This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 8e115f568a Fix cause of crashes with Native + NIO2 + OpenSSL
8e115f568a is described below
commit 8e115f568a53c0a38358808de2e8de641f463e11
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jan 20 23:58:27 2026 +0000
Fix cause of crashes with Native + NIO2 + OpenSSL
Prevent concurrent release of <code>OpenSSLEngine</code> resources and
the termination of the Tomcat Native library as it can cause crashes
during Tomcat shutdown.
---
.../tomcat/util/net/openssl/OpenSSLEngine.java | 22 ++++++++++++++++------
webapps/docs/changelog.xml | 9 +++++++++
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 86539f20f7..6139c80e9e 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -30,6 +30,7 @@ import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.concurrent.locks.Lock;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
@@ -42,6 +43,7 @@ import javax.net.ssl.SSLSessionContext;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.jni.AprStatus;
import org.apache.tomcat.jni.Buffer;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
@@ -222,9 +224,9 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
public synchronized void shutdown() {
if (!destroyed) {
destroyed = true;
- cleanable.clean();
// internal errors can cause shutdown without marking the engine
closed
isInboundDone = isOutboundDone = engineClosed = true;
+ cleanable.clean();
ByteBufferUtils.cleanDirectBuffer(buf);
}
}
@@ -1400,11 +1402,19 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
private record OpenSSLState(long ssl, long networkBIO) implements Runnable
{
@Override
public void run() {
- if (networkBIO != 0) {
- SSL.freeBIO(networkBIO);
- }
- if (ssl != 0) {
- SSL.freeSSL(ssl);
+ Lock readLock = AprStatus.getStatusLock().readLock();
+ readLock.lock();
+ try {
+ if (!AprStatus.isAprInitialized()) {
+ if (networkBIO != 0) {
+ SSL.freeBIO(networkBIO);
+ }
+ if (ssl != 0) {
+ SSL.freeSSL(ssl);
+ }
+ }
+ } finally {
+ readLock.unlock();
}
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d6f92f06fb..d5c0eb1f3a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,15 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Prevent concurrent release of <code>OpenSSLEngine</code> resources and
+ the termination of the Tomcat Native library as it can cause crashes
+ during Tomcat shutdown. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<add>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
