantClientAuth=true in [ini-template])

Observe that this property doesn't show up in '--list-config':

  java -jar ../start.jar --module=my-ssl --list-config | grep wantClientAuth

If I add it to start.ini, it now shows up:

  echo jetty.sslContext.wantClientAuth=true >> start.ini
  java -jar ../start.jar --module=my-ssl --list-config | grep wantClientAuth

   (shows jetty.sslContext.wantClientAuth = true)

Should --list-config show my setting in my module?

I'm testing the effect using OpenSSL.  When working, that looks
like this:

  openssl s_client -connect localhost:8443 \
    -state -debug -cert example.pem -key example.pem < /dev/null 2>&1 |
  grep 'write client certificate'

And the result looks like this:

  0220 - d1 64 40 4a 27 10 e4 28-0d 5d a7 cSSL_connect:SSLv3 write client certificate A

So, irrespective of what '--list-config' presents, I can test to
see if the property is indeed being utilized my the module.

-- 
Brian Reichert				<reichert@xxxxxxxxxxx>
BSD admin/developer at large

Follow-Ups:
- Re: [jetty-dev] trying to get jetty properties honored in private SSL module
  - From: Chris Walker

Prev by Date: Re: [jetty-dev] setting up multiple SSL listeners
Next by Date: Re: [jetty-dev] trying to get jetty properties honored in private SSL module
Previous by thread: [jetty-dev] setting up multiple SSL listeners
Next by thread: Re: [jetty-dev] trying to get jetty properties honored in private SSL module
Index(es):
- Date
- Thread

Breadcrumbs