Merge remote-tracking branch 'torusrxxx/SSL' into next

hyphanet · Jan 6, 2025 · 3a315f8 · 3a315f8
2 parents c556b9b + 2a23886
commit 3a315f8
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 7 deletions.
diff --git a/src/freenet/clients/http/ToadletContextImpl.java b/src/freenet/clients/http/ToadletContextImpl.java
@@ -440,11 +440,6 @@ static void sendReplyHeaders(
 		mvt.put("x-content-security-policy", contentSecurityPolicy);
 		mvt.put("x-webkit-csp", contentSecurityPolicy);
 		mvt.put("x-frame-options", allowFrames ? "SAMEORIGIN" : "DENY");
-		String HSTS = SSL.getHSTSHeader();
-		if(!HSTS.isEmpty() && !mvt.containsKey("strict-transport-security")) {
-			// SSL enabled, set strict-transport-security so that the user agent upgrade future requests to SSL.
-			mvt.put("strict-transport-security", HSTS);
-		}
 		StringBuilder buf = new StringBuilder(1024);
 		buf.append("HTTP/1.1 ");
 		buf.append(replyCode);

diff --git a/src/freenet/crypt/SSL.java b/src/freenet/crypt/SSL.java
@@ -86,7 +86,7 @@ public static boolean available() {
 	}
 
 	public static String getHSTSHeader() {
-		if(available() && HSTSMaxAge > 0)
+		if(enable && available() && HSTSMaxAge > 0)
 			return "max-age=" + HSTSMaxAge;
 		else
 			return "";
@@ -119,11 +119,16 @@ public void set(Boolean newValue) throws InvalidConfigValueException {
 							} catch(Exception e) {
 								enable = false;
 								e.printStackTrace(System.out);
+								Logger.error(this, "SSL could not be enabled", e);
 								throwConfigError("SSL could not be enabled", e);
 							}
 						else {
 							ssf = null;
-							keyStore = null;
+							try {
+								keystore.load(null, keyStorePass.toCharArray());
+							} catch (Exception e) {
+								// Just clear the key store
+							}
 						}
 					}
 				}
@@ -147,6 +152,7 @@ public void set(String newKeyStore) throws InvalidConfigValueException {
 						} catch(Exception e) {
 							keyStore = oldKeyStore;
 							e.printStackTrace(System.out);
+							Logger.error(this, "Keystore file could not be changed", e);
 							throwConfigError("Keystore file could not be changed", e);
 						}
 					}
@@ -171,6 +177,7 @@ public void set(String newKeyStorePass) throws InvalidConfigValueException {
 						} catch(Exception e) {
 							keyStorePass = oldKeyStorePass;
 							e.printStackTrace(System.out);
+							Logger.error(this, "Keystore password could not be changed", e);
 							throwConfigError("Keystore password could not be changed", e);
 						}
 					}
@@ -198,6 +205,7 @@ public void set(String newKeyPass) throws InvalidConfigValueException {
 						} catch(Exception e) {
 							keyPass = oldKeyPass;
 							e.printStackTrace(System.out);
+							Logger.error(this, "Private key password could not be changed", e);
 							throwConfigError("Private key password could not be changed", e);
 						}
 					}