Jetty

Fix checked in to svn head.

double check this and perhaps do this for jetty 5

Email received from Jonathan Rippy:

Hi Jan,

The fix described at the JIRA link, when made against the 5.x released
source code, fixes our problems with AIX and the IBM JVM.

In the file [src/org/mortbay/http/SslListener.java] changing

private String _algorithm = "SunX509";

To be

private String _algorithm =
Security.getProperty("ssl.KeyManagerFactory.algorithm");

So, it¹s a very small change (and the one you already made into the 6.x
branch) I believe.

I did some tests below with various JVMs to illustrate the
Security.getProperty call.

I did notice that under the Gnu JVM, it returns 'null'. However, I'm not
sure if this is a JVM you support with Jetty? If it is a JVM you support,
then it might be worth having the code do the following to maintain the
status quo with what it is doing today for the Gnu JVM.

private String _algorithm =
Security.getProperty("ssl.KeyManagerFactory.algorithm");
if (_algorithm == null) {
_algorithm = "SunX509";
}

---------------------------------------------------------------------------

An example HelloWorld for this property on different JVMs:

$ cat test/HelloWorld.java
package test;
import java.security.*;
public class HelloWorld {
public static void main(String[] args) {

System.out.println(Security.getProperty("ssl.KeyManagerFactory.algorithm"));
}
}

[Linux with Sun JVM]
$ java -version
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
$ java test.HelloWorld
SunX509

[AIX with IBM JVM]
$ java -version
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build pap32dev-20051104)
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 AIX ppc-32 j9vmap3223-20051103
(JIT enabled)
J9VM - 20051027_03723_bHdSMR
JIT - 20051027_1437_r8
GC - 20051020_AA)
JCL - 20051102
$ java test.HelloWorld
IbmX509

[HP with Sun JVM]
$ java -version
java version "1.5.0.04"
Java(TM) 2 Runtime Environment, Standard Edition (build
1.5.0.04-_27_jul_2006_10_52)
Java HotSpot(TM) Server VM (build 1.5.0.04 jinteg:07.27.06-09:57 PA2.0
(aCC_AP), mixed mode)
$ java test.HelloWorld
SunX509

[Mac OS X with Sun JVM]
$ java -version
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-112)
Java HotSpot(TM) Client VM (build 1.5.0_06-64, mixed mode, sharing)
$ java test.HelloWorld
SunX509

[Ubuntu with Gnu JVM]

$ java -version
java version "1.4.2"
gij (GNU libgcj) version 4.1.0 (Ubuntu 4.1.0-1ubuntu8)

Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ java test.HelloWorld
null

I modified:

org.mortbay.jetty.security.SslSelectChannelConnector:
private String _sslKeyManagerFactoryAlgorithm = (Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm"));
private String _sslTrustManagerFactoryAlgorithm = (Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm"));

org.mortbay.jetty.security.SslSocketConnector:
private String _sslKeyManagerFactoryAlgorithm = (Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm"));
private String _sslTrustManagerFactoryAlgorithm = (Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm"));

Nik, please verify my changes to the ssl connectors. Thanks.

using Security.getProperty works for SslSelectChannelConnector and SslSocketConnector. The respective property values in the jdk's java.security file were used.

This appears to be resolved for jetty6. It is also scheduled for next release of jetty5.