[tomcat] 01/02: Remove NPN when using Tomcat Native

Tue, 31 May 2022 01:39:31 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b86f4c1f3ad50a303104bfdc59576638049e56fe
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 31 09:36:30 2022 +0100

    Remove NPN when using Tomcat Native
---
 java/org/apache/tomcat/jni/SSL.java                       |  3 +++
 java/org/apache/tomcat/jni/SSLContext.java                |  3 +++
 .../apache/tomcat/util/net/openssl/OpenSSLContext.java    |  1 -
 .../org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 15 +--------------
 webapps/docs/changelog.xml                                |  5 +++++
 5 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/java/org/apache/tomcat/jni/SSL.java 
b/java/org/apache/tomcat/jni/SSL.java
index 797df5293e..652921bf6f 100644
--- a/java/org/apache/tomcat/jni/SSL.java
+++ b/java/org/apache/tomcat/jni/SSL.java
@@ -634,7 +634,10 @@ public final class SSL {
      * SSL_get0_next_proto_negotiated
      * @param ssl the SSL instance (SSL *)
      * @return the NPN protocol negotiated
+     *
+     * @deprecated Unused. Will be removed in Tomcat 10.1.x
      */
+    @Deprecated
     public static native String getNextProtoNegotiated(long ssl);
 
     /*
diff --git a/java/org/apache/tomcat/jni/SSLContext.java 
b/java/org/apache/tomcat/jni/SSLContext.java
index bb258e7a3a..1363aeaf4b 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -532,7 +532,10 @@ public final class SSLContext {
      * @param nextProtos protocols in priority order
      * @param selectorFailureBehavior see {@link 
SSL#SSL_SELECTOR_FAILURE_NO_ADVERTISE}
      *                                and {@link 
SSL#SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL}
+     *
+     * @deprecated Unused. Will be removed in Tomcat 10.1.x
      */
+    @Deprecated
     public static native void setNpnProtos(long ctx, String[] nextProtos, int 
selectorFailureBehavior);
 
     /**
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index eb5056e0c3..9f09959e7a 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -392,7 +392,6 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                 protocols.add("http/1.1");
                 String[] protocolsArray = protocols.toArray(new String[0]);
                 SSLContext.setAlpnProtos(state.ctx, protocolsArray, 
SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
-                SSLContext.setNpnProtos(state.ctx, protocolsArray, 
SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
             }
 
             // Apply OpenSSLConfCmd if used
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index ed48e7afed..9fe686785e 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -931,9 +931,6 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
         } else {
             if (alpn) {
                 selectedProtocol = SSL.getAlpnSelected(state.ssl);
-                if (selectedProtocol == null) {
-                    selectedProtocol = SSL.getNextProtoNegotiated(state.ssl);
-                }
             }
             session.lastAccessedTime = System.currentTimeMillis();
             // if SSL_do_handshake returns > 0 it means the handshake was 
finished. This means we can update
@@ -1069,9 +1066,6 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
                     (SSL.getPostHandshakeAuthInProgress(state.ssl) == 0)) {
                 if (alpn) {
                     selectedProtocol = SSL.getAlpnSelected(state.ssl);
-                    if (selectedProtocol == null) {
-                        selectedProtocol = 
SSL.getNextProtoNegotiated(state.ssl);
-                    }
                 }
                 session.lastAccessedTime = System.currentTimeMillis();
                 version = SSL.getVersion(state.ssl);
@@ -1416,14 +1410,7 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
         public String getProtocol() {
             String applicationProtocol = 
OpenSSLEngine.this.applicationProtocol;
             if (applicationProtocol == null) {
-                synchronized (OpenSSLEngine.this) {
-                    if (!destroyed) {
-                        applicationProtocol = 
SSL.getNextProtoNegotiated(state.ssl);
-                    }
-                }
-                if (applicationProtocol == null) {
-                    applicationProtocol = fallbackApplicationProtocol;
-                }
+                applicationProtocol = fallbackApplicationProtocol;
                 if (applicationProtocol != null) {
                     OpenSSLEngine.this.applicationProtocol = 
applicationProtocol.replace(':', '_');
                 } else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7aa3d424e9..3f4c2e9ad2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -157,6 +157,11 @@
         private keys in the previous release that broke support for unencrypted
         PKCS#1 formatted private keys. (jfclere/markt)
       </add>
+      <update>
+        Remove support for NPN when using the Tomcat Native Connector as NPN 
was
+        never standardised and browser support for NPN was removed several 
years
+        ago. (markt)
+      </update>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to