Merge branch 'master' into es17.05

library/server/authentication/http_authorization/src/http_authorization.e

@@ -76,13 +76,13 @@ feature -- Initialization
 			a_http_authorization /= Void implies http_authorization /= Void
 		end
 
-	make_basic_auth (u: READABLE_STRING_32; p: READABLE_STRING_32)
+	make_basic_auth (u: READABLE_STRING_GENERAL; p: READABLE_STRING_GENERAL)
 			-- Create a Basic authentication.
 		do
 			make_custom_auth (u, p, Basic_auth_type)
 		end
 
-	make_custom_auth (u: READABLE_STRING_32; p: READABLE_STRING_32; a_type: READABLE_STRING_8)
+	make_custom_auth (u: READABLE_STRING_GENERAL; p: READABLE_STRING_GENERAL; a_type: READABLE_STRING_8)
 			-- Create a custom `a_type' authentication.
 		require
 			a_type_accepted: a_type.is_case_insensitive_equal (Basic_auth_type)
@@ -90,15 +90,20 @@ feature -- Initialization
 		local
 			t: STRING_8
 			utf: UTF_CONVERTER
+			s: STRING_32
 		do
-			login := u
-			password := p
+			create login.make_from_string_general (u)
+			create password.make_from_string_general (p)
 			create t.make_from_string (a_type)
 			t.left_adjust; t.right_adjust
 			type := t
 			if t.is_case_insensitive_equal (Basic_auth_type) then
 				type := Basic_auth_type
-				create http_authorization.make_from_string ("Basic " + (create {BASE64}).encoded_string (utf.string_32_to_utf_8_string_8 (u + {STRING_32} ":" + p)))
+				create s.make_from_string_general (u)
+				s.extend (':')
+				s.append_string_general (p)
+				create http_authorization.make_from_string ("Basic " + (create {BASE64}).encoded_string (utf.string_32_to_utf_8_string_8 (s)))
+
 			elseif t.is_case_insensitive_equal (Digest_auth_type) then
 				type := Digest_auth_type
 				to_implement ("HTTP Authorization %""+ t +"%", not yet implemented")
@@ -115,9 +120,9 @@ feature -- Access
 
 	type: READABLE_STRING_8
 
-	login: detachable READABLE_STRING_32
+	login: detachable IMMUTABLE_STRING_32
 
-	password: detachable READABLE_STRING_32
+	password: detachable IMMUTABLE_STRING_32
 
 feature -- Status report
 

library/server/httpd/configuration/httpd_configuration_i.e

@@ -167,7 +167,7 @@ feature -- Element change
 		end
 
 	set_socket_timeout (a_nb_seconds: like socket_timeout)
-			-- Set `socket_timeout' with `a_nb_seconds'
+			-- Set `socket_timeout' with `a_nb_seconds'.
 		do
 			socket_timeout := a_nb_seconds
 		ensure
@@ -175,7 +175,7 @@ feature -- Element change
 		end
 
 	set_socket_recv_timeout (a_nb_seconds: like socket_recv_timeout)
-			-- Set `socket_recv_timeout' with `a_nb_seconds'
+			-- Set `socket_recv_timeout' with `a_nb_seconds'.
 		do
 			socket_recv_timeout := a_nb_seconds
 		ensure
@@ -183,7 +183,7 @@ feature -- Element change
 		end
 
 	set_keep_alive_timeout (a_seconds: like keep_alive_timeout)
-			-- Set `keep_alive_timeout' with `a_seconds'
+			-- Set `keep_alive_timeout' with `a_seconds'.
 		do
 			keep_alive_timeout := a_seconds
 		ensure
@@ -191,7 +191,7 @@ feature -- Element change
 		end
 
 	set_max_keep_alive_requests (nb: like max_keep_alive_requests)
-			-- Set `max_keep_alive_requests' with `nb'
+			-- Set `max_keep_alive_requests' with `nb'.
 		do
 			max_keep_alive_requests := nb
 		ensure
@@ -254,7 +254,7 @@ feature -- Element change
 		end
 
 	mark_secure
-			-- Set is_secure in True
+			-- Set is_secure in True.
 		do
 			set_is_secure (True)
 		ensure
@@ -287,7 +287,7 @@ feature -- Element change
 		end
 
 	set_secure_protocol (a_version: NATURAL)
-			-- Set `secure_protocol' with `a_version'
+			-- Set `secure_protocol' with `a_version'.
 		do
 			secure_protocol := a_version
 		ensure
@@ -295,7 +295,7 @@ feature -- Element change
 		end
 
 	set_secure_protocol_from_string (a_ssl_version: READABLE_STRING_GENERAL)
-			-- Set `secure_protocol' with `a_ssl_version'
+			-- Set `secure_protocol' with `a_ssl_version'.
 		do
 			if a_ssl_version.is_case_insensitive_equal ("ssl_2_3") then
 				set_secure_protocol_to_ssl_2_or_3
@@ -316,6 +316,8 @@ feature -- SSL Helpers
 
 	set_secure_protocol_to_ssl_2_or_3
 			-- Set `secure_protocol' with `Ssl_23'.
+		obsolete
+			"Use set_secure_protocol_to_tls_1_2 [2017-06-23]."
 		deferred
 		end
 

library/server/httpd/ssl/httpd_configuration.e

@@ -36,9 +36,16 @@ feature -- Access
 feature -- SSL Helpers
 
 	set_secure_protocol_to_ssl_2_or_3
-			-- Set `secure_protocol' with `Ssl_23'.
+			-- Set `ssl_protocol' with `Ssl_23'.
+			-- Protocol not supported anymore.
+		obsolete
+			"Use set_secure_protocol_to_tls_1_2 [2017-06-23]."
+		local
+			err: DEVELOPER_EXCEPTION
 		do
-			set_secure_protocol ({SSL_PROTOCOL}.Ssl_23)
+			create err
+			err.set_description ("SSL_2 or SSL_3 are not supported anymore, upgrate to TLS set_secure_protocol_to_tls_1_2")
+			err.raise
 		end
 
 	set_secure_protocol_to_tls_1_0
@@ -67,7 +74,7 @@ feature -- SSL Helpers
 
 
 note
-	copyright: "2011-2014, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
+	copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
 	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
 	source: "[
 			Eiffel Software