From 2fb6ebe88a6eb3d0bf565e212abf79c71da37ae2 Mon Sep 17 00:00:00 2001 From: reger Date: Wed, 29 Jul 2015 23:30:05 +0200 Subject: [PATCH] move java environment parameter setting disabling SNI (Server Name Indicator) support for https connections from code to startup script allowing admin to ~easy/transparent alter the YaCy default FALSE setting. Background: some user report problem with connecting/crawling some sites via https which require SNI support (by default switched off in YaCy). On the other hand systems not demanding SNI support are sometimes not properly configured and due to a bug/feature in java 1.7 connection is aborted. The later is more often the case, so the default is still fine. With the java start parameter expert user can no alter the startparameter to -Djsse.enableSNIExtension=true (java default) if they crawl more hosts requiring SNI support. The alternative to let YaCy try both during https handshake (deep inside the httpclient) is not pursut at this time. --- source/net/yacy/yacy.java | 2 -- startYACY.bat | 4 +++- startYACY.sh | 4 +++- startYACY_debug.bat | 4 +++- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/source/net/yacy/yacy.java b/source/net/yacy/yacy.java index b823366c3..4726fde80 100644 --- a/source/net/yacy/yacy.java +++ b/source/net/yacy/yacy.java @@ -598,8 +598,6 @@ public final class yacy { public static void main(String args[]) { try { - System.setProperty("jsse.enableSNIExtension", "false"); // fix a ssl problem in Java 1.7, see http://teknosrc.com/javax-net-ssl-sslprotocolexception-handshake-alert-unrecognized_name-solved/ - // check assertion status //ClassLoader.getSystemClassLoader().setDefaultAssertionStatus(true); boolean assertionenabled = false; diff --git a/startYACY.bat b/startYACY.bat index 205b6b1f5..eaef4c6da 100644 --- a/startYACY.bat +++ b/startYACY.bat @@ -18,7 +18,9 @@ if exist DATA\SETTINGS\httpProxy.conf GoTo :RENAMEINDEX if exist DATA\SETTINGS\yacy.conf GoTo :GETSTARTOPTS :STARTJAVA -set javacmd=%javacmd% -Djava.awt.headless=true -Dsolr.directoryFactory=solr.MMapDirectoryFactory -Dfile.encoding=UTF-8 +set javacmd=%javacmd% -Djava.awt.headless=true -Dsolr.directoryFactory=solr.MMapDirectoryFactory -Dfile.encoding=UTF-8 -Djsse.enableSNIExtension=false +Rem -Djsse.enableSNIExtension=false fix a ssl problem in Java 1.7, see http://teknosrc.com/javax-net-ssl-sslprotocolexception-handshake-alert-unrecognized_name-solved/ + Rem Starting YaCy Echo Generated classpath:%CLASSPATH% Echo JRE Parameters:%javacmd% diff --git a/startYACY.sh b/startYACY.sh index bacf6c649..7598d7618 100755 --- a/startYACY.sh +++ b/startYACY.sh @@ -6,7 +6,9 @@ PIDFILE="yacy.pid" OS="`uname`" #get javastart args -JAVA_ARGS="-server -Djava.awt.headless=true -Dfile.encoding=UTF-8"; +JAVA_ARGS="-server -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djsse.enableSNIExtension=false"; +#rem -Djsse.enableSNIExtension=false fix a ssl problem in Java 1.7, see http://teknosrc.com/javax-net-ssl-sslprotocolexception-handshake-alert-unrecognized_name-solved/ + #JAVA_ARGS="-verbose:gc -XX:+PrintGCTimeStamps -XX:+PrintGCDetails $JAVA_ARGS"; #check if OS is Sun Solaris or one of the OpenSolaris distributions and use different version of id if necessary diff --git a/startYACY_debug.bat b/startYACY_debug.bat index 28bafe8be..94986af98 100644 --- a/startYACY_debug.bat +++ b/startYACY_debug.bat @@ -17,7 +17,9 @@ if exist DATA\SETTINGS\httpProxy.conf GoTo :RENAMEINDEX if exist DATA\SETTINGS\yacy.conf GoTo :GETSTARTOPTS :STARTJAVA -set javacmd=%javacmd% -XX:-UseGCOverheadLimit -Djava.awt.headless=true -Dfile.encoding=UTF-8 +set javacmd=%javacmd% -XX:-UseGCOverheadLimit -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djsse.enableSNIExtension=false +Rem -Djsse.enableSNIExtension=false fix a ssl problem in Java 1.7, see http://teknosrc.com/javax-net-ssl-sslprotocolexception-handshake-alert-unrecognized_name-solved/ + Rem Starting YaCy Echo Generated classpath:%CLASSPATH% Echo JRE Parameters:%javacmd%