This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 16e64a9fb9 OpenSSLConf is not supported by BoringSSL
16e64a9fb9 is described below
commit 16e64a9fb904c70a9f15e5e021bf67fb4f6b42df
Author: remm <r...@apache.org>
AuthorDate: Mon Oct 7 13:05:10 2024 +0200
OpenSSLConf is not supported by BoringSSL
---
.../util/net/openssl/panama/LocalStrings.properties | 1 +
.../util/net/openssl/panama/OpenSSLContext.java | 20 ++++++++++++--------
webapps/docs/changelog.xml | 3 +++
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git
a/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
index af520f2115..e1c58ce12e 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
@@ -86,6 +86,7 @@ opensslconf.finishFailed=OpenSSLConf finish failed with
result [{0}]
opensslconf.noCommandName=OpenSSLConf no command name - will be ignored
(command value [{0}])
opensslconf.resultCommand=OpenSSLConf command (name [{0}], value [{1}])
returned [{2}]
opensslconf.unknownCommandType=SSL_CONF command [{0}] type unknown
+opensslconf.unsupported=The OpenSSL implementation does not support OpenSSLConf
openssllibrary.ciphersFailure=Failed getting cipher list
openssllibrary.currentFIPSMode=Current FIPS mode: [{0}]
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 29d017f496..1823fd99e9 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -174,14 +174,18 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (log.isTraceEnabled()) {
log.trace(sm.getString("openssl.makeConf"));
}
- confCtx = SSL_CONF_CTX_new();
- if (MemorySegment.NULL.equals(confCtx)) {
- throw new SSLException(sm.getString("openssl.errMakeConf",
OpenSSLLibrary.getLastError()));
+ if (!openssl_h_Compatibility.BORINGSSL) {
+ confCtx = SSL_CONF_CTX_new();
+ if (MemorySegment.NULL.equals(confCtx)) {
+ throw new
SSLException(sm.getString("openssl.errMakeConf",
OpenSSLLibrary.getLastError()));
+ }
+ SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
+ SSL_CONF_FLAG_SERVER() |
+ SSL_CONF_FLAG_CERTIFICATE() |
+ SSL_CONF_FLAG_SHOW_ERRORS());
+ } else {
+ log.error(sm.getString("opensslconf.unsupported"));
}
- SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
- SSL_CONF_FLAG_SERVER() |
- SSL_CONF_FLAG_CERTIFICATE() |
- SSL_CONF_FLAG_SHOW_ERRORS());
}
// SSL protocol
@@ -1396,7 +1400,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
this.confCtx =
confCtx.reinterpret(ValueLayout.ADDRESS.byteSize(), stateArena,
(MemorySegment t) -> SSL_CONF_CTX_free(t));
} else {
- this.confCtx = null;
+ this.confCtx = MemorySegment.NULL;
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ed212655ba..b374b15c7f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,6 +131,9 @@
Return null SSL session id on zero length byte array returned from the
SSL implementation. (remm)
</fix>
+ <fix>
+ Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
