(tomcat) branch main updated: Add useOpenSSL flag to the OpenSSL listener

Fri, 22 Dec 2023 01:52:19 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 835173dd6c Add useOpenSSL flag to the OpenSSL listener
835173dd6c is described below

commit 835173dd6cbb16304e0c470aca94de470ec8e3e3
Author: remm <r...@apache.org>
AuthorDate: Fri Dec 22 10:51:50 2023 +0100

    Add useOpenSSL flag to the OpenSSL listener
    
    Also fix strings.
---
 java/org/apache/catalina/connector/Connector.java           |  2 +-
 java/org/apache/catalina/core/LocalStrings.properties       |  8 ++++----
 java/org/apache/catalina/core/OpenSSLLifecycleListener.java | 10 ++++++++++
 java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java  |  9 +++++++++
 4 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/catalina/connector/Connector.java 
b/java/org/apache/catalina/connector/Connector.java
index 5ef50ca140..f2d68763cb 100644
--- a/java/org/apache/catalina/connector/Connector.java
+++ b/java/org/apache/catalina/connector/Connector.java
@@ -1008,7 +1008,7 @@ public class Connector extends LifecycleMBeanBase {
             setParseBodyMethods(getParseBodyMethods());
         }
 
-        if (JreCompat.isJre22Available() && OpenSSLStatus.isAvailable()
+        if (JreCompat.isJre22Available() && OpenSSLStatus.getUseOpenSSL() && 
OpenSSLStatus.isAvailable()
                 && protocolHandler instanceof AbstractHttp11Protocol) {
             AbstractHttp11Protocol<?> jsseProtocolHandler = 
(AbstractHttp11Protocol<?>) protocolHandler;
             if (jsseProtocolHandler.isSSLEnabled() && 
jsseProtocolHandler.getSslImplementationName() == null) {
diff --git a/java/org/apache/catalina/core/LocalStrings.properties 
b/java/org/apache/catalina/core/LocalStrings.properties
index d4c6acb2e7..d65120a9fa 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -160,10 +160,10 @@ naming.wsdlFailed=Failed to find wsdl file: [{0}]
 
 noPluggabilityServletContext.notAllowed=Section 4.4 of the Servlet 3.0 
specification does not permit this method to be called from a 
ServletContextListener that was not defined in web.xml, a web-fragment.xml file 
nor annotated with @WebListener
 
-openssllistener.destroy=Failed shutdown of OpenSSL
-openssllistener.initializeFIPSFailed=Failed to enter FIPS mode
-openssllistener.java22=Tomcat OpenSSL support requires the FFM API which is 
available in Java 22 and newer, tomcat-native should be used instead
-openssllistener.sslInit=Failed to initialize the SSLEngine.
+openssllistener.destroy=OpenSSL shutdown failed
+openssllistener.initializeFIPSFailed=Failed entering FIPS mode
+openssllistener.java22=The FFM API from Java 22 is not available, using 
OpenSSL requires Apache Tomcat Native
+openssllistener.sslInit=OpenSSL initialization failed
 
 propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be 
null
 propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be 
empty
diff --git a/java/org/apache/catalina/core/OpenSSLLifecycleListener.java 
b/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
index 98d7d7d6b0..477ca41317 100644
--- a/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
+++ b/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
@@ -220,4 +220,14 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
         return false;
     }
 
+    public void setUseOpenSSL(boolean useOpenSSL) {
+        if (useOpenSSL != OpenSSLStatus.getUseOpenSSL()) {
+            OpenSSLStatus.setUseOpenSSL(useOpenSSL);
+        }
+    }
+
+    public static boolean getUseOpenSSL() {
+        return OpenSSLStatus.getUseOpenSSL();
+    }
+
 }
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
index c6beb712bb..682e878de1 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
@@ -23,6 +23,7 @@ public class OpenSSLStatus {
     private static volatile boolean libraryInitialized = false;
     private static volatile boolean initialized = false;
     private static volatile boolean available = false;
+    private static volatile boolean useOpenSSL = true;
     private static volatile boolean instanceCreated = false;
 
 
@@ -38,6 +39,10 @@ public class OpenSSLStatus {
         return available;
     }
 
+    public static boolean getUseOpenSSL() {
+        return useOpenSSL;
+    }
+
     public static boolean isInstanceCreated() {
         return instanceCreated;
     }
@@ -54,6 +59,10 @@ public class OpenSSLStatus {
         OpenSSLStatus.available = available;
     }
 
+    public static void setUseOpenSSL(boolean useOpenSSL) {
+        OpenSSLStatus.useOpenSSL = useOpenSSL;
+    }
+
     public static void setInstanceCreated(boolean instanceCreated) {
         OpenSSLStatus.instanceCreated = instanceCreated;
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to