From f762b160efd5cafd919a6fd7f9587f578eceb454 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sun, 02 Oct 2011 16:59:44 -0400
Subject: [PATCH] Merge branch 'master' into rpc

---
 src/com/gitblit/GitBlitServer.java |   49 +++++++++++++++++++++++++++++++++++++++++++++----
 1 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/src/com/gitblit/GitBlitServer.java b/src/com/gitblit/GitBlitServer.java
index 61f681f..204ae4d 100644
--- a/src/com/gitblit/GitBlitServer.java
+++ b/src/com/gitblit/GitBlitServer.java
@@ -65,7 +65,7 @@
 
 	private static Logger logger;
 
-	public static void main(String[] args) {
+	public static void main(String... args) {
 		Params params = new Params();
 		JCommander jc = new JCommander(params);
 		try {
@@ -151,6 +151,9 @@
 						params.port, bindInterface));
 				httpConnector.setHost(bindInterface);
 			}
+			if (params.port < 1024 && !isWindows()) {
+				logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
+			}
 			connectors.add(httpConnector);
 		}
 
@@ -170,6 +173,9 @@
 					logger.warn(MessageFormat.format("Binding ssl connector on port {0} to {1}",
 							params.securePort, bindInterface));
 					secureConnector.setHost(bindInterface);
+				}
+				if (params.securePort < 1024 && !isWindows()) {
+					logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
 				}
 				connectors.add(secureConnector);
 			} else {
@@ -231,7 +237,7 @@
 
 		// Setup the GitBlit context
 		GitBlit gitblit = GitBlit.self();
-		gitblit.configureContext(settings);
+		gitblit.configureContext(settings, true);
 		rootContext.addEventListener(gitblit);
 
 		try {
@@ -255,7 +261,7 @@
 	 * 
 	 * @param useNIO
 	 * @param port
-	 * @return an http cnonector
+	 * @return an http connector
 	 */
 	private static Connector createConnector(boolean useNIO, int port) {
 		Connector connector;
@@ -273,11 +279,17 @@
 
 		connector.setPort(port);
 		connector.setMaxIdleTime(30000);
+		if (port < 1024 && !isWindows()) {
+			logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
+		}
 		return connector;
 	}
 
 	/**
 	 * Creates an https connector.
+	 * 
+	 * SSL renegotiation will be enabled if the JVM is 1.6.0_22 or later.
+	 * oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html
 	 * 
 	 * @param keystore
 	 * @param password
@@ -299,12 +311,38 @@
 			SslSocketConnector ssl = new SslSocketConnector();
 			connector = ssl;
 		}
-		connector.setAllowRenegotiate(false);
+		// disable renegotiation unless this is a patched JVM
+		boolean allowRenegotiation = false;
+		String v = System.getProperty("java.version");
+		if (v.startsWith("1.7")) {
+			allowRenegotiation = true;
+		} else if (v.startsWith("1.6")) {
+			// 1.6.0_22 was first release with RFC-5746 implemented fix.
+			if (v.indexOf('_') > -1) {
+				String b = v.substring(v.indexOf('_') + 1);
+				if (Integer.parseInt(b) >= 22) {
+					allowRenegotiation = true;
+				}
+			}
+		}
+		if (allowRenegotiation) {
+			logger.info("   allowing SSL renegotiation on Java " + v);
+		}
+		connector.setAllowRenegotiate(true);
 		connector.setKeystore(keystore.getAbsolutePath());
 		connector.setPassword(password);
 		connector.setPort(port);
 		connector.setMaxIdleTime(30000);
 		return connector;
+	}
+
+	/**
+	 * Tests to see if the operating system is Windows.
+	 * 
+	 * @return true if this is a windows machine
+	 */
+	private static boolean isWindows() {
+		return System.getProperty("os.name").toLowerCase().indexOf("windows") > -1;
 	}
 
 	/**
@@ -358,6 +396,9 @@
 		}
 	}
 
+	/**
+	 * JCommander Parameters class for GitBlitServer.
+	 */
 	@Parameters(separators = " ")
 	private static class Params {
 

--
Gitblit v1.9.1