summaryrefslogtreecommitdiffstats
path: root/jdisc_http_service/src/main
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2017-09-21 12:57:41 +0200
committerBjørn Christian Seime <bjorncs@oath.com>2017-09-21 12:57:41 +0200
commitadd0eefcc5bc009ade396d9e993ff08a42e33a37 (patch)
tree700c05ee0ebeaada76bfd6a726013918b07c9f98 /jdisc_http_service/src/main
parent51335316fec412440ecc62ba64137be462e3a75d (diff)
Expose config for configuring SSL to want client auth
Diffstat (limited to 'jdisc_http_service/src/main')
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java9
-rw-r--r--jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def4
2 files changed, 10 insertions, 3 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
index af83a159b2d..49a78aff684 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
@@ -135,7 +135,14 @@ public class ConnectorFactory {
Ssl sslConfig = connectorConfig.ssl();
final SslContextFactory factory = new SslContextFactory();
- factory.setNeedClientAuth(sslConfig.needClientAuth());
+ switch (sslConfig.clientAuth()) {
+ case NEED_AUTH:
+ factory.setNeedClientAuth(true);
+ break;
+ case WANT_AUTH:
+ factory.setWantClientAuth(true);
+ break;
+ }
if (!sslConfig.excludeProtocol().isEmpty()) {
final String[] prots = new String[sslConfig.excludeProtocol().size()];
diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
index 45821b92f0f..0a4cfc5680f 100644
--- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
+++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
@@ -78,5 +78,5 @@ ssl.sslKeyManagerFactoryAlgorithm string default="SunX509"
# The SSL protocol passed to SSLContext.getInstance()
ssl.protocol string default="TLS"
-# Whether connector requires client authentication. See SSLEngine.getNeedClientAuth() for details.
-ssl.needClientAuth bool default=false
+# Client authentication mode. See SSLEngine.getNeedClientAuth()/getWantClientAuth() for details.
+ssl.clientAuth enum { DISABLED, WANT_AUTH, NEED_AUTH } default=DISABLED