This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 9d0762e6c0 Remove NPN when using Tomcat Native
9d0762e6c0 is described below
commit 9d0762e6c0a22d2a07e2e674c8ed282191a4f6f2
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 31 09:36:30 2022 +0100
Remove NPN when using Tomcat Native
---
java/org/apache/tomcat/jni/SSL.java | 3 +++
java/org/apache/tomcat/jni/SSLContext.java | 3 +++
.../apache/tomcat/util/net/openssl/OpenSSLContext.java | 1 -
.../org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 15 +--------------
webapps/docs/changelog.xml | 5 +++++
5 files changed, 12 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/tomcat/jni/SSL.java
b/java/org/apache/tomcat/jni/SSL.java
index 797df5293e..652921bf6f 100644
--- a/java/org/apache/tomcat/jni/SSL.java
+++ b/java/org/apache/tomcat/jni/SSL.java
@@ -634,7 +634,10 @@ public final class SSL {
* SSL_get0_next_proto_negotiated
* @param ssl the SSL instance (SSL *)
* @return the NPN protocol negotiated
+ *
+ * @deprecated Unused. Will be removed in Tomcat 10.1.x
*/
+ @Deprecated
public static native String getNextProtoNegotiated(long ssl);
/*
diff --git a/java/org/apache/tomcat/jni/SSLContext.java
b/java/org/apache/tomcat/jni/SSLContext.java
index bb258e7a3a..1363aeaf4b 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -532,7 +532,10 @@ public final class SSLContext {
* @param nextProtos protocols in priority order
* @param selectorFailureBehavior see {@link
SSL#SSL_SELECTOR_FAILURE_NO_ADVERTISE}
* and {@link
SSL#SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL}
+ *
+ * @deprecated Unused. Will be removed in Tomcat 10.1.x
*/
+ @Deprecated
public static native void setNpnProtos(long ctx, String[] nextProtos, int
selectorFailureBehavior);
/**
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index ed0b5afc65..4882a65304 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -390,7 +390,6 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
protocols.add("http/1.1");
String[] protocolsArray = protocols.toArray(new String[0]);
SSLContext.setAlpnProtos(ctx, protocolsArray,
SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
- SSLContext.setNpnProtos(ctx, protocolsArray,
SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
}
// Apply OpenSSLConfCmd if used
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 0a9b4637be..172c6fc366 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -931,9 +931,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
} else {
if (alpn) {
selectedProtocol = SSL.getAlpnSelected(ssl);
- if (selectedProtocol == null) {
- selectedProtocol = SSL.getNextProtoNegotiated(ssl);
- }
}
session.lastAccessedTime = System.currentTimeMillis();
// if SSL_do_handshake returns > 0 it means the handshake was
finished. This means we can update
@@ -1069,9 +1066,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
(SSL.getPostHandshakeAuthInProgress(ssl) == 0)) {
if (alpn) {
selectedProtocol = SSL.getAlpnSelected(ssl);
- if (selectedProtocol == null) {
- selectedProtocol = SSL.getNextProtoNegotiated(ssl);
- }
}
session.lastAccessedTime = System.currentTimeMillis();
version = SSL.getVersion(ssl);
@@ -1422,14 +1416,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
public String getProtocol() {
String applicationProtocol =
OpenSSLEngine.this.applicationProtocol;
if (applicationProtocol == null) {
- synchronized (OpenSSLEngine.this) {
- if (!destroyed) {
- applicationProtocol = SSL.getNextProtoNegotiated(ssl);
- }
- }
- if (applicationProtocol == null) {
- applicationProtocol = fallbackApplicationProtocol;
- }
+ applicationProtocol = fallbackApplicationProtocol;
if (applicationProtocol != null) {
OpenSSLEngine.this.applicationProtocol =
applicationProtocol.replace(':', '_');
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c740083b9d..7c3b3d11a6 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -152,6 +152,11 @@
private keys in the previous release that broke support for unencrypted
PKCS#1 formatted private keys. (jfclere/markt)
</add>
+ <update>
+ Remove support for NPN when using the Tomcat Native Connector as NPN
was
+ never standardised and browser support for NPN was removed several
years
+ ago. (markt)
+ </update>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
