[tomcat] branch master updated: Fix ALPN negotiation with JSSE

Wed, 27 Mar 2019 08:38:40 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new a938b51  Fix ALPN negotiation with JSSE
a938b51 is described below

commit a938b5118c9ee7aa69c66cc2f0b6d7ff1122d2be
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Mar 27 15:35:33 2019 +0000

    Fix ALPN negotiation with JSSE
    
    When using a JSSE TLS connector that supported ALPN (Java 9 onwards) and
    a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and
    instead dropped the connection.
---
 java/org/apache/coyote/AbstractProtocol.java | 4 +++-
 webapps/docs/changelog.xml                   | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/coyote/AbstractProtocol.java 
b/java/org/apache/coyote/AbstractProtocol.java
index 6b9dbea..51bdb3b 100644
--- a/java/org/apache/coyote/AbstractProtocol.java
+++ b/java/org/apache/coyote/AbstractProtocol.java
@@ -777,7 +777,9 @@ public abstract class AbstractProtocol<S> implements 
ProtocolHandler,
             try {
                 if (processor == null) {
                     String negotiatedProtocol = 
wrapper.getNegotiatedProtocol();
-                    if (negotiatedProtocol != null) {
+                    // OpenSSL typically returns null whereas JSSE typically
+                    // returns "" when no protocol is negotiated
+                    if (negotiatedProtocol != null && 
negotiatedProtocol.length() > 0) {
                         UpgradeProtocol upgradeProtocol =
                                 
getProtocol().getNegotiatedProtocol(negotiatedProtocol);
                         if (upgradeProtocol != null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index fd00294..d5a53fa 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,11 @@
       <fix>
         Harmonize NIO2 isReadyForWrite with isReadyForRead code. (remm)
       </fix>
+      <fix>
+        When using a JSSE TLS connector that supported ALPN (Java 9 onwards) 
and
+        a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 
and
+        instead dropped the connection. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to