[tomcat] branch main updated: ALPN support will always be available with TLS on Java 11+

markt Wed, 28 Jul 2021 05:25:30 -0700

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/main by this push:
     new e5f3408  ALPN support will always be available with TLS on Java 11+
e5f3408 is described below

commit e5f340843f746443f4b9b299822101c632473aab
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jul 28 13:25:13 2021 +0100

    ALPN support will always be available with TLS on Java 11+
---
 .../apache/coyote/http11/AbstractHttp11Protocol.java |  3 ++-
 .../org/apache/tomcat/util/net/AbstractEndpoint.java | 10 ----------
 .../apache/tomcat/util/net/AbstractJsseEndpoint.java | 20 --------------------
 java/org/apache/tomcat/util/net/AprEndpoint.java     | 10 ----------
 .../apache/tomcat/util/net/SSLImplementation.java    |  2 --
 .../tomcat/util/net/jsse/JSSEImplementation.java     |  6 ------
 .../util/net/openssl/OpenSSLImplementation.java      |  6 ------
 7 files changed, 2 insertions(+), 55 deletions(-)

diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 
b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
index abcec73..1051266 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -518,7 +518,8 @@ public abstract class AbstractHttp11Protocol<S> extends 
AbstractProtocol<S> {
         // ALPN
         String alpnName = upgradeProtocol.getAlpnName();
         if (alpnName != null && alpnName.length() > 0) {
-            if (getEndpoint().isAlpnSupported()) {
+            // ALPN is only available with TLS
+            if (getEndpoint().isSSLEnabled()) {
                 negotiatedProtocols.put(alpnName, upgradeProtocol);
                 getEndpoint().addNegotiatedProtocol(alpnName);
                 
getLog().info(sm.getString("abstractHttp11Protocol.alpnConfigured",
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 437e1da..2938135 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -678,16 +678,6 @@ public abstract class AbstractEndpoint<S,U> {
     public boolean isSSLEnabled() { return SSLEnabled; }
     public void setSSLEnabled(boolean SSLEnabled) { this.SSLEnabled = 
SSLEnabled; }
 
-    /**
-     * Identifies if the endpoint supports ALPN. Note that a return value of
-     * <code>true</code> implies that {@link #isSSLEnabled()} will also return
-     * <code>true</code>.
-     *
-     * @return <code>true</code> if the endpoint supports ALPN in its current
-     *         configuration, otherwise <code>false</code>.
-     */
-    public abstract boolean isAlpnSupported();
-
     private int minSpareThreads = 10;
     public void setMinSpareThreads(int minSpareThreads) {
         this.minSpareThreads = minSpareThreads;
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index 620c279..b28f1e2 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -190,26 +190,6 @@ public abstract class AbstractJsseEndpoint<S,U> extends 
AbstractEndpoint<S,U> {
 
 
     @Override
-    public boolean isAlpnSupported() {
-        // ALPN requires TLS so if TLS is not enabled, ALPN cannot be supported
-        if (!isSSLEnabled()) {
-            return false;
-        }
-
-        // Depends on the SSLImplementation.
-        SSLImplementation sslImplementation;
-        try {
-            sslImplementation = 
SSLImplementation.getInstance(getSslImplementationName());
-        } catch (ClassNotFoundException e) {
-            // Ignore the exception. It will be logged when trying to start the
-            // end point.
-            return false;
-        }
-        return sslImplementation.isAlpnSupported();
-    }
-
-
-    @Override
     public void unbind() throws Exception {
         for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
             for (SSLHostConfigCertificate certificate : 
sslHostConfig.getCertificates()) {
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java 
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 3682e55..bf24e6b 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -493,16 +493,6 @@ public class AprEndpoint extends 
AbstractEndpoint<Long,Long> implements SNICallB
     }
 
 
-
-    @Override
-    public boolean isAlpnSupported() {
-        // The APR/native connector always supports ALPN if TLS is in use
-        // because OpenSSL supports ALPN. Therefore, this is equivalent to
-        // testing of SSL is enabled.
-        return isSSLEnabled();
-    }
-
-
     /**
      * Start the APR endpoint, creating acceptor, poller and sendfile threads.
      */
diff --git a/java/org/apache/tomcat/util/net/SSLImplementation.java 
b/java/org/apache/tomcat/util/net/SSLImplementation.java
index c1a769f..8f9dfd0 100644
--- a/java/org/apache/tomcat/util/net/SSLImplementation.java
+++ b/java/org/apache/tomcat/util/net/SSLImplementation.java
@@ -79,6 +79,4 @@ public abstract class SSLImplementation {
     public abstract SSLSupport getSSLSupport(SSLSession session, 
Map<String,List<String>> additionalAttributes);
 
     public abstract SSLUtil getSSLUtil(SSLHostConfigCertificate certificate);
-
-    public abstract boolean isAlpnSupported();
 }
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java 
b/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
index be5422b..2004dda 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
@@ -21,7 +21,6 @@ import java.util.Map;
 
 import javax.net.ssl.SSLSession;
 
-import org.apache.tomcat.util.compat.JreCompat;
 import org.apache.tomcat.util.net.SSLHostConfigCertificate;
 import org.apache.tomcat.util.net.SSLImplementation;
 import org.apache.tomcat.util.net.SSLSupport;
@@ -52,9 +51,4 @@ public class JSSEImplementation extends SSLImplementation {
     public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) {
         return new JSSEUtil(certificate);
     }
-
-    @Override
-    public boolean isAlpnSupported() {
-        return JreCompat.isAlpnSupported();
-    }
 }
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
index b32b86c..d496e7d 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
@@ -38,10 +38,4 @@ public class OpenSSLImplementation extends SSLImplementation 
{
     public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) {
         return new OpenSSLUtil(certificate);
     }
-
-    @Override
-    public boolean isAlpnSupported() {
-        // OpenSSL supported ALPN
-        return true;
-    }
 }

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: ALPN support will always be available with TLS on Java 11+

Reply via email to