On Fri, Oct 6, 2023 at 10:42 AM Michael Osipov <micha...@apache.org> wrote: > > Please let's not use the term Panama anymore, it is like with Jigsaw. They > were working titles, official name is Java FFM API. Even JEP 442 does not > mention this term anymore.
Will do. But these are FIXME comments so will be removed as soon as possible. Rémy > On 2023/10/06 08:15:09 r...@apache.org wrote: > > This is an automated email from the ASF dual-hosted git repository. > > > > remm pushed a commit to branch main > > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > > > > The following commit(s) were added to refs/heads/main by this push: > > new 73d5bfa8bf Update future code > > 73d5bfa8bf is described below > > > > commit 73d5bfa8bf7217fdba76c2798bd3143d6518c263 > > Author: remm <r...@apache.org> > > AuthorDate: Fri Oct 6 10:14:45 2023 +0200 > > > > Update future code > > > > The idea is to resolve profiles when Java 22 is available. > > --- > > java/org/apache/tomcat/util/net/SSLUtilBase.java | 6 +++--- > > .../ciphers/OpenSSLCipherConfigurationParser.java | 22 > > ++++++++++++++++------ > > 2 files changed, 19 insertions(+), 9 deletions(-) > > > > diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java > > b/java/org/apache/tomcat/util/net/SSLUtilBase.java > > index fb8c5558e1..91c2929baa 100644 > > --- a/java/org/apache/tomcat/util/net/SSLUtilBase.java > > +++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java > > @@ -121,9 +121,9 @@ public abstract class SSLUtilBase implements SSLUtil { > > > > sslHostConfig.setTls13RenegotiationAvailable(isTls13RenegAuthAvailable()); > > > > // Calculate the enabled ciphers > > - if (sslHostConfig.getCiphers().startsWith("PROFILE=")) { > > - // OpenSSL profiles > > - // TODO: sslHostConfig can query that with Panama, but skip > > for now > > + if (/*!JreCompat.isJre22Available() && > > */sslHostConfig.getCiphers().startsWith("PROFILE=")) { > > + // OpenSSL profiles cannot be resolved without Java 22 > > + // TODO: sslHostConfig should query that with Panama if > > possible > > this.enabledCiphers = new String[0]; > > } else { > > boolean warnOnSkip = > > !sslHostConfig.getCiphers().equals(SSLHostConfig.DEFAULT_TLS_CIPHERS); > > diff --git > > a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java > > > > b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java > > index 90d0eaca7e..2599bf24c2 100644 > > --- > > a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java > > +++ > > b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java > > @@ -715,12 +715,22 @@ public class OpenSSLCipherConfigurationParser { > > // Handle PROFILE= using OpenSSL (if present, otherwise warn), > > then replace elements with that > > if (elements.length == 1 && elements[0].startsWith("PROFILE=")) { > > // Only use with Panama and if OpenSSL has been successfully > > loaded before > > - /* FIXME: Merge OpenSSL code first > > - if (JreCompat.isJre22Available() && > > OpenSSLStatus.isLibraryInitialized()) { > > - List<String> cipherList = > > OpenSSLLibrary.findCiphers(elements[0]); > > - // Replace the original list with the profile contents > > - elements = cipherList.toArray(new String[0]); > > - }*/ > > + /* FIXME: Merge OpenSSL Panama code > > + if (JreCompat.isJre22Available()) { > > + if (OpenSSLStatus.isLibraryInitialized()) { > > + List<String> cipherList = > > OpenSSLLibrary.findCiphers(elements[0]); > > + // Replace the original list with the profile contents > > + elements = cipherList.toArray(new String[0]); > > + } else { > > + // OpenSSL is not available > > + > > log.error(sm.getString("opensslCipherConfigurationParser.unknownProfile", > > elements[0])); > > + } > > + } else { > > + // No way to resolve using OpenSSL, log an info about this > > + // but it might still work if using tomcat-native > > + > > log.info(sm.getString("opensslCipherConfigurationParser.unknownProfile", > > elements[0])); > > + } > > + */ > > } > > LinkedHashSet<Cipher> ciphers = new LinkedHashSet<>(); > > Set<Cipher> removedCiphers = new HashSet<>(); > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: dev-h...@tomcat.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
