This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new fdf476a772 Fix reflection for calling OpenSSL FFM
fdf476a772 is described below
commit fdf476a772a703440faf9af44c0e350a5308c81b
Author: remm <[email protected]>
AuthorDate: Wed Mar 19 11:16:46 2025 +0100
Fix reflection for calling OpenSSL FFM
---
.../catalina/core/OpenSSLLifecycleListener.java | 50 +++++++++++-----------
webapps/docs/changelog.xml | 4 ++
2 files changed, 29 insertions(+), 25 deletions(-)
diff --git a/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
b/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
index 5b0ea02531..c8360a55fc 100644
--- a/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
+++ b/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
@@ -57,9 +57,9 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
openSSLLibraryClass.getMethod("init").invoke(null);
} catch (Throwable t) {
- t = ExceptionUtils.unwrapInvocationTargetException(t);
- ExceptionUtils.handleThrowable(t);
- log.error(sm.getString("openssllistener.sslInit"), t);
+ Throwable throwable =
ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(throwable);
+ log.error(sm.getString("openssllistener.sslInit"),
throwable);
}
}
}
@@ -97,9 +97,9 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
openSSLLibraryClass.getMethod("init").invoke(null);
} catch (Throwable t) {
- t = ExceptionUtils.unwrapInvocationTargetException(t);
- ExceptionUtils.handleThrowable(t);
- log.error(sm.getString("openssllistener.sslInit"), t);
+ Throwable throwable =
ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(throwable);
+ log.error(sm.getString("openssllistener.sslInit"),
throwable);
initError = true;
}
// Failure to initialize FIPS mode is fatal
@@ -123,8 +123,8 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
openSSLLibraryClass.getMethod("destroy").invoke(null);
} catch (Throwable t) {
- t = ExceptionUtils.unwrapInvocationTargetException(t);
- ExceptionUtils.handleThrowable(t);
+ Throwable throwable =
ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(throwable);
log.info(sm.getString("openssllistener.destroy"));
}
}
@@ -139,8 +139,8 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
return (String)
openSSLLibraryClass.getMethod("getSSLEngine").invoke(null);
} catch (Throwable t) {
- t = ExceptionUtils.unwrapInvocationTargetException(t);
- ExceptionUtils.handleThrowable(t);
+ Throwable throwable =
ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(throwable);
}
}
return null;
@@ -151,10 +151,10 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
try {
Class<?> openSSLLibraryClass =
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
- openSSLLibraryClass.getMethod("setSSLEngine").invoke(null,
SSLEngine);
+ openSSLLibraryClass.getMethod("setSSLEngine",
String.class).invoke(null, SSLEngine);
} catch (Throwable t) {
- t = ExceptionUtils.unwrapInvocationTargetException(t);
- ExceptionUtils.handleThrowable(t);
+ Throwable throwable =
ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(throwable);
}
}
}
@@ -166,8 +166,8 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
return (String)
openSSLLibraryClass.getMethod("getSSLRandomSeed").invoke(null);
} catch (Throwable t) {
- t = ExceptionUtils.unwrapInvocationTargetException(t);
- ExceptionUtils.handleThrowable(t);
+ Throwable throwable =
ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(throwable);
}
}
return null;
@@ -178,10 +178,10 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
try {
Class<?> openSSLLibraryClass =
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
- openSSLLibraryClass.getMethod("setSSLRandomSeed").invoke(null,
SSLRandomSeed);
+ openSSLLibraryClass.getMethod("setSSLRandomSeed",
String.class).invoke(null, SSLRandomSeed);
} catch (Throwable t) {
- t = ExceptionUtils.unwrapInvocationTargetException(t);
- ExceptionUtils.handleThrowable(t);
+ Throwable throwable =
ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(throwable);
}
}
}
@@ -193,8 +193,8 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
return (String)
openSSLLibraryClass.getMethod("getFIPSMode").invoke(null);
} catch (Throwable t) {
- t = ExceptionUtils.unwrapInvocationTargetException(t);
- ExceptionUtils.handleThrowable(t);
+ Throwable throwable =
ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(throwable);
}
}
return null;
@@ -205,10 +205,10 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
try {
Class<?> openSSLLibraryClass =
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
- openSSLLibraryClass.getMethod("setFIPSMode").invoke(null,
FIPSMode);
+ openSSLLibraryClass.getMethod("setFIPSMode",
String.class).invoke(null, FIPSMode);
} catch (Throwable t) {
- t = ExceptionUtils.unwrapInvocationTargetException(t);
- ExceptionUtils.handleThrowable(t);
+ Throwable throwable =
ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(throwable);
}
}
}
@@ -220,8 +220,8 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
return ((Boolean)
openSSLLibraryClass.getMethod("isFIPSModeActive").invoke(null)).booleanValue();
} catch (Throwable t) {
- t = ExceptionUtils.unwrapInvocationTargetException(t);
- ExceptionUtils.handleThrowable(t);
+ Throwable throwable =
ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(throwable);
}
}
return false;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6e8aa763f8..27493be9ac 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -122,6 +122,10 @@
Fix parsing of the <code>time-taken</code> token in the
<code>ExtendedAccessLogValve</code>. (remm)
</fix>
+ <fix>
+ Fix invocation of the FFM OpenSSL code for setting a SSL engine and
+ FIPS mode. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
