From 4c835e61e8ea2d5af2acf0c85c3c1f0d06f419df Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 26 Oct 2011 17:19:55 -0400
Subject: [PATCH] Documentation.

---
 src/com/gitblit/GitBlitServer.java |   28 ++++++++++++++++++++++++----
 1 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/src/com/gitblit/GitBlitServer.java b/src/com/gitblit/GitBlitServer.java
index 039f59d..1b079de 100644
--- a/src/com/gitblit/GitBlitServer.java
+++ b/src/com/gitblit/GitBlitServer.java
@@ -147,7 +147,7 @@
 			Connector httpConnector = createConnector(params.useNIO, params.port);
 			String bindInterface = settings.getString(Keys.server.httpBindInterface, null);
 			if (!StringUtils.isEmpty(bindInterface)) {
-				logger.warn(MessageFormat.format("Binding connector on port {0} to {1}",
+				logger.warn(MessageFormat.format("Binding connector on port {0,number,0} to {1}",
 						params.port, bindInterface));
 				httpConnector.setHost(bindInterface);
 			}
@@ -170,7 +170,7 @@
 						params.useNIO, params.securePort);
 				String bindInterface = settings.getString(Keys.server.httpsBindInterface, null);
 				if (!StringUtils.isEmpty(bindInterface)) {
-					logger.warn(MessageFormat.format("Binding ssl connector on port {0} to {1}",
+					logger.warn(MessageFormat.format("Binding ssl connector on port {0,number,0} to {1}",
 							params.securePort, bindInterface));
 					secureConnector.setHost(bindInterface);
 				}
@@ -209,7 +209,7 @@
 
 		// Root WebApp Context
 		WebAppContext rootContext = new WebAppContext();
-		rootContext.setContextPath("/");
+		rootContext.setContextPath(settings.getString(Keys.server.contextPath, "/"));
 		rootContext.setServer(server);
 		rootContext.setWar(location.toExternalForm());
 		rootContext.setTempDirectory(tempDir);
@@ -288,6 +288,9 @@
 	/**
 	 * Creates an https connector.
 	 * 
+	 * SSL renegotiation will be enabled if the JVM is 1.6.0_22 or later.
+	 * oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html
+	 * 
 	 * @param keystore
 	 * @param password
 	 * @param useNIO
@@ -308,7 +311,24 @@
 			SslSocketConnector ssl = new SslSocketConnector();
 			connector = ssl;
 		}
-		connector.setAllowRenegotiate(false);
+		// disable renegotiation unless this is a patched JVM
+		boolean allowRenegotiation = false;
+		String v = System.getProperty("java.version");
+		if (v.startsWith("1.7")) {
+			allowRenegotiation = true;
+		} else if (v.startsWith("1.6")) {
+			// 1.6.0_22 was first release with RFC-5746 implemented fix.
+			if (v.indexOf('_') > -1) {
+				String b = v.substring(v.indexOf('_') + 1);
+				if (Integer.parseInt(b) >= 22) {
+					allowRenegotiation = true;
+				}
+			}
+		}
+		if (allowRenegotiation) {
+			logger.info("   allowing SSL renegotiation on Java " + v);
+			connector.setAllowRenegotiate(allowRenegotiation);
+		}		
 		connector.setKeystore(keystore.getAbsolutePath());
 		connector.setPassword(password);
 		connector.setPort(port);

--
Gitblit v1.9.1