This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 8827c8ba54 Tomcat Native 2.x onwards will require SSL
8827c8ba54 is described below
commit 8827c8ba544f617ae22fe3bc94694733cc52b113
Author: Mark Thomas <[email protected]>
AuthorDate: Tue May 31 21:02:33 2022 +0100
Tomcat Native 2.x onwards will require SSL
---
java/org/apache/catalina/core/AprLifecycleListener.java | 11 +++++++++++
java/org/apache/catalina/core/LocalStrings.properties | 1 +
webapps/docs/config/listeners.xml | 3 +++
3 files changed, 15 insertions(+)
diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java
b/java/org/apache/catalina/core/AprLifecycleListener.java
index d16f7fea30..f8656c37f4 100644
--- a/java/org/apache/catalina/core/AprLifecycleListener.java
+++ b/java/org/apache/catalina/core/AprLifecycleListener.java
@@ -221,6 +221,17 @@ public class AprLifecycleListener implements
LifecycleListener {
log.warn(sm.getString("aprListener.aprInitError", t.getMessage()),
t);
return;
}
+ if (major > 1 && "off".equalsIgnoreCase(SSLEngine)) {
+ log.error(sm.getString("aprListener.sslRequired", SSLEngine,
Library.versionString()));
+ try {
+ // Tomcat Native 2.x onwards requires SSL
+ terminateAPR();
+ } catch (Throwable t) {
+ t = ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(t);
+ }
+ return;
+ }
if (apver < rqver) {
log.error(sm.getString("aprListener.tcnInvalid",
Library.versionString(),
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index d3739b6b66..da364dc716 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -83,6 +83,7 @@ aprListener.initializingFIPS=Initializing FIPS mode...
aprListener.requireNotInFIPSMode=AprLifecycleListener is configured to require
the library to already be in FIPS mode, but it was not in FIPS mode
aprListener.skipFIPSInitialization=Already in FIPS mode; skipping FIPS
initialization.
aprListener.sslInit=Failed to initialize the SSLEngine.
+aprListener.sslRequired=[{0}] is not a valid value for SSLEngine when using
version [{1}] of the Tomcat Native library since SSL is required for version
2.x onwards.
aprListener.tcnInvalid=An incompatible version [{0}] of the Apache Tomcat
Native library is installed, while Tomcat requires version [{1}]
aprListener.tcnValid=Loaded Apache Tomcat Native library [{0}] using APR
version [{1}].
aprListener.tcnVersion=An older version [{0}] of the Apache Tomcat Native
library is installed, while Tomcat recommends a minimum version of [{1}]
diff --git a/webapps/docs/config/listeners.xml
b/webapps/docs/config/listeners.xml
index 878d44918f..af09bdebc7 100644
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -103,6 +103,9 @@
<p>See the <a href="http://www.openssl.org/";>Official OpenSSL
website</a>
for more details on supported SSL hardware engines and manufacturers.
</p>
+ <p>Tomcat Native 2.x onwards requires SSL so if SSLEngine is set to
+ <code>off</code> when using Tomcat Native 2.x onwards, the APR/native
+ library will be disabled.</p>
</attribute>
<attribute name="SSLRandomSeed" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
