[Bug 57872] Do not auto-switch session cookie to version=1 due to '/' in Path when running in "strict compliance" mode (Internet Explorer and rfc6265)
https://bz.apache.org/bugzilla/show_bug.cgi?id=57872 Konstantin Kolinko changed: What|Removed |Added OS||All --- Comment #1 from Konstantin Kolinko --- > For a reference, an old report I meant to link to bug 45272 there. Just for information. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57871] New: LegacyCookieProcessor.setAllowHttpSepsInV0(false) affects all characters, not just separators
https://bz.apache.org/bugzilla/show_bug.cgi?id=57871
Bug ID: 57871
Summary: LegacyCookieProcessor.setAllowHttpSepsInV0(false)
affects all characters, not just separators
Product: Tomcat 8
Version: 8.0.21
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: knst.koli...@gmail.com
Reviewing code of LegacyCookieProcessor.setAllowHttpSepsInV0(boolean) of
current Tomcat 8.
There is the following code:
char[] seps = "()<>@:\\\"[]?={}\t".toCharArray();
for (char sep : seps) {
if (allowHttpSepsInV0) {
allowedWithoutQuotes.set(sep);
} else {
allowedWithoutQuotes.clear();
}
}
if (getForwardSlashIsSeparator() && !allowHttpSepsInV0) {
allowedWithoutQuotes.set('/');
} else {
allowedWithoutQuotes.clear('/');
}
Apparently it was supposed to do "clear(sep)" instead of just clear().
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57872] New: Do not auto-switch session cookie to version=1 due to '/' in Path when running in "strict compliance" mode (Internet Explorer and rfc6265)
https://bz.apache.org/bugzilla/show_bug.cgi?id=57872
Bug ID: 57872
Summary: Do not auto-switch session cookie to version=1 due to
'/' in Path when running in "strict compliance" mode
(Internet Explorer and rfc6265)
Product: Tomcat 7
Version: 7.0.61
Hardware: PC
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: knst.koli...@gmail.com
Encountered this when migrating a legacy web application from old Tomcat 6 to
current Tomcat 7(.0.61). Reproducible with current Tomcat 8 as well.
Essential is that both Tomcat 6 and Tomcat 7 were configured with
org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
User-visible symptoms:
The count of active sessions (as shown in Manager application) increases
rapidly. This does not occur when the same application is deployed on Tomcat 6.
Debugging:
1) Configured AccessLogValve to log incoming "cookie" headers and outgoing
"set-cookie" headers and the current session.Id by adding the following text to
its pattern:
SessionId:%S [Cookie received: %{cookie}i] [Set-Cookie sent: %{set-cookie}o]
2) Disabled HttpOnly -- to bring Tomcat 7 configuration more closely to Tomcat
6 one. This is done by setting in context file of
the web application.
Cause:
In year 2009 a new feature was implemented in Tomcat 7 that a cookie is
automatically switched from "version 0" cookie (Netscape cookie) to "version 1"
cookie (RFC2109 cookie) when value/path/domain properties of the cookie contain
a character that need to be quoted.
When "STRICT_SERVLET_COMPLIANCE" is true, one of characters that triggers
"version 1" is '/'. As every session cookie contains a Path that starts with
'/' this causes all session cookies to become "version 1" ones.
The problem is when client is Internet Explorer.
If I look into access log, the set-cookie header sent by an old Tomcat 6 looks
like the following:
JSESSIONID=E8776ACC0C787BBAD5C7EEC4770877E1; Path=/foo
The set-cookie header sent by Tomcat 7 looks like the following:
JSESSIONID=A7A0CBBF5813DF4DEADFFFD3475E09AD; Version=1; Path="/foo/"
The problem is quoted value of Path. It is not understood by Internet Explorer
and subsequent HTTP and Ajax requests do not include a "cookie" header. This is
observed both with IE 8 and with current IE 11.
For a reference, an old report
Known solution:
Tomcat 7 and 8: Set the following system property:
org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false
Tomcat 8 (better solution): configure a to be
"org.apache.tomcat.util.http.Rfc6265CookieProcessor" instead of default
LegacyCookieProcessor.
See
http://tomcat.apache.org/tomcat-8.0-doc/config/cookie-processor.html
Proposal:
1) '/' alone should not trigger conversion from version 0 cookie to version 1
cookie. Netscape specification (as linked from rfc6265) uses unquoted '/' in
Path in its examples, so it is explicitly OK to use '/' in the Path.
Generally, there may be other safe characters, as RFC6265 allows in path-value, but '/' is such a blatant example. Every
path starts with a '/'.
2) Processing of a cookie that has "version=1" (set explicitly, or converted
due to other reasons) is unchanged. The path will be quoted here. RFC2109
quotes Path in its examples.
The FWD_SLASH_IS_SEPARATOR flag is left to control quoting in version 1
cookies. (This is why I do not propose changing the default value of
FWD_SLASH_IS_SEPARATOR).
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676686 - in /tomcat/site/trunk: docs/migration-7.html xdocs/migration-7.xml
Author: kkolinko Date: Wed Apr 29 08:19:47 2015 New Revision: 1676686 URL: http://svn.apache.org/r1676686 Log: Mention autoconversion of cookies and link to https://bz.apache.org/bugzilla/show_bug.cgi?id=57872 Modified: tomcat/site/trunk/docs/migration-7.html tomcat/site/trunk/xdocs/migration-7.xml Modified: tomcat/site/trunk/docs/migration-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-7.html?rev=1676686&r1=1676685&r2=1676686&view=diff == --- tomcat/site/trunk/docs/migration-7.html (original) +++ tomcat/site/trunk/docs/migration-7.html Wed Apr 29 08:19:47 2015 @@ -692,6 +692,18 @@ of Apache Tomcat. org.apache.tomcat.util.http.ServerCookie.ALLOW_NAME_ONLY, that can be used to accept name-only cookies. + +If a cookie value or path contain characters that have to be quoted +(per RFC2109 specification), the cookie will be automatically converted +from "version 0" cookie into "version 1" cookie before sending it to +the client and those values will be surrounded by double quotes. What +characters need quoting is controlled by several System properties +such as + org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR. +It is known that Internet Explorer has problem processing "version 1" +cookies. (Bug https://bz.apache.org/bugzilla/show_bug.cgi?id=57872";>57872). + + Modified: tomcat/site/trunk/xdocs/migration-7.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/migration-7.xml?rev=1676686&r1=1676685&r2=1676686&view=diff == --- tomcat/site/trunk/xdocs/migration-7.xml (original) +++ tomcat/site/trunk/xdocs/migration-7.xml Wed Apr 29 08:19:47 2015 @@ -280,6 +280,18 @@ of Apache Tomcat. org.apache.tomcat.util.http.ServerCookie.ALLOW_NAME_ONLY, that can be used to accept name-only cookies. +If a cookie value or path contain characters that have to be quoted +(per RFC2109 specification), the cookie will be automatically converted +from "version 0" cookie into "version 1" cookie before sending it to +the client and those values will be surrounded by double quotes. What +characters need quoting is controlled by several System properties +such as + org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR. +It is known that Internet Explorer has problem processing "version 1" +cookies. (Bug 57872). + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676681 - /tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
Author: markt Date: Wed Apr 29 07:10:28 2015 New Revision: 1676681 URL: http://svn.apache.org/r1676681 Log: Whitespace police Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1676681&r1=1676680&r2=1676681&view=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Wed Apr 29 07:10:28 2015 @@ -153,7 +153,7 @@ 57837: Add text/css to the default list of -compressable MIME types. (markt) +compressable MIME types. (markt) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676699 - in /tomcat/trunk/java/org/apache/coyote/http11: AbstractHttp11Protocol.java Http11AprProtocol.java Http11Nio2Protocol.java Http11NioProtocol.java NpnHandler.java
Author: markt
Date: Wed Apr 29 09:24:38 2015
New Revision: 1676699
URL: http://svn.apache.org/r1676699
Log:
Remove some more SPDY plumbing
Removed:
tomcat/trunk/java/org/apache/coyote/http11/NpnHandler.java
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java
tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1676699&r1=1676698&r2=1676699&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Wed
Apr 29 09:24:38 2015
@@ -327,17 +327,6 @@ public abstract class AbstractHttp11Prot
getEndpoint().setMaxKeepAliveRequests(mkar);
}
-protected NpnHandler npnHandler;
-@SuppressWarnings("unchecked")
-public void setNpnHandler(String impl) {
-try {
-Class c = Class.forName(impl);
-npnHandler = (NpnHandler) c.newInstance();
-} catch (Exception ex) {
-getLog().warn("Failed to init light protocol " + impl, ex);
-}
-}
-
// --- HTTPS specific
properties
// Handled via an
SSLHostConfig
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1676699&r1=1676698&r2=1676699&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java Wed Apr
29 09:24:38 2015
@@ -21,7 +21,6 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.AprEndpoint;
import org.apache.tomcat.util.net.AprEndpoint.Poller;
-import org.apache.tomcat.util.net.SocketStatus;
import org.apache.tomcat.util.net.SocketWrapperBase;
@@ -171,15 +170,6 @@ public class Http11AprProtocol extends A
}
-@Override
-public void start() throws Exception {
-super.start();
-if (npnHandler != null) {
-long sslCtx = ((AprEndpoint) getEndpoint()).getJniSslContext();
-npnHandler.init(getEndpoint(), sslCtx, getAdapter());
-}
-}
-
// Connection handler
protected static class Http11ConnectionHandler
@@ -206,28 +196,6 @@ public class Http11AprProtocol extends A
}
@Override
-public SocketState process(SocketWrapperBase socket,
-SocketStatus status) {
-if (getProtocol().npnHandler != null) {
-Processor processor = null;
-if (status == SocketStatus.OPEN_READ) {
-processor = connections.get(socket.getSocket());
-
-}
-if (processor == null) {
-// if not null - handled by http11
-SocketState socketState =
getProtocol().npnHandler.process(socket, status);
-// handled by npn protocol.
-if (socketState == SocketState.CLOSED ||
-socketState == SocketState.LONG) {
-return socketState;
-}
-}
-}
-return super.process(socket, status);
-}
-
-@Override
protected void longPoll(SocketWrapperBase socket, Processor
processor) {
if (processor.isAsync()) {
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java?rev=1676699&r1=1676698&r2=1676699&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java Wed Apr
29 09:24:38 2015
@@ -23,7 +23,6 @@ import org.apache.tomcat.util.net.Nio2Ch
import org.apache.tomcat.util.net.Nio2Endpoint;
import org.apache.tomcat.util.net.Nio2Endpoint.Handler;
import org.apache.tomcat.util.net.Nio2Endpoint.Nio2SocketWrapper;
-import org.apache.tomcat.util.net.SocketStatus;
import org.apache.tomcat.util.net.SocketWrapperBase;
@@ -47,16 +46,6 @@ public class Http11Nio2Protocol extends
protected Log getLog() { return log; }
-@Override
-
[jira] [Updated] (MTOMCAT-296) shutdown switch for executable JAR
[
https://issues.apache.org/jira/browse/MTOMCAT-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marcus Beyer updated MTOMCAT-296:
-
Description:
I am using the exec-war goal of tomcat7-maven-plugin version 2.1 (not 2.2
because of MTOMCAT-263) to create a jar artifact which contains a tomcat 7 with
the deployed war of my project. Works fine.
However, in the target environment there is no possibility of a Ctrl+C to
shutdown gracefully. Therefore I wish some other way to commit a shutdown
signal, e.g. by calling the jar again, but with some kind of *stop* parameter
like this:
{code}java -jar target/standalone.jar stop{code}
was:
I am using the exec-war goal of tomcat7-maven-plugin version 2.1 (not 2.2
because of MTOMCAT-263) to create a jar artifact which contains a tomcat 7 with
the deployed war of my project. Works fine.
However, in the target environment there is no possibility of a Ctrl+C to
shutdown gracefully. Therefore I wish some other way to commit a shutdown
signal, e.g. by calling the jar again with some kind of *stop* parameter like
this:
{code}java -jar target/standalone.jar stop{code}
> shutdown switch for executable JAR
> --
>
> Key: MTOMCAT-296
> URL: https://issues.apache.org/jira/browse/MTOMCAT-296
> Project: Apache Tomcat Maven Plugin
> Issue Type: Wish
>Affects Versions: 2.1, 2.2
>Reporter: Marcus Beyer
>Priority: Critical
>
> I am using the exec-war goal of tomcat7-maven-plugin version 2.1 (not 2.2
> because of MTOMCAT-263) to create a jar artifact which contains a tomcat 7
> with the deployed war of my project. Works fine.
> However, in the target environment there is no possibility of a Ctrl+C to
> shutdown gracefully. Therefore I wish some other way to commit a shutdown
> signal, e.g. by calling the jar again, but with some kind of *stop* parameter
> like this:
> {code}java -jar target/standalone.jar stop{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[jira] [Created] (MTOMCAT-296) shutdown switch for executable JAR
Marcus Beyer created MTOMCAT-296:
Summary: shutdown switch for executable JAR
Key: MTOMCAT-296
URL: https://issues.apache.org/jira/browse/MTOMCAT-296
Project: Apache Tomcat Maven Plugin
Issue Type: Wish
Affects Versions: 2.2, 2.1
Reporter: Marcus Beyer
Priority: Critical
I am using the exec-war goal of tomcat7-maven-plugin version 2.1 (not 2.2
because of MTOMCAT-263) to create a jar artifact which contains a tomcat 7 with
the deployed war of my project. Works fine.
However, in the target environment there is no possibility of a Ctrl+C to
shutdown gracefully. Therefore I wish some other way to commit a shutdown
signal, e.g. by calling the jar again with some kind of *stop* parameter like
this:
{code}java -jar target/standalone.jar stop{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[jira] [Updated] (MTOMCAT-296) shutdown switch for executable JAR
[
https://issues.apache.org/jira/browse/MTOMCAT-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marcus Beyer updated MTOMCAT-296:
-
Description:
I am using the exec-war goal of tomcat7-maven-plugin version 2.1 (not 2.2
because of MTOMCAT-263) to create a jar artifact which contains a tomcat 7 with
the deployed war of my project. Works fine.
However, in the target environment there is no possibility of a Ctrl+C (to
shutdown gracefully). Therefore I wish some other way to commit a shutdown
signal, e.g. by calling the jar again, but with some kind of *stop* parameter
like this:
{code}java -jar target/standalone.jar stop{code}
was:
I am using the exec-war goal of tomcat7-maven-plugin version 2.1 (not 2.2
because of MTOMCAT-263) to create a jar artifact which contains a tomcat 7 with
the deployed war of my project. Works fine.
However, in the target environment there is no possibility of a Ctrl+C to
shutdown gracefully. Therefore I wish some other way to commit a shutdown
signal, e.g. by calling the jar again, but with some kind of *stop* parameter
like this:
{code}java -jar target/standalone.jar stop{code}
> shutdown switch for executable JAR
> --
>
> Key: MTOMCAT-296
> URL: https://issues.apache.org/jira/browse/MTOMCAT-296
> Project: Apache Tomcat Maven Plugin
> Issue Type: Wish
>Affects Versions: 2.1, 2.2
>Reporter: Marcus Beyer
>Priority: Critical
>
> I am using the exec-war goal of tomcat7-maven-plugin version 2.1 (not 2.2
> because of MTOMCAT-263) to create a jar artifact which contains a tomcat 7
> with the deployed war of my project. Works fine.
> However, in the target environment there is no possibility of a Ctrl+C (to
> shutdown gracefully). Therefore I wish some other way to commit a shutdown
> signal, e.g. by calling the jar again, but with some kind of *stop* parameter
> like this:
> {code}java -jar target/standalone.jar stop{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Bug 57837] add "text/css" to default of compressableMimeType
Hi, 2015-04-28 15:34 GMT+03:00 : > > https://bz.apache.org/bugzilla/show_bug.cgi?id=57837 > > --- Comment #9 from Violeta Georgieva --- > +1 for javascript I would like to add text/javascript and application/javascript also as defaults. Do you have any objection? Thanks, Violeta > -- > You are receiving this mail because: > You are the assignee for the bug. > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org >
svn commit: r1676715 - in /tomcat/tc8.0.x/tags/TOMCAT_8_0_22: ./ build.properties.default webapps/docs/changelog.xml
Author: markt Date: Wed Apr 29 10:51:23 2015 New Revision: 1676715 URL: http://svn.apache.org/r1676715 Log: Tag 8.0.22 Added: tomcat/tc8.0.x/tags/TOMCAT_8_0_22/ (props changed) - copied from r1676714, tomcat/tc8.0.x/trunk/ Modified: tomcat/tc8.0.x/tags/TOMCAT_8_0_22/build.properties.default tomcat/tc8.0.x/tags/TOMCAT_8_0_22/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/tags/TOMCAT_8_0_22/ -- bugtraq:append = false Propchange: tomcat/tc8.0.x/tags/TOMCAT_8_0_22/ -- bugtraq:label = Bugzilla ID (optional) Propchange: tomcat/tc8.0.x/tags/TOMCAT_8_0_22/ -- --- bugtraq:logregex (added) +++ bugtraq:logregex Wed Apr 29 10:51:23 2015 @@ -0,0 +1,2 @@ +(https?\://(bz|issues)\.apache\.org/bugzilla/show_bug.cgi\?id=\d+|BZ\s?\d+) +(\d+) Propchange: tomcat/tc8.0.x/tags/TOMCAT_8_0_22/ -- bugtraq:message = Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=%BUGID% Propchange: tomcat/tc8.0.x/tags/TOMCAT_8_0_22/ -- bugtraq:url = https://bz.apache.org/bugzilla/show_bug.cgi?id=%BUGID% Propchange: tomcat/tc8.0.x/tags/TOMCAT_8_0_22/ -- --- svn:ignore (added) +++ svn:ignore Wed Apr 29 10:51:23 2015 @@ -0,0 +1,7 @@ +.* +build.properties +logs +nbproject +output +work +*.iml Propchange: tomcat/tc8.0.x/tags/TOMCAT_8_0_22/ -- --- svn:mergeinfo (added) +++ svn:mergeinfo Wed Apr 29 10:51:23 2015 @@ -0,0 +1 @@ +/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,16
svn commit: r1676721 - in /tomcat/trunk: build.xml res/maven/mvn-pub.xml
Author: markt Date: Wed Apr 29 11:55:31 2015 New Revision: 1676721 URL: http://svn.apache.org/r1676721 Log: gpg2 needs an additional option set to read the passphrase from stdin Modified: tomcat/trunk/build.xml tomcat/trunk/res/maven/mvn-pub.xml Modified: tomcat/trunk/build.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/build.xml?rev=1676721&r1=1676720&r2=1676721&view=diff == --- tomcat/trunk/build.xml (original) +++ tomcat/trunk/build.xml Wed Apr 29 11:55:31 2015 @@ -3112,6 +3112,7 @@ Read the Building page on the Apache Tom + Modified: tomcat/trunk/res/maven/mvn-pub.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/res/maven/mvn-pub.xml?rev=1676721&r1=1676720&r2=1676721&view=diff == --- tomcat/trunk/res/maven/mvn-pub.xml (original) +++ tomcat/trunk/res/maven/mvn-pub.xml Wed Apr 29 11:55:31 2015 @@ -51,6 +51,7 @@ + @@ -59,6 +60,7 @@ + @@ -67,6 +69,7 @@ + @@ -130,6 +133,7 @@ + @@ -138,6 +142,7 @@ + @@ -195,6 +200,7 @@ + @@ -203,6 +209,7 @@ + @@ -211,6 +218,7 @@ + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676722 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AbstractJsseEndpoint.java SSLContext.java SSLUtil.java jsse/JSSESSLContext.java jsse/JSSESocketFactory.java
Author: remm
Date: Wed Apr 29 11:58:09 2015
New Revision: 1676722
URL: http://svn.apache.org/r1676722
Log:
Allow using SSLImplementationName configuration option with JSSE, since it
turns out SSLContext cannot be extended except by using JCE. In practical
terms, this allows using an alternate SSL engine implementation without having
to change additional things in Tomcat.
Added:
tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java (with props)
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
(with props)
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1676722&r1=1676721&r2=1676722&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Wed
Apr 29 11:58:09 2015
@@ -21,7 +21,6 @@ import java.util.Locale;
import java.util.Map;
import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
Added: tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java?rev=1676722&view=auto
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java (added)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java Wed Apr 29
11:58:09 2015
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.net;
+
+import java.security.KeyManagementException;
+import java.security.SecureRandom;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
+import javax.net.ssl.TrustManager;
+
+/**
+ * This interface is needed to override the default SSLContext class
+ * to allow SSL implementation pluggability without having to use JCE. With
+ * regular JSSE it will do nothing but delegate to the SSLContext.
+ */
+public interface SSLContext {
+
+public abstract void init(KeyManager[] kms, TrustManager[] tms,
+SecureRandom sr) throws KeyManagementException;
+
+public abstract SSLSessionContext getServerSessionContext();
+
+public abstract SSLEngine createSSLEngine();
+
+public abstract SSLServerSocketFactory getServerSocketFactory();
+
+public abstract SSLParameters getSupportedSSLParameters();
+
+}
Propchange: tomcat/trunk/java/org/apache/tomcat/util/net/SSLContext.java
--
svn:eol-style = native
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java?rev=1676722&r1=1676721&r2=1676722&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java Wed Apr 29
11:58:09 2015
@@ -17,7 +17,6 @@
package org.apache.tomcat.util.net;
import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
Added: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java?rev=1676722&view=auto
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
(a
svn commit: r8746 [2/2] - in /dev/tomcat/tomcat-8/v8.0.22: ./ bin/ bin/embed/ bin/extras/ src/
Added: dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.asc == --- dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.asc (added) +++ dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.asc Wed Apr 29 12:13:54 2015 @@ -0,0 +1,17 @@ +-BEGIN PGP SIGNATURE- +Version: GnuPG v2 + +iQIcBAABCAAGBQJVQMTHAAoJEBDAHFovYFnnT+oQAO72rMoS3Ub+4crpc0snno2i +bB9A5QsnZzdtgmKI7zL9D8lxpbdCaCJz/HUG8C7GdgCFk+T53KBc35JOYEyPxn1B +32A5P/s4Bh2goWA1qacpm4TN+LR3l4VixB/Ty1UC1KUjrP16/TquKK8wjHi/UFdb +GrScZX0PX3v74jkf3HENFSHa+ivx3g2vZw/B3OgE2j7BQQWPyouFL2kCDbTNxh96 +SjhSOyLaWDnJ5ZLZxVCvSLn/SuGN4LcDFBxAGdyGkTzyBabgzIVKezO3W+rTcaBa +28/wtLAYm5xDzX9wQQUPVZXntE9sJUXoYlK6uv4biGt5u1WSiV7dQnhsHw+BV7Gf +WJ2G36gj67PpRYT9TMTwtYDWDtIEa86LDP3a8FazLs8qpt7QMAIf7nCHCGg1xvfR +0eG2ukNqrhR6maxxlBxu/oQGWBhSLWbUrBDkmAINRfex2aVZ8k4JLiPTVXSQFbMi +IvhZBeXeYjoWJ1tOsw/6AmKo7BmnCp3r1ZXi7YH0zDKj7hh7BrYhGundk46Ja1YP +0lARzY8gxe+v3iY0z1Jq0awrQ5P7jy4VX6rMAWSMqYztW62b2M0RTU8RQgNVrfcx +iZuhEk0NkwCfhWAeR/0X/8/0j7z8OpPsgZxfAnIzVuvLE9WMb1KvgwKZbiSEdRTI +xkABkgZy50LtI8uR/hh6 +=JSoe +-END PGP SIGNATURE- Added: dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.md5 == --- dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.md5 (added) +++ dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.md5 Wed Apr 29 12:13:54 2015 @@ -0,0 +1 @@ +06fbc11912d9ef358bdbc8a124a3865c *catalina-ws.jar \ No newline at end of file Added: dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.sha1 == --- dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.sha1 (added) +++ dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.sha1 Wed Apr 29 12:13:54 2015 @@ -0,0 +1 @@ +651249a15febcc7481c3506a504694223598259a *catalina-ws.jar \ No newline at end of file Added: dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar == Binary file - no diff available. Propchange: dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar -- svn:mime-type = application/octet-stream Added: dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.asc == --- dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.asc (added) +++ dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.asc Wed Apr 29 12:13:54 2015 @@ -0,0 +1,17 @@ +-BEGIN PGP SIGNATURE- +Version: GnuPG v2 + +iQIcBAABCAAGBQJVQMTGAAoJEBDAHFovYFnnUYQP/2vh8fXDeB2DwC/S8lrexcHK ++yKk+RRvG2cky6eGb4Hw83KyZu1qP/oEphVtWxuofClhtxOwTlm+MSKGxU1A38iU +CqdfBqYhF/13XUh5AyBoXr1OhXmtwnelL/cVa3lYQimamFZz2BCwwNI4/C9QBzaI +mT3Y5N/iefYUokroiEeVN41A44dAkjNSmkn2U5jGFzykAtV6WA9R6rQyxbSFXFn6 +M5Uku+tzBq6UM9C/DHERT0ZoMPuIsyFeLSAEDjg6L9Mx19Y/ZO3mlP9lwSBbNqcl +48OyCta7AYrab1ZnVZuZIHTXo89UqW1OPGx59RJcmm+Bg5PQiHg9IFf1rSc8NTcy +UQjl4lC4VYhexDjlXd81I6yH8ed6MHHUXU4EuH0suVrRvxqEnfUJL5R4tbsd1d+i +9Ea6MEY4X7VbqNGsl82r8Nog/xhutANC09ZeRnt0k7OMf3NKsFkWSnre8PtE24lL +Hyt2v1HVkeh3E9SJ42AHNG5pTChd0Mbz5IYgaW2noYYoc2sDKuFF1PX9vfUcUROn +/MBhjLPUf36C4mzyYY2ln/uy3Q5X0CX7N4TPLlL/k1CRsHGLEOU7LRpZec/xzgsK +r9xQda0AV4NcbME2J4PLiZ3wIIR2+pomgvt3DhsNHhvguIXWvq19bNwMrrb177cv +wmL18q700bZOVRQD5Z0I +=HKgf +-END PGP SIGNATURE- Added: dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.md5 == --- dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.md5 (added) +++ dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.md5 Wed Apr 29 12:13:54 2015 @@ -0,0 +1 @@ +a5f3c6be3e13dedc7c379d3b589b89fa *tomcat-juli-adapters.jar \ No newline at end of file Added: dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.sha1 == --- dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.sha1 (added) +++ dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.sha1 Wed Apr 29 12:13:54 2015 @@ -0,0 +1 @@ +4aa68f0c730e9754c91efd7911778716cab9a9cb *tomcat-juli-adapters.jar \ No newline at end of file Added: dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli.jar == Binary file - no diff available. Propchange: dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli.jar -- svn:mime-type = application/octet-stream Added: dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli.jar.asc == --- dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli.jar.asc (add
svn commit: r8746 [1/2] - in /dev/tomcat/tomcat-8/v8.0.22: ./ bin/ bin/embed/ bin/extras/ src/
Author: markt Date: Wed Apr 29 12:13:54 2015 New Revision: 8746 Log: Upload 8.0.22 RC for voting Added: dev/tomcat/tomcat-8/v8.0.22/ dev/tomcat/tomcat-8/v8.0.22/KEYS (with props) dev/tomcat/tomcat-8/v8.0.22/README.html (with props) dev/tomcat/tomcat-8/v8.0.22/RELEASE-NOTES dev/tomcat/tomcat-8/v8.0.22/bin/ dev/tomcat/tomcat-8/v8.0.22/bin/README.html (with props) dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-deployer.tar.gz (with props) dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-deployer.tar.gz.asc dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-deployer.tar.gz.md5 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-deployer.tar.gz.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-deployer.zip (with props) dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-deployer.zip.asc dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-deployer.zip.md5 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-deployer.zip.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-fulldocs.tar.gz (with props) dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-fulldocs.tar.gz.asc dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-fulldocs.tar.gz.md5 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-fulldocs.tar.gz.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-i64.zip (with props) dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-i64.zip.asc dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-i64.zip.md5 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-i64.zip.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-x64.zip (with props) dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-x64.zip.asc dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-x64.zip.md5 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-x64.zip.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-x86.zip (with props) dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-x86.zip.asc dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-x86.zip.md5 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22-windows-x86.zip.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.exe (with props) dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.exe.asc dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.exe.md5 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.exe.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.tar.gz (with props) dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.tar.gz.asc dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.tar.gz.md5 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.tar.gz.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.zip (with props) dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.zip.asc dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.zip.md5 dev/tomcat/tomcat-8/v8.0.22/bin/apache-tomcat-8.0.22.zip.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/embed/ dev/tomcat/tomcat-8/v8.0.22/bin/embed/apache-tomcat-8.0.22-embed.tar.gz (with props) dev/tomcat/tomcat-8/v8.0.22/bin/embed/apache-tomcat-8.0.22-embed.tar.gz.asc dev/tomcat/tomcat-8/v8.0.22/bin/embed/apache-tomcat-8.0.22-embed.tar.gz.md5 dev/tomcat/tomcat-8/v8.0.22/bin/embed/apache-tomcat-8.0.22-embed.tar.gz.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/embed/apache-tomcat-8.0.22-embed.zip (with props) dev/tomcat/tomcat-8/v8.0.22/bin/embed/apache-tomcat-8.0.22-embed.zip.asc dev/tomcat/tomcat-8/v8.0.22/bin/embed/apache-tomcat-8.0.22-embed.zip.md5 dev/tomcat/tomcat-8/v8.0.22/bin/embed/apache-tomcat-8.0.22-embed.zip.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/extras/ dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-jmx-remote.jar (with props) dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-jmx-remote.jar.asc dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-jmx-remote.jar.md5 dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-jmx-remote.jar.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar (with props) dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.asc dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.md5 dev/tomcat/tomcat-8/v8.0.22/bin/extras/catalina-ws.jar.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar (with props) dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.asc dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.md5 dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli-adapters.jar.sha1 dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli.jar (with props) dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli.jar.asc dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli.jar.md5 dev/tomcat/tomcat-8/v8.0.22/bin/extras/tomcat-juli.jar
svn commit: r1676726 - in /tomcat/tc8.0.x/trunk: build.properties.default res/maven/mvn.properties.default webapps/docs/changelog.xml
Author: markt Date: Wed Apr 29 12:16:13 2015 New Revision: 1676726 URL: http://svn.apache.org/r1676726 Log: Prep for next tag Modified: tomcat/tc8.0.x/trunk/build.properties.default tomcat/tc8.0.x/trunk/res/maven/mvn.properties.default tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.0.x/trunk/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/build.properties.default?rev=1676726&r1=1676725&r2=1676726&view=diff == --- tomcat/tc8.0.x/trunk/build.properties.default (original) +++ tomcat/tc8.0.x/trunk/build.properties.default Wed Apr 29 12:16:13 2015 @@ -25,7 +25,7 @@ # - Version Control Flags - version.major=8 version.minor=0 -version.build=22 +version.build=23 version.patch=0 version.suffix=-dev Modified: tomcat/tc8.0.x/trunk/res/maven/mvn.properties.default URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/res/maven/mvn.properties.default?rev=1676726&r1=1676725&r2=1676726&view=diff == --- tomcat/tc8.0.x/trunk/res/maven/mvn.properties.default (original) +++ tomcat/tc8.0.x/trunk/res/maven/mvn.properties.default Wed Apr 29 12:16:13 2015 @@ -35,7 +35,7 @@ maven.asf.release.repo.url=https://repos maven.asf.release.repo.repositoryId=apache.releases # Release version info -maven.asf.release.deploy.version=8.0.22 +maven.asf.release.deploy.version=8.0.23 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1676726&r1=1676725&r2=1676726&view=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Wed Apr 29 12:16:13 2015 @@ -44,7 +44,9 @@ They eventually become mixed with the numbered issues. (I.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676728 - in /tomcat/tc8.0.x/trunk: ./ build.xml res/maven/mvn-pub.xml
Author: markt Date: Wed Apr 29 12:17:33 2015 New Revision: 1676728 URL: http://svn.apache.org/r1676728 Log: gpg2 needs an additional option set to read the passphrase from stdin Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/build.xml tomcat/tc8.0.x/trunk/res/maven/mvn-pub.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed Apr 29 12:17:33 2015 @@ -1 +1 @@ -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634 +/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,164488
svn commit: r1676731 - /tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
Author: markt
Date: Wed Apr 29 12:36:43 2015
New Revision: 1676731
URL: http://svn.apache.org/r1676731
Log:
Remove unnecessary code
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1676731&r1=1676730&r2=1676731&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Wed Apr 29
12:36:43 2015
@@ -676,10 +676,6 @@ public class AprEndpoint extends Abstrac
}
-public long getJniSslContext() {
-return sslContext;
-}
-
/**
* Start the APR endpoint, creating acceptor, poller and sendfile threads.
*/
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676732 - /tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
Author: markt
Date: Wed Apr 29 12:37:18 2015
New Revision: 1676732
URL: http://svn.apache.org/r1676732
Log:
Fix TLS for APR with old configuration options
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1676732&r1=1676731&r2=1676732&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Wed
Apr 29 12:37:18 2015
@@ -370,11 +370,11 @@ public abstract class AbstractHttp11Prot
registerDefaultSSLHostConfig();
defaultSSLHostConfig.setKeystoreFile(keystoreFile);
}
-public void setCertificateFile(String certificateFile) {
+public void setSSLCertificateFile(String certificateFile) {
registerDefaultSSLHostConfig();
defaultSSLHostConfig.setCertificateFile(certificateFile);
}
-public void setCertificateKeyFile(String certificateKeyFile) {
+public void setSSLCertificateKeyFile(String certificateKeyFile) {
registerDefaultSSLHostConfig();
defaultSSLHostConfig.setCertificateKeyFile(certificateKeyFile);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676733 - in /tomcat/native/trunk/native: include/ssl_private.h src/sslcontext.c
Author: markt
Date: Wed Apr 29 12:38:40 2015
New Revision: 1676733
URL: http://svn.apache.org/r1676733
Log:
Remove some ALPN debug code. Add an SNI callback (dummy implementation only so
far)
Modified:
tomcat/native/trunk/native/include/ssl_private.h
tomcat/native/trunk/native/src/sslcontext.c
Modified: tomcat/native/trunk/native/include/ssl_private.h
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1676733&r1=1676732&r2=1676733&view=diff
==
--- tomcat/native/trunk/native/include/ssl_private.h (original)
+++ tomcat/native/trunk/native/include/ssl_private.h Wed Apr 29 12:38:40 2015
@@ -259,8 +259,12 @@ struct tcn_ssl_ctxt_t {
/* for client: List of protocols to request via ALPN.
* for server: List of protocols to accept via ALPN.
*/
-char *alpn;
-int alpnlen;
+char*alpn;
+int alpnlen;
+
+/* References to Java SSLContext class used by SNI callbacks */
+JNIEnv *jnienv;
+jobject java_object;
};
Modified: tomcat/native/trunk/native/src/sslcontext.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1676733&r1=1676732&r2=1676733&view=diff
==
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Wed Apr 29 12:38:40 2015
@@ -62,6 +62,15 @@ static apr_status_t ssl_context_cleanup(
return APR_SUCCESS;
}
+/* Callback used when OpenSSL receives a client hello with a Server Name
+ * Indication extension.
+ */
+int ssl_callback_ServerNameIndication(SSL *ssl, int *al, tcn_ssl_ctxt_t *c)
+{
+printf("SNI callback received");
+return SSL_TLSEXT_ERR_OK;
+}
+
/* Initialize server context */
TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jlong pool,
jint protocol, jint mode)
@@ -69,7 +78,6 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
apr_pool_t *p = J2P(pool, apr_pool_t *);
tcn_ssl_ctxt_t *c = NULL;
SSL_CTX *ctx = NULL;
-UNREFERENCED(o);
if (protocol == SSL_PROTOCOL_TLSV1_2) {
#ifdef SSL_OP_NO_TLSv1_2
@@ -197,6 +205,13 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb
*)SSL_password_callback);
SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void
*)(&tcn_password_callback));
SSL_CTX_set_info_callback(c->ctx, SSL_callback_handshake);
+
+/* Set Server Name Indication (SNI) callback */
+c->jnienv = e;
+c->java_object = o;
+SSL_CTX_set_tlsext_servername_callback(c->ctx,
ssl_callback_ServerNameIndication);
+SSL_CTX_set_tlsext_servername_arg(c->ctx, c);
+
/*
* Let us cleanup the ssl context when the pool is destroyed
*/
@@ -684,8 +699,6 @@ int cb_server_alpn(SSL *ssl,
int i;
unsigned short splen;
-printf("inlen [%d]\n", inlen);
-
if (inlen == 0) {
// Client specified an empty protocol list. Nothing to negotiate.
return SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -713,8 +726,6 @@ int cb_server_alpn(SSL *ssl,
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
-printf("A\n");
-
proposed_protos = apr_array_make(con->pool, 0, sizeof(char *));
for (i = 0; i < tcsslctx->alpnlen; /**/) {
unsigned int plen = tcsslctx->alpn[i++];
@@ -727,8 +738,6 @@ int cb_server_alpn(SSL *ssl,
i += plen;
}
-printf("E\n");
-
if (proposed_protos->nelts <= 0) {
// Should never happen. The server did not specify any protocols.
return SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -744,8 +753,6 @@ int cb_server_alpn(SSL *ssl,
}
}
-printf("F\n");
-
size_t len = strlen((const char*)*out);
if (len > 255) {
// Agreed protocol name too long
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1676733 - in /tomcat/native/trunk/native: include/ssl_private.h src/sslcontext.c
On 29/04/2015 13:38, ma...@apache.org wrote:
> Author: markt
> Date: Wed Apr 29 12:38:40 2015
> New Revision: 1676733
>
> URL: http://svn.apache.org/r1676733
> Log:
> Remove some ALPN debug code. Add an SNI callback (dummy implementation only
> so far)
My plan for SNI with APR/native isn't particularly elegant but I do
think it is achievable given the generally poor state of my C coding skills.
The outline is:
- jni.SSLContext will maintain a map of default SSLContext to all SNI
SSLContexts. It is a map since there maybe more than one APR/native
connector and each AprEndpoint has its own default SSLContext
- AprEndpoint will register the default SSLContext and the SNI
SSLContexts with jni.SSLContext (and deregister)
- The callback will pass the current SSLContext and the SNI host name to
jni.SSLContext which will lookup the correct SSLContext in the map and
change the current SSLContext if necessary
This does mean that in the worst case there will be a
java->native->java->native call chain. I'm sure it is possible to move
the map and associated hostname lookup code to the native library but
I'm not at all confident that my C coding is up to that. On the plus
side, changing the mapping algorithm is something that will only require
changes on the Java side.
I plan to implement the above in stages, committing as and when it makes
sense to do so.
Mark
>
> Modified:
> tomcat/native/trunk/native/include/ssl_private.h
> tomcat/native/trunk/native/src/sslcontext.c
>
> Modified: tomcat/native/trunk/native/include/ssl_private.h
> URL:
> http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1676733&r1=1676732&r2=1676733&view=diff
> ==
> --- tomcat/native/trunk/native/include/ssl_private.h (original)
> +++ tomcat/native/trunk/native/include/ssl_private.h Wed Apr 29 12:38:40 2015
> @@ -259,8 +259,12 @@ struct tcn_ssl_ctxt_t {
> /* for client: List of protocols to request via ALPN.
> * for server: List of protocols to accept via ALPN.
> */
> -char *alpn;
> -int alpnlen;
> +char*alpn;
> +int alpnlen;
> +
> +/* References to Java SSLContext class used by SNI callbacks */
> +JNIEnv *jnienv;
> +jobject java_object;
> };
>
>
>
> Modified: tomcat/native/trunk/native/src/sslcontext.c
> URL:
> http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1676733&r1=1676732&r2=1676733&view=diff
> ==
> --- tomcat/native/trunk/native/src/sslcontext.c (original)
> +++ tomcat/native/trunk/native/src/sslcontext.c Wed Apr 29 12:38:40 2015
> @@ -62,6 +62,15 @@ static apr_status_t ssl_context_cleanup(
> return APR_SUCCESS;
> }
>
> +/* Callback used when OpenSSL receives a client hello with a Server Name
> + * Indication extension.
> + */
> +int ssl_callback_ServerNameIndication(SSL *ssl, int *al, tcn_ssl_ctxt_t *c)
> +{
> +printf("SNI callback received");
> +return SSL_TLSEXT_ERR_OK;
> +}
> +
> /* Initialize server context */
> TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jlong pool,
> jint protocol, jint mode)
> @@ -69,7 +78,6 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
> apr_pool_t *p = J2P(pool, apr_pool_t *);
> tcn_ssl_ctxt_t *c = NULL;
> SSL_CTX *ctx = NULL;
> -UNREFERENCED(o);
>
> if (protocol == SSL_PROTOCOL_TLSV1_2) {
> #ifdef SSL_OP_NO_TLSv1_2
> @@ -197,6 +205,13 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
> SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb
> *)SSL_password_callback);
> SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void
> *)(&tcn_password_callback));
> SSL_CTX_set_info_callback(c->ctx, SSL_callback_handshake);
> +
> +/* Set Server Name Indication (SNI) callback */
> +c->jnienv = e;
> +c->java_object = o;
> +SSL_CTX_set_tlsext_servername_callback(c->ctx,
> ssl_callback_ServerNameIndication);
> +SSL_CTX_set_tlsext_servername_arg(c->ctx, c);
> +
> /*
> * Let us cleanup the ssl context when the pool is destroyed
> */
> @@ -684,8 +699,6 @@ int cb_server_alpn(SSL *ssl,
> int i;
> unsigned short splen;
>
> -printf("inlen [%d]\n", inlen);
> -
> if (inlen == 0) {
> // Client specified an empty protocol list. Nothing to negotiate.
> return SSL_TLSEXT_ERR_ALERT_FATAL;
> @@ -713,8 +726,6 @@ int cb_server_alpn(SSL *ssl,
> return SSL_TLSEXT_ERR_ALERT_FATAL;
> }
>
> -printf("A\n");
> -
> proposed_protos = apr_array_make(con->pool, 0, sizeof(char *));
> for (i = 0; i < tcsslctx->alpnlen; /**/) {
> unsigned int plen = tcsslctx->alpn[i++];
> @@ -727,8 +738,6 @@ int cb_server_alpn(SSL *ssl,
> i += plen;
> }
>
> -printf("E\n");
> -
> if
svn commit: r1676736 - /tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
Author: markt
Date: Wed Apr 29 12:52:17 2015
New Revision: 1676736
URL: http://svn.apache.org/r1676736
Log:
Remove temporary code.
Now that at least one required field is configured via SSLHostConfig this
temporary code is no longer required.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1676736&r1=1676735&r2=1676736&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Wed Apr 29
12:52:17 2015
@@ -470,15 +470,6 @@ public class AprEndpoint extends Abstrac
// Initialize SSL if needed
if (isSSLEnabled()) {
-
-// TODO: Temp code until config refactoring is complete. Remove
once
-// refactoring is complete.
-if (sslHostConfigs.size() == 0) {
-SSLHostConfig defaultSslHostConfig = new SSLHostConfig();
-
defaultSslHostConfig.setHostName(SSLHostConfig.DEFAULT_SSL_HOST_NAME);
-sslHostConfigs.put(SSLHostConfig.DEFAULT_SSL_HOST_NAME,
defaultSslHostConfig);
-}
-
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
// TODO: No SNI support in APR/native so only process the
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GUMP@vmgump]: Project tomcat-tc8.0.x-test-apr (in module tomcat-8.0.x) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc8.0.x-test-apr has an issue affecting its community integration. This issue affects 1 projects. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-tc8.0.x-test-apr : Tomcat 8.x, a web server implementing the Java Servlet 3.1, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/logs-APR -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-APR/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr.html Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr (Type: Build) Work ended in a state of : Failed Elapsed: 39 mins 35 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-APR -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150429-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native/dest-20150429/lib -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20150429.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150429-native-src.tar.gz -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false -Dtest .openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20150429/bin/openssl -Dexecute.test.bio=false -Dexecute.test.apr=true -Dtest.excludePerformance=true -Dexecute.test.nio2=false -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.4-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-8.0.x] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja r:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib
buildbot success in ASF Buildbot on tomcat-8-trunk
The Buildbot has detected a restored build on builder tomcat-8-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-8-trunk/builds/232 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1676681 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1164 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1676736 Blamelist: markt BUILD FAILED: exception svn upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676745 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AbstractEndpoint.java AbstractJsseEndpoint.java SSLHostConfig.java
Author: markt
Date: Wed Apr 29 13:47:20 2015
New Revision: 1676745
URL: http://svn.apache.org/r1676745
Log:
Add an SSLContext object to SSLHostConfig so the endpoints do not need to
maintain a separate map of SNI host name to some SSLContext object
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1676745&r1=1676744&r2=1676745&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Wed Apr
29 13:47:20 2015
@@ -43,8 +43,8 @@ import org.apache.tomcat.util.threads.Re
import org.apache.tomcat.util.threads.TaskQueue;
import org.apache.tomcat.util.threads.TaskThreadFactory;
import org.apache.tomcat.util.threads.ThreadPoolExecutor;
+
/**
- *
* @author Mladen Turk
* @author Remy Maucherat
*/
@@ -231,6 +231,34 @@ public abstract class AbstractEndpoint -1) {
+result = sslHostConfigs.get("*" +
sniHostName.substring(indexOfDot));
+}
+}
+
+// Fall-back. Use the default
+if (result == null) {
+result = sslHostConfigs.get(SSLHostConfig.DEFAULT_SSL_HOST_NAME);
+}
+if (result == null) {
+// Should never happen.
+throw new IllegalStateException();
+}
+return result;
+}
+
+
/**
* Has the user requested that send file be used where possible?
*/
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1676745&r1=1676744&r2=1676745&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Wed
Apr 29 13:47:20 2015
@@ -16,9 +16,7 @@
*/
package org.apache.tomcat.util.net;
-import java.util.HashMap;
import java.util.Locale;
-import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
@@ -32,7 +30,6 @@ import org.apache.tomcat.util.net.jsse.N
public abstract class AbstractJsseEndpoint extends AbstractEndpoint {
private SSLImplementation sslImplementation = null;
-private Map sslContexts = new HashMap<>();
public SSLImplementation getSslImplementation() {
return sslImplementation;
@@ -69,14 +66,19 @@ public abstract class AbstractJsseEndpoi
sslUtil.configureSessionContext(sessionContext);
}
SSLContextWrapper sslContextWrapper = new
SSLContextWrapper(sslContext, sslUtil);
-sslContexts.put(sslHostConfig.getHostName(),
sslContextWrapper);
+sslHostConfig.setSslContext(sslContextWrapper);
}
}
}
protected SSLEngine createSSLEngine(String sniHostName) {
-SSLContextWrapper sslContextWrapper =
getSSLContextWrapper(sniHostName);
+SSLHostConfig sslHostConfig = getSSLHostConfig(sniHostName);
+SSLContextWrapper sslContextWrapper = (SSLContextWrapper)
sslHostConfig.getSslContext();
+if (sslContextWrapper == null) {
+// TODO i18n
+throw new IllegalStateException();
+}
SSLEngine engine = sslContextWrapper.getSSLContext().createSSLEngine();
if ("false".equals(getClientAuth())) {
@@ -97,10 +99,11 @@ public abstract class AbstractJsseEndpoi
}
-
@Override
public void unbind() throws Exception {
-sslContexts.clear();
+for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
+sslHostConfig.setSslContext(null);
+}
}
@@ -139,34 +142,6 @@ public abstract class AbstractJsseEndpoi
}
return result;
}
-
-
-private SSLContextWrapper getSSLContextWrapper(String sniHostName) {
-SSLContextWrapper result = null;
-
-if (sniHostName != null) {
-// First choice - direct match
-result = sslContexts.get(sniHostName);
-if (result != null) {
-return result;
-}
-// Second choice, wildcard match
-int indexOfDot = sniHostName.indexOf('.');
-if (indexOfDot > -1) {
-result = sslContexts.get("*" +
sniHostName.substring(indexOfDot));
-}
-}
-
-// Fall-back. Use the default
-if (result == null) {
-result = sslContexts.get(SSLHostC
svn commit: r1676747 - /tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
Author: markt
Date: Wed Apr 29 13:56:09 2015
New Revision: 1676747
URL: http://svn.apache.org/r1676747
Log:
sslEnabledProtocols has been renamed and moved to SSLHostConfig
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1676747&r1=1676746&r2=1676747&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Wed Apr
29 13:56:09 2015
@@ -27,7 +27,6 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
-import java.util.StringTokenizer;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
@@ -1072,28 +1071,6 @@ public abstract class AbstractEndpoint sslEnabledProtocols = new ArrayList<>();
-StringTokenizer t = new StringTokenizer(s,",");
-while (t.hasMoreTokens()) {
-String p = t.nextToken().trim();
-if (p.length() > 0) {
-sslEnabledProtocols.add(p);
-}
-}
-sslEnabledProtocolsarr = sslEnabledProtocols.toArray(
-new String[sslEnabledProtocols.size()]);
-}
-}
-
-
protected final Set> waitingRequests = Collections
.newSetFromMap(new ConcurrentHashMap,
Boolean>());
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1165 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1676745 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 8.0.22
The proposed Apache Tomcat 8.0.22 release is now available for voting. The main changes since 8.0.21 are: - Change the format of the Tomcat specific URLs for resources inside JARs that are in turn packed in a WAR. The ^/ sequence has been replaced by */ so that the resulting URLs are compliant with RFC 2396 and do not trigger exceptions when converted to URIs. The old format will continue to be accepted. - When checking last modified times as part of the automatic deployment process, account for the fact that File.lastModified() has a resolution of one second to ensure that if a file has been modified within the last second, the latest version of the file is always used. Note that a side-effect of this change is that files with modification times in the future are treated as if they are unmodified. - Fix a concurrency issue in session replication when a backup message that has all session data and a backup message that has diff data are processing at the same time. There is also the usual collection of bug fixes, new features and performance improvements. For full details, see the changelog: http://svn.us.apache.org/repos/asf/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.22/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1042/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_22/ The proposed 8.0.22 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 8.0.22 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676791 - in /tomcat/trunk/java/org/apache/tomcat: jni/SSLContext.java util/net/AprEndpoint.java
Author: markt
Date: Wed Apr 29 16:59:08 2015
New Revision: 1676791
URL: http://svn.apache.org/r1676791
Log:
Add the first pass at the Java side plumbing for SNI support with APR/native.
Modified:
tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java?rev=1676791&r1=1676790&r2=1676791&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java Wed Apr 29 16:59:08
2015
@@ -17,6 +17,9 @@
package org.apache.tomcat.jni;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
/** SSL Context
*
* @author Mladen Turk
@@ -289,4 +292,25 @@ public final class SSLContext {
public static native void setVerify(long ctx, int level, int depth);
public static native int setALPN(long ctx, byte[] proto, int len);
+
+public static long sniCallback(long defaultCtx, String sniHostName) {
+SNICallBack sniCallBack = sniCallBacks.get(Long.valueOf(defaultCtx));
+if (sniCallBack == null) {
+return 0;
+}
+return sniCallBack.getSslContext(sniHostName);
+}
+
+private static Map sniCallBacks = new
ConcurrentHashMap<>();
+public static void registerDefault(Long defaultSSLContext,
+SNICallBack sniCallBack) {
+sniCallBacks.put(defaultSSLContext, sniCallBack);
+}
+public static void unregisterDefault(Long ctx) {
+sniCallBacks.remove(ctx);
+}
+
+public static interface SNICallBack {
+public long getSslContext(String sniHostName);
+}
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1676791&r1=1676790&r2=1676791&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Wed Apr 29
16:59:08 2015
@@ -45,6 +45,7 @@ import org.apache.tomcat.jni.Poll;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;
+import org.apache.tomcat.jni.SSLContext.SNICallBack;
import org.apache.tomcat.jni.SSLSocket;
import org.apache.tomcat.jni.Sockaddr;
import org.apache.tomcat.jni.Socket;
@@ -70,7 +71,7 @@ import org.apache.tomcat.util.net.SSLHos
* @author Mladen Turk
* @author Remy Maucherat
*/
-public class AprEndpoint extends AbstractEndpoint {
+public class AprEndpoint extends AbstractEndpoint implements SNICallBack
{
// -- Constants
@@ -472,12 +473,6 @@ public class AprEndpoint extends Abstrac
if (isSSLEnabled()) {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
-// TODO: No SNI support in APR/native so only process the
-// default host.
-if
(!SSLHostConfig.DEFAULT_SSL_HOST_NAME.equals(sslHostConfig.getHostName())) {
-continue;
-}
-
if (sslHostConfig.getCertificateFile() == null) {
// This is required
throw new
Exception(sm.getString("endpoint.apr.noSslCertFile"));
@@ -514,8 +509,9 @@ public class AprEndpoint extends Abstrac
}
// Create SSL Context
+long ctx = 0;
try {
-sslContext = SSLContext.make(rootPool, value,
SSL.SSL_MODE_SERVER);
+ctx = SSLContext.make(rootPool, value,
SSL.SSL_MODE_SERVER);
} catch (Exception e) {
// If the sslEngine is disabled on the AprLifecycleListener
// there will be an Exception here but there is no way to
check
@@ -529,7 +525,7 @@ public class AprEndpoint extends Abstrac
try {
legacyRenegSupported =
SSL.hasOp(SSL.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
if (legacyRenegSupported)
-SSLContext.setOptions(sslContext,
SSL.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+SSLContext.setOptions(ctx,
SSL.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
} catch (UnsatisfiedLinkError e) {
// Ignore
}
@@ -546,7 +542,7 @@ public class AprEndpoint extends Abstrac
try {
orderCiphersSupported =
SSL.hasOp(SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
if (orderCiphersSupported)
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1167 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1676791 Blamelist: markt BUILD FAILED: exception svn upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676863 - /tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java
Author: markt
Date: Wed Apr 29 21:31:39 2015
New Revision: 1676863
URL: http://svn.apache.org/r1676863
Log:
Fix capitalisation
Modified:
tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java
Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java?rev=1676863&r1=1676862&r2=1676863&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java Wed Apr 29 21:31:39
2015
@@ -293,7 +293,7 @@ public final class SSLContext {
public static native int setALPN(long ctx, byte[] proto, int len);
-public static long sniCallback(long defaultCtx, String sniHostName) {
+public static long sniCallBack(long defaultCtx, String sniHostName) {
SNICallBack sniCallBack = sniCallBacks.get(Long.valueOf(defaultCtx));
if (sniCallBack == null) {
return 0;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676864 - in /tomcat/native/trunk/native: include/ssl_private.h src/sslcontext.c
Author: markt
Date: Wed Apr 29 21:31:43 2015
New Revision: 1676864
URL: http://svn.apache.org/r1676864
Log:
Implement the native part of SNI
Modified:
tomcat/native/trunk/native/include/ssl_private.h
tomcat/native/trunk/native/src/sslcontext.c
Modified: tomcat/native/trunk/native/include/ssl_private.h
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1676864&r1=1676863&r2=1676864&view=diff
==
--- tomcat/native/trunk/native/include/ssl_private.h (original)
+++ tomcat/native/trunk/native/include/ssl_private.h Wed Apr 29 21:31:43 2015
@@ -261,10 +261,6 @@ struct tcn_ssl_ctxt_t {
*/
char*alpn;
int alpnlen;
-
-/* References to Java SSLContext class used by SNI callbacks */
-JNIEnv *jnienv;
-jobject java_object;
};
Modified: tomcat/native/trunk/native/src/sslcontext.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1676864&r1=1676863&r2=1676864&view=diff
==
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Wed Apr 29 21:31:43 2015
@@ -62,12 +62,37 @@ static apr_status_t ssl_context_cleanup(
return APR_SUCCESS;
}
+static jclassssl_context_class;
+static jmethodID sni_java_callback;
+
/* Callback used when OpenSSL receives a client hello with a Server Name
* Indication extension.
*/
int ssl_callback_ServerNameIndication(SSL *ssl, int *al, tcn_ssl_ctxt_t *c)
{
-printf("SNI callback received");
+// Get the JNI environment for this callback
+JavaVM *javavm = tcn_get_java_vm();
+JNIEnv *env;
+(*javavm)->AttachCurrentThread(javavm, (void **)&env, NULL);
+
+// Get the host name presented by the client
+const char *servername = SSL_get_servername(ssl,
TLSEXT_NAMETYPE_host_name);
+
+// Convert parameters ready for the method call
+jstring hostname = (*env)->NewStringUTF(env, servername);
+jlong original_ssl_context = P2J(c->ctx);
+
+// Make the call
+jlong new_ssl_context = (*env)->CallStaticLongMethod(env,
+ssl_context_class,
+sni_java_callback,
+
original_ssl_context,
+hostname);
+
+if (original_ssl_context != new_ssl_context) {
+SSL_set_SSL_CTX(ssl, J2P(new_ssl_context, SSL_CTX *));
+}
+
return SSL_TLSEXT_ERR_OK;
}
@@ -206,9 +231,14 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void
*)(&tcn_password_callback));
SSL_CTX_set_info_callback(c->ctx, SSL_callback_handshake);
-/* Set Server Name Indication (SNI) callback */
-c->jnienv = e;
-c->java_object = o;
+/* Cache Java side SNI callback if not already cached */
+if (ssl_context_class == 0) {
+ssl_context_class = (*e)->NewGlobalRef(e, o);
+sni_java_callback = (*e)->GetStaticMethodID(e, ssl_context_class,
+"sniCallBack",
"(JLjava/lang/String;)J");
+}
+
+/* Set up OpenSSL call back if SNI is provided by the client */
SSL_CTX_set_tlsext_servername_callback(c->ctx,
ssl_callback_ServerNameIndication);
SSL_CTX_set_tlsext_servername_arg(c->ctx, c);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1676864 - in /tomcat/native/trunk/native: include/ssl_private.h src/sslcontext.c
On 29/04/2015 22:31, ma...@apache.org wrote: > Author: markt > Date: Wed Apr 29 21:31:43 2015 > New Revision: 1676864 > > URL: http://svn.apache.org/r1676864 > Log: > Implement the native part of SNI This works. The Java -> C -> Java -> C transition isn't going to give the fastest SSL handshake in the world but I intend to leave fixing that as an exercise for someone that is rather more competent in C than I am. I have tested this locally with two different certs and Tomcat does correctly switch between them depending on the host the browser requests. I have some tidying up of this that I'll do tomorrow (docs, comments, i18n etc.) and then I plan to get on with the HTTP/2 implementation. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1676867 - /tomcat/trunk/webapps/docs/changelog.xml
Author: markt Date: Wed Apr 29 21:39:37 2015 New Revision: 1676867 URL: http://svn.apache.org/r1676867 Log: Update changelog. Modified: tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1676867&r1=1676866&r2=1676867&view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Wed Apr 29 21:39:37 2015 @@ -77,6 +77,11 @@ Add support for HPACK header encoding and decoding, contributed by Stuart Douglas. (remm) + +57108: Add support for Server Name Indication (SNI). There +has been significant changes to the SSL configuration in server.xml to +support this. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57108] Implement multiple sslcontext SNI (server name indication) dispatch
https://bz.apache.org/bugzilla/show_bug.cgi?id=57108 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #16 from Mark Thomas --- This is implemented in Tomcat 9 for NIO, NIO2 and APR/native. Note that the configuration refactoring isn't complete yet but the building blocks are all in place. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1676864 - in /tomcat/native/trunk/native: include/ssl_private.h src/sslcontext.c
Mark,
On 4/29/15 5:31 PM, ma...@apache.org wrote:
> Author: markt
> Date: Wed Apr 29 21:31:43 2015
> New Revision: 1676864
>
> URL: http://svn.apache.org/r1676864
> Log:
> Implement the native part of SNI
>
> Modified:
> tomcat/native/trunk/native/include/ssl_private.h
> tomcat/native/trunk/native/src/sslcontext.c
>
> Modified: tomcat/native/trunk/native/include/ssl_private.h
> URL:
> http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1676864&r1=1676863&r2=1676864&view=diff
> ==
> --- tomcat/native/trunk/native/include/ssl_private.h (original)
> +++ tomcat/native/trunk/native/include/ssl_private.h Wed Apr 29 21:31:43 2015
> @@ -261,10 +261,6 @@ struct tcn_ssl_ctxt_t {
> */
> char*alpn;
> int alpnlen;
> -
> -/* References to Java SSLContext class used by SNI callbacks */
> -JNIEnv *jnienv;
> -jobject java_object;
> };
>
>
>
> Modified: tomcat/native/trunk/native/src/sslcontext.c
> URL:
> http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1676864&r1=1676863&r2=1676864&view=diff
> ==
> --- tomcat/native/trunk/native/src/sslcontext.c (original)
> +++ tomcat/native/trunk/native/src/sslcontext.c Wed Apr 29 21:31:43 2015
> @@ -62,12 +62,37 @@ static apr_status_t ssl_context_cleanup(
> return APR_SUCCESS;
> }
>
> +static jclassssl_context_class;
> +static jmethodID sni_java_callback;
> +
> /* Callback used when OpenSSL receives a client hello with a Server Name
> * Indication extension.
> */
> int ssl_callback_ServerNameIndication(SSL *ssl, int *al, tcn_ssl_ctxt_t *c)
> {
> -printf("SNI callback received");
> +// Get the JNI environment for this callback
> +JavaVM *javavm = tcn_get_java_vm();
> +JNIEnv *env;
> +(*javavm)->AttachCurrentThread(javavm, (void **)&env, NULL);
Is OpenSSL running the handshake in another thread? I don't know enough
about OpenSSL to know how it does things like callbacks for this stuff.
What thread is active when ssl_callback_ServerNameIndication is being
called? Is it a thread that initially requested the handshake (and is
therefore already bound to the JVM)?
> +// Get the host name presented by the client
> +const char *servername = SSL_get_servername(ssl,
> TLSEXT_NAMETYPE_host_name);
> +
> +// Convert parameters ready for the method call
> +jstring hostname = (*env)->NewStringUTF(env, servername);
> +jlong original_ssl_context = P2J(c->ctx);
> +
> +// Make the call
> +jlong new_ssl_context = (*env)->CallStaticLongMethod(env,
> +
> ssl_context_class,
> +
> sni_java_callback,
> +
> original_ssl_context,
> +hostname);
> +
> +if (original_ssl_context != new_ssl_context) {
> +SSL_set_SSL_CTX(ssl, J2P(new_ssl_context, SSL_CTX *));
> +}
> +
> return SSL_TLSEXT_ERR_OK;
> }
>
> @@ -206,9 +231,14 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
> SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void
> *)(&tcn_password_callback));
> SSL_CTX_set_info_callback(c->ctx, SSL_callback_handshake);
>
> -/* Set Server Name Indication (SNI) callback */
> -c->jnienv = e;
> -c->java_object = o;
> +/* Cache Java side SNI callback if not already cached */
> +if (ssl_context_class == 0) {
This is okay, but graybeards might prefer:
if(!ssl_context_class)
> +ssl_context_class = (*e)->NewGlobalRef(e, o);
> +sni_java_callback = (*e)->GetStaticMethodID(e, ssl_context_class,
> +"sniCallBack",
> "(JLjava/lang/String;)J");
> +}
> +
> +/* Set up OpenSSL call back if SNI is provided by the client */
> SSL_CTX_set_tlsext_servername_callback(c->ctx,
> ssl_callback_ServerNameIndication);
> SSL_CTX_set_tlsext_servername_arg(c->ctx, c);
-chris
signature.asc
Description: OpenPGP digital signature
[Bug 57802] Compatibility with ICEfaces 1.8 over JSF 1.1 apps
https://bz.apache.org/bugzilla/show_bug.cgi?id=57802 --- Comment #13 from Patrick WENDJI --- I have a test case but it's a 16MB WAR file. Can I upload it? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
RE: svn commit: r1676864 - in /tomcat/native/trunk/native: include/ssl_private.h src/sslcontext.c
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: svn commit: r1676864 - in /tomcat/native/trunk/native:
> include/ssl_private.h src/sslcontext.c
> > Modified: tomcat/native/trunk/native/src/sslcontext.c
> > URL:
> > http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?
> > rev=1676864&r1=1676863&r2=1676864&view=diff
> > ==
> > --- tomcat/native/trunk/native/src/sslcontext.c (original)
> > +++ tomcat/native/trunk/native/src/sslcontext.c Wed Apr 29 21:31:43 2015
> > @@ -206,9 +231,14 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
> > SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void
> > *)(&tcn_password_callback));
> > SSL_CTX_set_info_callback(c->ctx, SSL_callback_handshake);
> >
> > -/* Set Server Name Indication (SNI) callback */
> > -c->jnienv = e;
> > -c->java_object = o;
> > +/* Cache Java side SNI callback if not already cached */
> > +if (ssl_context_class == 0) {
> This is okay, but graybeards might prefer:
> if(!ssl_context_class)
And the purists among us (even with a gray beard) would much prefer:
if (ssl_context_class == NULL) {
Treating a pointer as a boolean is close to an abomination (although it is
quite typical C bad practice). Just because C has a horribly weak typing
system doesn't mean abusing it should be encouraged.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1168 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1676863 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57802] Compatibility with ICEfaces 1.8 over JSF 1.1 apps
https://bz.apache.org/bugzilla/show_bug.cgi?id=57802 --- Comment #14 from Patrick WENDJI --- Created attachment 32699 --> https://bz.apache.org/bugzilla/attachment.cgi?id=32699&action=edit ICEfaces 1.8.1 component showcase on Myfaces 1.1.5/Tomahawk 1.1.6 The attachment works on Tomcat version 6.0.43 and 7.0.57 but not on 8.0.21 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57802] Compatibility with ICEfaces 1.8 over JSF 1.1 apps
https://bz.apache.org/bugzilla/show_bug.cgi?id=57802 Patrick WENDJI changed: What|Removed |Added Status|NEEDINFO|NEW --- Comment #15 from Patrick WENDJI --- I provided a uptobox link instead -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57875] New: Classloading guide on Servlet API classes
https://bz.apache.org/bugzilla/show_bug.cgi?id=57875 Bug ID: 57875 Summary: Classloading guide on Servlet API classes Product: Tomcat 8 Version: 8.0.21 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Documentation Assignee: dev@tomcat.apache.org Reporter: psf...@clustertech.com https://tomcat.apache.org/tomcat-8.0-doc/class-loader-howto.html The guide writes Any JAR file that contains Servlet API classes will be explicitly ignored by the classloader — Do not include such JARs in your web application. I try including javaee-api-7.0.jar in my webapp in Tomcat 8. It contains Servlet API classes as well as other JEE API such as JPA and JTA. My webapp which depends on JPA and JTA runs normally, which implies the classes from javaee-api-7.0.jar are loaded. When the same webapp is deployed in Tomcat 7, the following error is shown and my webapp failed to deploy because of NoClassDefFoundError of some JPA/JTA class. INFO: validateJarFile(C:\apache-tomcat-7.0.54\webapps\ROOT\WEB-INF\lib\javaee-api-7.0.jar) - jar not loaded. See Servlet Spec 3.0, section 10.7.2. Offending class: javax/servlet/Servlet.class It appears that the classloader is changed in Tomcat 8 and that restriction is lifted. If so, please update the guide accordingly. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 49903] Make workers file reloadable
https://bz.apache.org/bugzilla/show_bug.cgi?id=49903 Chinoy Gupta changed: What|Removed |Added CC||chinoygu...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GUMP@vmgump]: Project tomcat-tc8.0.x-test-apr (in module tomcat-8.0.x) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc8.0.x-test-apr has an issue affecting its community integration. This issue affects 1 projects. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-tc8.0.x-test-apr : Tomcat 8.x, a web server implementing the Java Servlet 3.1, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/logs-APR -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-APR/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr.html Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr (Type: Build) Work ended in a state of : Failed Elapsed: 37 mins 1 sec Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-APR -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150430-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native/dest-20150430/lib -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20150430.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150430-native-src.tar.gz -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false -Dtest .openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20150430/bin/openssl -Dexecute.test.bio=false -Dexecute.test.apr=true -Dtest.excludePerformance=true -Dexecute.test.nio2=false -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.4-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-8.0.x] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja r:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-jni.jar:/srv/gu
