This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 19e66ad3ad Tomcat Native 2.x onwards will require SSL
19e66ad3ad is described below
commit 19e66ad3adaa275081b5473c959486de9c3ab379
Author: Mark Thomas <[email protected]>
AuthorDate: Tue May 31 21:02:33 2022 +0100
Tomcat Native 2.x onwards will require SSL
---
java/org/apache/catalina/core/AprLifecycleListener.java | 11 +++++++++++
java/org/apache/catalina/core/LocalStrings.properties | 1 +
webapps/docs/config/listeners.xml | 3 +++
3 files changed, 15 insertions(+)
diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java
b/java/org/apache/catalina/core/AprLifecycleListener.java
index 4fdbc6c500..49c5f58d8e 100644
--- a/java/org/apache/catalina/core/AprLifecycleListener.java
+++ b/java/org/apache/catalina/core/AprLifecycleListener.java
@@ -227,6 +227,17 @@ public class AprLifecycleListener implements
LifecycleListener {
log.warn(sm.getString("aprListener.aprInitError", t.getMessage()),
t);
return;
}
+ if (major > 1 && "off".equalsIgnoreCase(SSLEngine)) {
+ log.error(sm.getString("aprListener.sslRequired", SSLEngine,
Library.versionString()));
+ try {
+ // Tomcat Native 2.x onwards requires SSL
+ terminateAPR();
+ } catch (Throwable t) {
+ t = ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(t);
+ }
+ return;
+ }
if (apver < rqver) {
log.error(sm.getString("aprListener.tcnInvalid",
Library.versionString(),
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index 8e10444ba9..823718ee70 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -84,6 +84,7 @@ aprListener.initializingFIPS=Initializing FIPS mode...
aprListener.requireNotInFIPSMode=AprLifecycleListener is configured to require
the library to already be in FIPS mode, but it was not in FIPS mode
aprListener.skipFIPSInitialization=Already in FIPS mode; skipping FIPS
initialization.
aprListener.sslInit=Failed to initialize the SSLEngine.
+aprListener.sslRequired=[{0}] is not a valid value for SSLEngine when using
version [{1}] of the Tomcat Native library since SSL is required for version
2.x onwards.
aprListener.tcnInvalid=An incompatible version [{0}] of the Apache Tomcat
Native library is installed, while Tomcat requires version [{1}]
aprListener.tcnValid=Loaded Apache Tomcat Native library [{0}] using APR
version [{1}].
aprListener.tcnVersion=An older version [{0}] of the Apache Tomcat Native
library is installed, while Tomcat recommends a minimum version of [{1}]
diff --git a/webapps/docs/config/listeners.xml
b/webapps/docs/config/listeners.xml
index 4a636e817f..c1cf3b95c7 100644
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -103,6 +103,9 @@
<p>See the <a href="http://www.openssl.org/";>Official OpenSSL
website</a>
for more details on supported SSL hardware engines and manufacturers.
</p>
+ <p>Tomcat Native 2.x onwards requires SSL so if SSLEngine is set to
+ <code>off</code> when using Tomcat Native 2.x onwards, the APR/native
+ library will be disabled.</p>
</attribute>
<attribute name="SSLRandomSeed" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
