add documentation for ssl-reload, change exception message in SslCont…

…extFactory Signed-off-by: Lachlan Roberts <[email protected]>
jetty · Jul 15, 2020 · 0f7d99c · 0f7d99c
1 parent c40ba69
commit 0f7d99c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/jetty-documentation/src/main/asciidoc/configuring/connectors/configuring-ssl.adoc b/jetty-documentation/src/main/asciidoc/configuring/connectors/configuring-ssl.adoc
@@ -989,3 +989,15 @@ As a reminder, when configuring your includes/excludes, *excludes always win*.
 
 Dumps can be configured as part of the `jetty.xml` configuration for your server.
 Please see the documentation on the link:#jetty-dump-tool[Jetty Dump Tool] for more information.
+
+
+==== SslContextFactory KeyStore Reload
+
+Jetty can be configured to monitor the directory of the KeyStore file specified in the SslContextFactory, and reload the
+SslContextFactory if any changes are detected to the KeyStore file.
+
+If changes need to be done to other file such as the TrustStore file, this must be done before the change to the Keystore
+file which will then trigger the `SslContextFactory` reload.
+
+With the Jetty distribution this feature can be used by simply activating the `ssl-reload` startup module.
+For embedded usage the `KeyStoreScanner` should be created given the `SslContextFactory` and added as a bean on the Server.
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -1132,7 +1132,7 @@ public SSLContext getSslContext()
         synchronized (this)
         {
             if (_factory == null)
-                throw new IllegalStateException("reload failed SslContext unavailable");
+                throw new IllegalStateException("SslContextFactory reload failed");
 
             return _factory._context;
         }
@@ -1536,7 +1536,7 @@ public KeyStore getKeyStore()
         synchronized (this)
         {
             if (_factory == null)
-                throw new IllegalStateException("reload failed KeyStore unavailable");
+                throw new IllegalStateException("SslContextFactory reload failed");
 
             return _factory._keyStore;
         }
@@ -1560,7 +1560,7 @@ public KeyStore getTrustStore()
         synchronized (this)
         {
             if (_factory == null)
-                throw new IllegalStateException("reload failed TrustStore unavailable");
+                throw new IllegalStateException("SslContextFactory reload failed");
 
             return _factory._trustStore;
         }