etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-8160: use preferable protocols 

(cherry picked from commit debfcdef78)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Conflicts:
	client/tomcatconf/server7-nonssl.xml.in
	client/tomcatconf/server7-ssl.xml.in
	engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
	plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
	plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerConnectionPool.java
	plugins/network-elements/opendaylight/src/main/java/org/apache/cloudstack/network/opendaylight/api/NeutronRestApi.java
	plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
	plugins/storage/volume/cloudbyte/src/org/apache/cloudstack/storage/datastore/util/ElastistorUtil.java
	plugins/storage/volume/nexenta/src/org/apache/cloudstack/storage/datastore/util/NexentaNmsClient.java
	plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java
	pom.xml
	services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
	services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
	systemvm/scripts/config_ssl.sh
	utils/src/com/cloud/utils/nio/NioClient.java
	utils/src/com/cloud/utils/rest/RESTServiceConnector.java
	utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
	vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
This commit is contained in:
Rohit Yadav 2015-01-21 18:01:34 +05:30
parent bd5fe46e53
commit 53c0ab856a
22 changed files with 143 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/tomcatconf/server-nonssl.xml.in
View File

@ -82,7 +82,7 @@
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1"
keystoreType="PKCS12"
keystoreFile="conf\cloud-localhost.pk12"
keystorePass="password"

2
client/tomcatconf/server-ssl.xml.in
View File

@ -82,7 +82,7 @@
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1"
keystoreType="PKCS12"
keystoreFile="conf\cloud-localhost.pk12"
keystorePass="password"

3
engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
View File

@ -51,6 +51,8 @@ import org.apache.cloudstack.managed.context.ManagedContextTimerTask;
import org.apache.cloudstack.utils.identity.ManagementServerNode;
import org.apache.log4j.Logger;
import org.apache.cloudstack.utils.security.SSLUtils;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.CancelCommand;
@ -499,6 +501,7 @@ public class ClusteredAgentManagerImpl extends AgentManagerImpl implements Clust
SSLContext sslContext = Link.initSSLContext(true);
sslEngine = sslContext.createSSLEngine(ip, Port.value());
sslEngine.setUseClientMode(true);
sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols()));
Link.doHandshake(ch, sslEngine, true);
s_logger.info("SSL: Handshake done");

9
plugins/event-bus/rabbitmq/src/org/apache/cloudstack/mom/rabbitmq/RabbitMQEventBus.java
View File

@ -47,6 +47,7 @@ public class RabbitMQEventBus extends ManagerBase implements EventBus {
private static Integer port;
private static String username;
private static String password;
private static String secureProtocol = "TLSv1.2";
public static void setVirtualHost(String virtualHost) {
RabbitMQEventBus.virtualHost = virtualHost;
@ -141,6 +142,10 @@ public class RabbitMQEventBus extends ManagerBase implements EventBus {
this.port = port;
}
public void setSecureProtocol(String protocol) {
RabbitMQEventBus.secureProtocol = protocol;
}
public void setName(String name) {
this.name = name;
}
@ -369,7 +374,7 @@ public class RabbitMQEventBus extends ManagerBase implements EventBus {
}
if (useSsl != null && !useSsl.isEmpty() && useSsl.equalsIgnoreCase("true")) {
factory.useSslProtocol();
factory.useSslProtocol(this.secureProtocol);
}
Connection connection = factory.newConnection();
connection.addShutdownListener(disconnectHandler);
@ -605,4 +610,4 @@ public class RabbitMQEventBus extends ManagerBase implements EventBus {
return;
}
}
}
}

5
plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/XenServerConnectionPool.java
View File

@ -38,6 +38,9 @@ import org.apache.xmlrpc.client.XmlRpcClientException;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.PropertiesUtil;
import com.cloud.utils.exception.CloudRuntimeException;
import org.apache.cloudstack.utils.security.SSLUtils;
import com.xensource.xenapi.APIVersion;
import com.xensource.xenapi.Connection;
import com.xensource.xenapi.Host;
@ -79,7 +82,7 @@ public class XenServerConnectionPool {
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new TrustAllManager();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("TLS");
javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier hv = new HostnameVerifier() {

5
plugins/network-elements/palo-alto/src/com/cloud/network/utils/HttpClientWrapper.java
View File

@ -24,6 +24,9 @@ import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
@ -38,7 +41,7 @@ public class HttpClientWrapper {
public static HttpClient wrapClient(HttpClient base) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
SSLContext ctx = SSLUtils.getSSLContext();
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {

4
plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java
View File

@ -47,6 +47,8 @@ import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.BasicClientConnectionManager;
import com.cloud.utils.exception.CloudRuntimeException;
import org.apache.cloudstack.utils.security.SSLUtils;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
@ -1011,7 +1013,7 @@ public class SolidFireUtil
private static DefaultHttpClient getHttpClient(int iPort) {
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
SSLContext sslContext = SSLUtils.getSSLContext();
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}

7
pom.xml
View File

@ -58,8 +58,9 @@
<cs.gson.version>1.7.2</cs.gson.version>
<cs.guava.version>14.0-rc1</cs.guava.version>
<cs.xapi.version>5.6.100-1</cs.xapi.version>
<cs.httpclient.version>3.1</cs.httpclient.version>
<cs.httpcore.version>4.2.1</cs.httpcore.version>
<cs.httpclient.version>4.3.6</cs.httpclient.version>
<cs.httpcore.version>4.3.3</cs.httpcore.version>
<cs.commons-httpclient.version>3.1</cs.commons-httpclient.version>
<cs.mysql.version>5.1.21</cs.mysql.version>
<cs.xstream.version>1.3.1</cs.xstream.version>
<cs.xmlrpc.version>3.1.3</cs.xmlrpc.version>
@ -318,7 +319,7 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${cs.httpcore.version}</version>
<version>${cs.httpclient.version}</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>

2
services/console-proxy-rdp/rdpconsole/src/main/java/streamer/SocketWrapperImpl.java
View File

@ -140,7 +140,7 @@ public class SocketWrapperImpl extends PipelineImpl implements SocketWrapper {
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
sslSocket = (SSLSocket)sslSocketFactory.createSocket(socket, address.getHostName(), address.getPort(), true);
sslSocket.setEnabledProtocols(new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
sslSocket.startHandshake();
InputStream sis = sslSocket.getInputStream();

11
services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
View File

@ -21,6 +21,7 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import org.apache.cloudstack.utils.security.SSLUtils;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@ -68,7 +69,7 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
tmf.init(ks);
s_logger.info("Trust manager factory is initialized");
sslContext = SSLContext.getInstance("TLS");
sslContext = SSLUtils.getSSLContext();
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
s_logger.info("SSL context is initialized");
} catch (Exception ioe) {
@ -90,8 +91,8 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
s_logger.info("Trust manager factory is initialized");
sslContext = SSLContext.getInstance("TLS");
sslContext = SSLUtils.getSSLContext();
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
s_logger.info("SSL context is initialized");
} catch(Exception e) {
@ -133,8 +134,10 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
try {
SSLServerSocket srvSock = null;
SSLServerSocketFactory ssf = sslContext.getServerSocketFactory();
srvSock = (SSLServerSocket) ssf.createServerSocket(port);
srvSock.setEnabledProtocols(SSLUtils.getSupportedProtocols(srvSock.getEnabledProtocols()));
s_logger.info("create SSL server socket on port: " + port);
return srvSock;
} catch (Exception ioe) {

27
services/console-proxy/server/src/com/cloud/consoleproxy/util/RawHTTP.java
View File

@ -16,6 +16,8 @@
// under the License.
package com.cloud.consoleproxy.util;
import org.apache.cloudstack.utils.security.SSLUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@ -136,8 +138,16 @@ public final class RawHTTP {
private Socket _getSocket() throws IOException {
if (useSSL) {
SSLContext context = getClientSSLContext();
if(context == null)
SSLContext context = null;
try {
context = SSLUtils.getSSLContext("SunJSSE");
} catch (NoSuchAlgorithmException e) {
s_logger.error("Unexpected exception ", e);
} catch (NoSuchProviderException e) {
s_logger.error("Unexpected exception ", e);
}
if (context == null)
throw new IOException("Unable to setup SSL context");
SSLSocket ssl = null;
@ -145,6 +155,7 @@ public final class RawHTTP {
context.init(null, trustAllCerts, new SecureRandom());
SocketFactory factory = context.getSocketFactory();
ssl = (SSLSocket) factory.createSocket(host, port);
ssl.setEnabledProtocols(SSLUtils.getSupportedProtocols(ssl.getEnabledProtocols()));
/* ssl.setSSLParameters(context.getDefaultSSLParameters()); */
} catch (IOException e) {
s_logger.error("IOException: " + e.getMessage(), e);
@ -234,16 +245,4 @@ public final class RawHTTP {
}
}
}
private SSLContext getClientSSLContext() {
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("SSL", "SunJSSE");
} catch (NoSuchAlgorithmException e) {
s_logger.error("Unexpected exception ", e);
} catch (NoSuchProviderException e) {
s_logger.error("Unexpected exception ", e);
}
return sslContext;
}
}

1
systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
View File

@ -42,6 +42,7 @@
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See

1
systemvm/patches/debian/config/etc/apache2/vhostexample.conf
View File

@ -86,6 +86,7 @@
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See

6
systemvm/scripts/config_ssl.sh
View File

@ -36,6 +36,7 @@ config_httpd_conf() {
echo " DocumentRoot /var/www/html/" >> /etc/httpd/conf/httpd.conf
echo " ServerName $srvr" >> /etc/httpd/conf/httpd.conf
echo " SSLEngine on" >> /etc/httpd/conf/httpd.conf
echo " SSLProtocol all -SSLv2 -SSLv3" >> /etc/httpd/conf/httpd.conf
echo " SSLCertificateFile /etc/httpd/ssl/certs/realhostip.crt" >> /etc/httpd/conf/httpd.conf
echo " SSLCertificateKeyFile /etc/httpd/ssl/keys/realhostip.key" >> /etc/httpd/conf/httpd.conf
echo "</VirtualHost>" >> /etc/httpd/conf/httpd.conf
@ -53,6 +54,11 @@ config_apache2_conf() {
sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf
sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl
sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl
sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl
if [ -f /etc/ssl/certs/cert_apache_chain.crt ]
then
sed -i -e "s/#SSLCertificateChainFile.*/SSLCertificateChainFile \/etc\/ssl\/certs\/cert_apache_chain.crt/" /etc/apache2/sites-available/default-ssl
fi
}
copy_certs() {

2
test/pom.xml
View File

@ -67,7 +67,7 @@
<dependency>
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
<version>${cs.httpclient.version}</version>
<version>${cs.commons-httpclient.version}</version>
</dependency>
</dependencies>
<build>

5
utils/src/com/cloud/utils/nio/Link.java
View File

@ -40,6 +40,7 @@ import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.log4j.Logger;
import com.cloud.utils.PropertiesUtil;
@ -433,7 +434,7 @@ public class Link {
tms[0] = new TrustAllManager();
}
sslContext = SSLContext.getInstance("TLS");
sslContext = SSLUtils.getSSLContext();
sslContext.init(kmf.getKeyManagers(), tms, null);
if (s_logger.isTraceEnabled()) {
s_logger.trace("SSL: SSLcontext has been initialized");
@ -460,7 +461,7 @@ public class Link {
ByteBuffer out_appBuf =
ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
int count;
ch.socket().setSoTimeout(10 * 1000);
ch.socket().setSoTimeout(30 * 1000);
InputStream inStream = ch.socket().getInputStream();
// Use readCh to make sure the timeout on reading is working
ReadableByteChannel readCh = Channels.newChannel(inStream);

3
utils/src/com/cloud/utils/nio/NioClient.java
View File

@ -27,6 +27,8 @@ import javax.net.ssl.SSLEngine;
import org.apache.log4j.Logger;
import org.apache.cloudstack.utils.security.SSLUtils;
public class NioClient extends NioConnection {
private static final Logger s_logger = Logger.getLogger(NioClient.class);
@ -75,6 +77,7 @@ public class NioClient extends NioConnection {
SSLContext sslContext = Link.initSSLContext(true);
sslEngine = sslContext.createSSLEngine(_host, _port);
sslEngine.setUseClientMode(true);
sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols()));
Link.doHandshake(sch, sslEngine, true);
s_logger.info("SSL: Handshake done");

3
utils/src/com/cloud/utils/nio/NioConnection.java
View File

@ -38,6 +38,8 @@ import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.log4j.Logger;
import com.cloud.utils.concurrency.NamedThreadFactory;
@ -193,6 +195,7 @@ public abstract class NioConnection implements Runnable {
sslEngine = sslContext.createSSLEngine();
sslEngine.setUseClientMode(false);
sslEngine.setNeedClientAuth(false);
sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols()));
Link.doHandshake(socketChannel, sslEngine, false);

51
utils/src/org/apache/cloudstack/utils/security/SSLUtils.java Normal file
View File

@ -0,0 +1,51 @@
//
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
//
package org.apache.cloudstack.utils.security;
import org.apache.log4j.Logger;
import javax.net.ssl.SSLContext;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.HashSet;
import java.util.Set;
public class SSLUtils {
public static final Logger s_logger = Logger.getLogger(SSLUtils.class);
public static String[] getSupportedProtocols(String[] protocols) {
Set set = new HashSet();
for (String s : protocols) {
if (s.equals("SSLv3") || s.equals("SSLv2Hello")) {
continue;
}
set.add(s);
}
return (String[]) set.toArray(new String[set.size()]);
}
public static SSLContext getSSLContext() throws NoSuchAlgorithmException {
return SSLContext.getInstance("TLSv1.2");
}
public static SSLContext getSSLContext(String provider) throws NoSuchAlgorithmException, NoSuchProviderException {
return SSLContext.getInstance("TLSv1.2", provider);
}
}

65
utils/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
View File

@ -39,8 +39,11 @@ import java.net.UnknownHostException;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import org.apache.cloudstack.utils.security.SSLUtils;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClientError;
import org.apache.commons.httpclient.params.HttpConnectionParams;
@ -111,7 +114,7 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
private static SSLContext createEasySSLContext() {
try {
SSLContext context = SSLContext.getInstance("SSL");
SSLContext context = SSLUtils.getSSLContext();
context.init(
null,
new TrustManager[] {new EasyX509TrustManager(null)},
@ -130,22 +133,11 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
return this.sslcontext;
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
*/
public Socket createSocket(
String host,
int port,
InetAddress clientHost,
int clientPort)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(
host,
port,
clientHost,
clientPort
);
@Override
public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException {
SSLSocket socket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);
socket.setEnabledProtocols(SSLUtils.getSupportedProtocols(socket.getEnabledProtocols()));
return socket;
}
/**
@ -159,8 +151,8 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
*
* @param host the host name/IP
* @param port the port on the host
* @param clientHost the local host name/IP to bind the socket to
* @param clientPort the port on the local machine
* @param localAddress the local host name/IP to bind the socket to
* @param localPort the port on the local machine
* @param params {@link HttpConnectionParams Http connection parameters}
*
* @return Socket a new socket
@ -184,7 +176,8 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
if (timeout == 0) {
return socketfactory.createSocket(host, port, localAddress, localPort);
} else {
Socket socket = socketfactory.createSocket();
SSLSocket socket = (SSLSocket) socketfactory.createSocket();
socket.setEnabledProtocols(SSLUtils.getSupportedProtocols(socket.getEnabledProtocols()));
SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
SocketAddress remoteaddr = new InetSocketAddress(host, port);
socket.bind(localaddr);
@ -193,32 +186,16 @@ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory
}
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
*/
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(
host,
port
);
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
SSLSocket socket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(host, port);
socket.setEnabledProtocols(SSLUtils.getSupportedProtocols(socket.getEnabledProtocols()));
return socket;
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
*/
public Socket createSocket(
Socket socket,
String host,
int port,
boolean autoClose)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(
socket,
host,
port,
autoClose
);
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
SSLSocket s= (SSLSocket) getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
s.setEnabledProtocols(SSLUtils.getSupportedProtocols(s.getEnabledProtocols()));
return s;
}
public boolean equals(Object obj) {

4
vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareClient.java
View File

@ -32,6 +32,8 @@ import javax.xml.ws.WebServiceException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.utils.security.SSLUtils;
import com.vmware.vim25.DynamicProperty;
import com.vmware.vim25.InvalidCollectorVersionFaultMsg;
import com.vmware.vim25.InvalidPropertyFaultMsg;
@ -103,7 +105,7 @@ public class VmwareClient {
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new TrustAllTrustManager();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
javax.net.ssl.SSLSessionContext sslsc = sc.getServerSessionContext();
sslsc.setSessionTimeout(0);
sc.init(null, trustAllCerts, null);

3
vmware-base/src/com/cloud/hypervisor/vmware/util/VmwareContext.java
View File

@ -40,6 +40,7 @@ import javax.net.ssl.SSLSession;
import javax.xml.ws.soap.SOAPFaultException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.utils.security.SSLUtils;
import com.cloud.hypervisor.vmware.mo.DatacenterMO;
import com.cloud.hypervisor.vmware.mo.DatastoreFile;
@ -77,7 +78,7 @@ public class VmwareContext {
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new TrustAllManager();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());