diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-09-19 13:32:05 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-09-19 13:32:05 +0200 |
commit | fe5deac0ec0cf6423638efdfd73a9e8dec71733c (patch) | |
tree | 39dc48de098e0f8b131c3a291cb4e9b006dfd40e /jdisc_http_service | |
parent | bd56cc7007feb7585f34a335dcc0692ee5e3cf1e (diff) |
Add connector config for requiring client authentication
Diffstat (limited to 'jdisc_http_service')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java | 2 | ||||
-rw-r--r-- | jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index a8dbf66f537..af83a159b2d 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -135,6 +135,8 @@ public class ConnectorFactory { Ssl sslConfig = connectorConfig.ssl(); final SslContextFactory factory = new SslContextFactory(); + factory.setNeedClientAuth(sslConfig.needClientAuth()); + if (!sslConfig.excludeProtocol().isEmpty()) { final String[] prots = new String[sslConfig.excludeProtocol().size()]; for (int i = 0; i < prots.length; i++) { diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def index 00b089ae3f9..45821b92f0f 100644 --- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def +++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def @@ -77,3 +77,6 @@ ssl.sslKeyManagerFactoryAlgorithm string default="SunX509" # The SSL protocol passed to SSLContext.getInstance() ssl.protocol string default="TLS" + +# Whether connector requires client authentication. See SSLEngine.getNeedClientAuth() for details. +ssl.needClientAuth bool default=false |