svn commit: r1686370 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: remm Date: Fri Jun 19 07:12:34 2015 New Revision: 1686370 URL: http://svn.apache.org/r1686370 Log: Votes Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1686370&r1=1686369&r2=1686370&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Fri Jun 19 07:12:34 2015 @@ -35,7 +35,7 @@ PATCHES PROPOSED TO BACKPORT: LibraryNotFoundError Thread http://people.apache.org/~markt/patches/2015-04-08-jni-align-tc6-v1.patch - +1: markt, kkolinko (comment below) + +1: markt, kkolinko (comment below), remm -1: kkolinko: @@ -71,13 +71,13 @@ PATCHES PROPOSED TO BACKPORT: http://svn.apache.org/r1675821 (fix) http://svn.apache.org/r1678180 (documentation) - +1: kkolinko, markt + +1: kkolinko, markt, remm -1: * Remove obsolete code supporting old tcnative <= 1.1.20. We currently require tcnative 1.1.30. http://people.apache.org/~rjung/patches/tc6-remove-obsolete-tcn-code.patch - +1: rjung, markt + +1: rjung, markt, remm -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58052] RewriteValve: Rewrite to a complete URI does not work because the colon is URL encoded
https://bz.apache.org/bugzilla/show_bug.cgi?id=58052 Remy Maucherat changed: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #2 from Remy Maucherat --- Unless you're using a redirect, this won't work. The mapper will only accept URLs relative to the server root, so fixing this does not make sense since this is not usable. Please use the user list for user questions instead. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686371 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Author: markt
Date: Fri Jun 19 08:00:58 2015
New Revision: 1686371
URL: http://svn.apache.org/r1686371
Log:
More:
- references
- cipher IDs
- corrections to strength bits
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1686371&r1=1686370&r2=1686371&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Fri
Jun 19 08:00:58 2015
@@ -25,7 +25,8 @@ import java.util.Set;
/**
* All the standard cipher suites for SSL/TSL.
*
- * @see https://github.com/openssl/openssl/blob/master/ssl/s3_lib.c";>OpenSSL
+ * @see https://github.com/openssl/openssl/blob/master/ssl/s3_lib.c";
+ * >OpenSSL cipher definitions
* @see http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4";
* >The cipher suite registry
* @see https://www.thesprawl.org/research/tls-and-ssl-cipher-suites/";
@@ -34,6 +35,8 @@ import java.util.Set;
* >Oracle standard names for cipher suites
* @see https://www.openssl.org/docs/apps/ciphers.html";
* >Mapping of OpenSSL cipher suites names to registry names
+ * @see https://github.com/ssllabs/sslhaf/blob/0.1.x/suites.csv";
+ * >SSL Labs tool - list of ciphers
*/
public enum Cipher {
/* The RSA ciphers */
@@ -513,7 +516,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
-168,
+112,
168
),
// Cipher 20
@@ -569,7 +572,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
false,
-168,
+112,
168
),
// Cipher 24
@@ -1231,6 +1234,7 @@ public enum Cipher {
),
/* GOST Ciphersuites */
/*
+// Cipher 80
TLS_GOSTR341094_WITH_28147_CNT_IMIT(
"GOST94-GOST89-GOST89",
KeyExchange.GOST,
@@ -1244,6 +1248,7 @@ public enum Cipher {
256,
256
),
+// Cipher 81
TLS_GOSTR341001_WITH_28147_CNT_IMIT(
"GOST2001-GOST89-GOST89",
KeyExchange.GOST,
@@ -1257,6 +1262,7 @@ public enum Cipher {
256,
256
),
+// Cipher 82
TLS_GOSTR341094_WITH_NULL_GOSTR3411(
"GOST94-NULL-GOST94",
KeyExchange.GOST,
@@ -1270,6 +1276,7 @@ public enum Cipher {
0,
0
),
+// Cipher 83
TLS_GOSTR341001_WITH_NULL_GOSTR3411(
"GOST2001-NULL-GOST94",
KeyExchange.GOST,
@@ -1394,7 +1401,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
-168,
+112,
168
),
// Cipher 8C
@@ -1888,7 +1895,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
-168,
+112,
168
),
// Cipher C004
@@ -1958,7 +1965,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
-168,
+112,
168
),
// Cipher C009
@@ -2028,7 +2035,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
-168,
+112,
168
),
// Cipher C00E
@@ -2098,7 +2105,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
-168,
+112,
168
),
// Cipher C013
@@ -2168,7 +2175,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
-168,
+112,
168
),
// Cipher C018
@@ -2211,7 +2218,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
false,
-168,
+112,
168
),
// Cipher C01B
@@ -2225,7 +2232,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
false,
-168,
+112,
168
),
// Cipher C01C
@@ -2239,7 +2246,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
false,
-168,
+112,
168
),
// Cipher C01D
@@ -2832,7 +2839,7 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
false,
-168,
+112,
168,
"SSL_CK_DES_192_EDE3_CBC_WITH_MD5"
);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache
[Bug 58052] RewriteValve: Rewrite to a complete URI does not work because the colon is URL encoded
https://bz.apache.org/bugzilla/show_bug.cgi?id=58052 Volker Voßkämper changed: What|Removed |Added Resolution|INVALID |FIXED --- Comment #3 from Volker Voßkämper --- Rules like this are working with Apache httpd mod_rewrite and are subject to many howtos regarding https redirection. For example https://www.sslshopper.com/apache-redirect-http-to-https.html Following this description https://tomcat.apache.org/tomcat-8.0-doc/rewrite.html "The rewrite.config file contains a list of directives which closely resemble the directives used by mod_rewrite, in particular the central RewriteRule and RewriteCond directives." So I would expect this to work. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1412 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686371 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58052] RewriteValve: Implement additional RewriteRule directive capabilities
https://bz.apache.org/bugzilla/show_bug.cgi?id=58052 Remy Maucherat changed: What|Removed |Added Summary|RewriteValve: Rewrite to a |RewriteValve: Implement |complete URI does not work |additional RewriteRule |because the colon is URL|directive capabilities |encoded | Priority|P2 |P4 Status|RESOLVED|REOPENED Severity|normal |enhancement Resolution|FIXED |--- --- Comment #4 from Remy Maucherat --- The behavior corresponds to what is documented in the Tomcat documentation. However, it seems reading the mod_rewrite documentation that additional capabilities were added or officially documented to the RewriteRule directive. Tomcat's RewriteValve only supports the "-" and URL-path options for the substitution, while now mod_rewrite has external rewrite auto detect (useful, but all you need to do is manually add the "R" flag, so it's a very minor enhancement) and a file serving feature (that could be questionable for Servlet security). So this becomes a low priority enhancement that will either be implemented or the documentation be further clarified that unlike mod_rewrite it doesn't support file serving and/or auto external redirect. >From the current mod_rewrite documentation: The Substitution of a rewrite rule is the string that replaces the original URL-path that was matched by Pattern. The Substitution may be a: file-system path Designates the location on the file-system of the resource to be delivered to the client. Substitutions are only treated as a file-system path when the rule is configured in server (virtualhost) context and the first component of the path in the substitution exists in the file-system URL-path A DocumentRoot-relative path to the resource to be served. Note that mod_rewrite tries to guess whether you have specified a file-system path or a URL-path by checking to see if the first segment of the path exists at the root of the file-system. For example, if you specify a Substitution string of /www/file.html, then this will be treated as a URL-path unless a directory named www exists at the root or your file-system (or, in the case of using rewrites in a .htaccess file, relative to your document root), in which case it will be treated as a file-system path. If you wish other URL-mapping directives (such as Alias) to be applied to the resulting URL-path, use the [PT] flag as described below. Absolute URL If an absolute URL is specified, mod_rewrite checks to see whether the hostname matches the current host. If it does, the scheme and hostname are stripped out and the resulting path is treated as a URL-path. Otherwise, an external redirect is performed for the given URL. To force an external redirect back to the current host, see the [R] flag below. - (dash) A dash indicates that no substitution should be performed (the existing path is passed through untouched). This is used when a flag (see below) needs to be applied without changing the path. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686373 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Author: markt
Date: Fri Jun 19 08:39:12 2015
New Revision: 1686373
URL: http://svn.apache.org/r1686373
Log:
Another reference
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1686373&r1=1686372&r2=1686373&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Fri
Jun 19 08:39:12 2015
@@ -37,6 +37,8 @@ import java.util.Set;
* >Mapping of OpenSSL cipher suites names to registry names
* @see https://github.com/ssllabs/sslhaf/blob/0.1.x/suites.csv";
* >SSL Labs tool - list of ciphers
+ * @see http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/e30cd0d37abf/src/java.base/share/classes/sun/security/ssl/CipherSuite.java";
+ * >OpenJDK source code
*/
public enum Cipher {
/* The RSA ciphers */
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58053] New: Use loop rather than assuming the size of the array won't change
https://bz.apache.org/bugzilla/show_bug.cgi?id=58053 Bug ID: 58053 Summary: Use loop rather than assuming the size of the array won't change Product: Tomcat 9 Version: unspecified Hardware: All OS: All Status: NEW Severity: trivial Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: s...@apache.org Created attachment 32835 --> https://bz.apache.org/bugzilla/attachment.cgi?id=32835&action=edit Replace numeric offsets with loop Code in FastHttpDateFormat uses numeric offsets into an array when it should use a loop. In this case the loop is no shorter than the existing 3 lines, but using a loop avoids the problem of ensuring that the array size and the max index agree. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686384 - in /tomcat/trunk/java/org/apache/tomcat/util/net/openssl: OpenSSLContext.java OpenSSLServerSessionContext.java
Author: markt
Date: Fri Jun 19 11:12:35 2015
New Revision: 1686384
URL: http://svn.apache.org/r1686384
Log:
Fix Javadoc nags
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLServerSessionContext.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1686384&r1=1686383&r2=1686384&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Fri Jun 19 11:12:35 2015
@@ -179,7 +179,6 @@ public class OpenSSLContext implements o
* {@code OpenSSLKeyManager}
* @param tms
* @param sr Is not used for this implementation.
- * @throws SSLException
*/
@Override
public synchronized void init(KeyManager[] kms, TrustManager[] tms,
SecureRandom sr) {
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLServerSessionContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLServerSessionContext.java?rev=1686384&r1=1686383&r2=1686384&view=diff
==
---
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLServerSessionContext.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLServerSessionContext.java
Fri Jun 19 11:12:35 2015
@@ -21,7 +21,8 @@ import org.apache.tomcat.jni.SSLContext;
/**
- * {@link OpenSslSessionContext} implementation which offers extra methods
which are only useful for the server-side.
+ * {@link OpenSSLSessionContext} implementation which offers extra methods
which
+ * are only useful for the server-side.
*/
public final class OpenSSLServerSessionContext extends OpenSSLSessionContext {
OpenSSLServerSessionContext(long context) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686385 - in /tomcat/trunk/java/org/apache/tomcat/util/net/openssl: CipherSuiteConverter.java OpenSSLContext.java OpenSSLEngine.java
Author: markt
Date: Fri Jun 19 11:17:07 2015
New Revision: 1686385
URL: http://svn.apache.org/r1686385
Log:
Clean up the IDE warnings
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/CipherSuiteConverter.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/CipherSuiteConverter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/CipherSuiteConverter.java?rev=1686385&r1=1686384&r2=1686385&view=diff
==
---
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/CipherSuiteConverter.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/CipherSuiteConverter.java
Fri Jun 19 11:17:07 2015
@@ -176,7 +176,7 @@ public final class CipherSuiteConverter
// Cache the reverse mapping after stripping the protocol prefix (TLS_
or SSL_)
final String javaCipherSuiteSuffix = javaCipherSuite.substring(4);
-Map p2j = new HashMap(4);
+Map p2j = new HashMap<>(4);
p2j.put("", javaCipherSuiteSuffix);
p2j.put("SSL", "SSL_" + javaCipherSuiteSuffix);
p2j.put("TLS", "TLS_" + javaCipherSuiteSuffix);
@@ -300,7 +300,7 @@ public final class CipherSuiteConverter
final String javaCipherSuiteTls = "TLS_" + javaCipherSuiteSuffix;
// Cache the mapping.
-final Map p2j = new HashMap(4);
+final Map p2j = new HashMap<>(4);
p2j.put("", javaCipherSuiteSuffix);
p2j.put("SSL", javaCipherSuiteSsl);
p2j.put("TLS", javaCipherSuiteTls);
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1686385&r1=1686384&r2=1686385&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Fri Jun 19 11:17:07 2015
@@ -452,7 +452,6 @@ public class OpenSSLContext implements o
}
@Override
-@SuppressWarnings("FinalizeDeclaration")
protected final void finalize() throws Throwable {
super.finalize();
synchronized (OpenSSLContext.class) {
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1686385&r1=1686384&r2=1686385&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Fri
Jun 19 11:17:07 2015
@@ -71,7 +71,7 @@ public final class OpenSSLEngine extends
private static final Set AVAILABLE_CIPHER_SUITES;
static {
-final Set availableCipherSuites = new
LinkedHashSet(128);
+final Set availableCipherSuites = new LinkedHashSet<>(128);
final long aprPool = Pool.create(0);
try {
final long sslCtx = SSLContext.make(aprPool, SSL.SSL_PROTOCOL_ALL,
SSL.SSL_MODE_SERVER);
@@ -124,7 +124,8 @@ public final class OpenSSLEngine extends
Constants.SSL_PROTO_TLSv1_1,
Constants.SSL_PROTO_TLSv1_2
};
-private static final Set SUPPORTED_PROTOCOLS_SET = new
HashSet(Arrays.asList(SUPPORTED_PROTOCOLS));
+private static final Set SUPPORTED_PROTOCOLS_SET =
+new HashSet<>(Arrays.asList(SUPPORTED_PROTOCOLS));
// Header (5) + Data (2^14) + Compression (1024) + Encryption (1024) + MAC
(20) + Padding (256)
static final int MAX_ENCRYPTED_PACKET_LENGTH = MAX_CIPHERTEXT_LENGTH + 5 +
20 + 256;
@@ -155,7 +156,6 @@ public final class OpenSSLEngine extends
private int accepted;
private boolean handshakeFinished;
private boolean receivedShutdown;
-@SuppressWarnings("UnusedDeclaration")
private volatile int destroyed;
// Use an invalid cipherSuite until the handshake is completed
@@ -176,7 +176,6 @@ public final class OpenSSLEngine extends
private final String fallbackApplicationProtocol;
private final OpenSSLSessionContext sessionContext;
-@SuppressWarnings("unused")
private volatile SSLSession session;
/**
@@ -257,7 +256,8 @@ public final class OpenSSLEngine extends
}
}
-throw new
IllegalStateException(sm.getString("engine.writeToSSLFailed", sslWrote));
+throw new IllegalStateException(
+sm.getString("engine.writeToSSLFailed",
Integer.toString(sslWrote)));
}
/**
@@ -386,7 +386,9 @@ public final class OpenSSLEngine exte
svn commit: r1686386 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Author: markt
Date: Fri Jun 19 11:18:08 2015
New Revision: 1686386
URL: http://svn.apache.org/r1686386
Log:
Preparation for supporting multiple certificate types.
Add the cipher ID to the cipher enumeration.
Add some additional commentary to explain gaps etc.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1686386&r1=1686385&r2=1686386&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Fri
Jun 19 11:18:08 2015
@@ -19,7 +19,9 @@ package org.apache.tomcat.util.net.jsse.
import java.util.Arrays;
import java.util.Collections;
+import java.util.HashMap;
import java.util.HashSet;
+import java.util.Map;
import java.util.Set;
/**
@@ -41,9 +43,17 @@ import java.util.Set;
* >OpenJDK source code
*/
public enum Cipher {
+
+/* Cipher 0
+ * TLS_NULL_WITH_NULL_NULL
+ * Must never be negotiated. Used internally to represent the initial
+ * unprotected state of a connection.
+ */
+
/* The RSA ciphers */
// Cipher 01
TLS_RSA_WITH_NULL_MD5(
+0x0001,
"NULL-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -59,6 +69,7 @@ public enum Cipher {
),
// Cipher 02
TLS_RSA_WITH_NULL_SHA(
+0x0002,
"NULL-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -74,6 +85,7 @@ public enum Cipher {
),
// Cipher 03
TLS_RSA_EXPORT_WITH_RC4_40_MD5(
+0x0003,
"EXP-RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -89,6 +101,7 @@ public enum Cipher {
),
// Cipher 04
TLS_RSA_WITH_RC4_128_MD5(
+0x0004,
"RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -104,6 +117,7 @@ public enum Cipher {
),
// Cipher 05
TLS_RSA_WITH_RC4_128_SHA(
+0x0005,
"RC4-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -119,6 +133,7 @@ public enum Cipher {
),
// Cipher 06
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5(
+0x0006,
"EXP-RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -134,6 +149,7 @@ public enum Cipher {
),
// Cipher 07
TLS_RSA_WITH_IDEA_CBC_SHA(
+0x0007,
"IDEA-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -149,6 +165,7 @@ public enum Cipher {
),
// Cipher 08
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA(
+0x0008,
"EXP-DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -164,6 +181,7 @@ public enum Cipher {
),
// Cipher 09
TLS_RSA_WITH_DES_CBC_SHA(
+0x0009,
"DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -179,6 +197,7 @@ public enum Cipher {
),
// Cipher 0A
TLS_RSA_WITH_3DES_EDE_CBC_SHA(
+0x000A,
"DES-CBC3-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -195,6 +214,7 @@ public enum Cipher {
/* The DH ciphers */
// Cipher 0B
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA(
+0x000B,
"EXP-DH-DSS-DES-CBC-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -210,6 +230,7 @@ public enum Cipher {
),
// Cipher 0C
TLS_DH_DSS_WITH_DES_CBC_SHA(
+0x000C,
"DH-DSS-DES-CBC-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -225,6 +246,7 @@ public enum Cipher {
),
// Cipher 0D
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA(
+0x000D,
"DH-DSS-DES-CBC3-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -240,6 +262,7 @@ public enum Cipher {
),
// Cipher 0E
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA(
+0x000E,
"EXP-DH-RSA-DES-CBC-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -255,6 +278,7 @@ public enum Cipher {
),
// Cipher 0F
TLS_DH_RSA_WITH_DES_CBC_SHA(
+0x000F,
"DH-RSA-DES-CBC-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -270,6 +294,7 @@ public enum Cipher {
),
// Cipher 10
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA(
+0x0010,
"DH-RSA-DES-CBC3-SHA",
KeyExchange.DHr,
Authentication.DH,
@@ -286,6 +311,7 @@ public enum Cipher {
/* The Ephemeral DH ciphers */
// Cipher 11
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(
+0x0011,
"EXP-DHE-DSS-DES-C
svn commit: r1686388 - /tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
Author: markt
Date: Fri Jun 19 11:19:56 2015
New Revision: 1686388
URL: http://svn.apache.org/r1686388
Log:
Fix IDE / Javadoc errors
Modified:
tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSL.java?rev=1686388&r1=1686387&r2=1686388&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/jni/SSL.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/SSL.java Fri Jun 19 11:19:56 2015
@@ -398,43 +398,38 @@ public final class SSL {
public static native int getError(long ssl, int ret);
/**
- * BIO_ctrl_pending
+ * BIO_ctrl_pending.
* @param bio BIO pointer (BIO *)
- * @return
*/
public static native int pendingWrittenBytesInBIO(long bio);
/**
- * SSL_pending
+ * SSL_pending.
* @param ssl SSL pointer (SSL *)
- * @return
*/
public static native int pendingReadableBytesInSSL(long ssl);
/**
- * BIO_write
+ * BIO_write.
* @param bio
* @param wbuf
* @param wlen
- * @return
*/
public static native int writeToBIO(long bio, long wbuf, int wlen);
/**
- * BIO_read
+ * BIO_read.
* @param bio
* @param rbuf
* @param rlen
- * @return
*/
public static native int readFromBIO(long bio, long rbuf, int rlen);
/**
- * SSL_write
+ * SSL_write.
* @param ssl the SSL instance (SSL *)
* @param wbuf
* @param wlen
- * @return
*/
public static native int writeToSSL(long ssl, long wbuf, int wlen);
@@ -443,14 +438,12 @@ public final class SSL {
* @param ssl the SSL instance (SSL *)
* @param rbuf
* @param rlen
- * @return
*/
public static native int readFromSSL(long ssl, long rbuf, int rlen);
/**
* SSL_get_shutdown
* @param ssl the SSL instance (SSL *)
- * @return
*/
public static native int getShutdown(long ssl);
@@ -495,27 +488,24 @@ public final class SSL {
/**
* SSL_shutdown
* @param ssl the SSL instance (SSL *)
- * @return
*/
public static native int shutdownSSL(long ssl);
/**
- * Get the error number representing the last error OpenSSL encountered on
this thread.
- * @return
+ * Get the error number representing the last error OpenSSL encountered on
+ * this thread.
*/
public static native int getLastErrorNumber();
/**
- * SSL_get_cipher
+ * SSL_get_cipher.
* @param ssl the SSL instance (SSL *)
- * @return
*/
public static native String getCipherForSSL(long ssl);
/**
* SSL_get_version
* @param ssl the SSL instance (SSL *)
- * @return
*/
public static native String getVersion(long ssl);
@@ -526,16 +516,14 @@ public final class SSL {
public static native int doHandshake(long ssl);
/**
- * SSL_in_init
+ * SSL_in_init.
* @param SSL
- * @return
*/
public static native int isInInit(long SSL);
/**
* SSL_get0_next_proto_negotiated
* @param ssl the SSL instance (SSL *)
- * @return
*/
public static native String getNextProtoNegotiated(long ssl);
@@ -546,7 +534,6 @@ public final class SSL {
/**
* SSL_get0_alpn_selected
* @param ssl the SSL instance (SSL *)
- * @return
*/
public static native String getAlpnSelected(long ssl);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686389 - /tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Author: markt
Date: Fri Jun 19 11:20:46 2015
New Revision: 1686389
URL: http://svn.apache.org/r1686389
Log:
Remove commented out Ciphers
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java?rev=1686389&r1=1686388&r2=1686389&view=diff
==
---
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Fri Jun 19 11:20:46 2015
@@ -36,17 +36,7 @@ public class TesterOpenSSL {
Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
// The following ciphers are not implemented in an OpenSSL
// version
-Cipher.TLS_DHE_DSS_WITH_RC4_128_SHA,
Cipher.SSL_CK_RC2_128_CBC_WITH_MD5,
-Cipher.SSL_FORTEZZA_DMS_WITH_NULL_SHA,
-Cipher.SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
-Cipher.SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,
-Cipher.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-Cipher.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-Cipher.TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-Cipher.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-Cipher.TLS_RSA_EXPORT1024_WITH_RC4_56_MD5,
// The following are not implemented in 1.1.x onwards. They
// are implemented in 1.0.x and earlier
Cipher.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
@@ -54,7 +44,6 @@ public class TesterOpenSSL {
Cipher.SSL2_DES_64_CBC_WITH_MD5,
Cipher.SSL2_DES_192_EDE3_CBC_WITH_MD5,
Cipher.SSL2_IDEA_128_CBC_WITH_MD5,
-Cipher.SSL2_RC2_CBC_128_CBC_WITH_MD5,
Cipher.SSL2_RC4_128_EXPORT40_WITH_MD5,
// The following have been removed from OpenSSL on
2015-05-23
Cipher.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1414 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686389 Blamelist: markt BUILD FAILED: exception upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686397 - /tomcat/native/trunk/native/src/sslnetwork.c
Author: jfclere
Date: Fri Jun 19 12:28:11 2015
New Revision: 1686397
URL: http://svn.apache.org/r1686397
Log:
Add missing initialization.
Modified:
tomcat/native/trunk/native/src/sslnetwork.c
Modified: tomcat/native/trunk/native/src/sslnetwork.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=1686397&r1=1686396&r2=1686397&view=diff
==
--- tomcat/native/trunk/native/src/sslnetwork.c (original)
+++ tomcat/native/trunk/native/src/sslnetwork.c Fri Jun 19 12:28:11 2015
@@ -141,6 +141,9 @@ static tcn_ssl_conn_t *ssl_create(JNIEnv
SSL_set_app_data(ssl, (void *)con);
+/* store for later usage in SSL_callback_SSL_verify */
+SSL_set_app_data2(ssl, ctx);
+
if (ctx->mode) {
/*
* Configure callbacks for SSL connection
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686409 - in /tomcat/trunk/java/org/apache/tomcat/util/net: SNIExtractor.java SecureNio2Channel.java SecureNioChannel.java TLSClientHelloExtractor.java
Author: markt
Date: Fri Jun 19 13:24:27 2015
New Revision: 1686409
URL: http://svn.apache.org/r1686409
Log:
Rename since it is going to be used to extract more than just the SNI
information
Added:
tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
- copied, changed from r1686374,
tomcat/trunk/java/org/apache/tomcat/util/net/SNIExtractor.java
Removed:
tomcat/trunk/java/org/apache/tomcat/util/net/SNIExtractor.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1686409&r1=1686408&r2=1686409&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Fri Jun
19 13:24:27 2015
@@ -36,7 +36,7 @@ import javax.net.ssl.SSLException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
-import org.apache.tomcat.util.net.SNIExtractor.SNIResult;
+import org.apache.tomcat.util.net.TLSClientHelloExtractor.SNIResult;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -314,7 +314,7 @@ public class SecureNio2Channel extends N
return 1;
}
-SNIExtractor extractor = new SNIExtractor(netInBuffer);
+TLSClientHelloExtractor extractor = new
TLSClientHelloExtractor(netInBuffer);
while (extractor.getResult() == SNIResult.UNDERFLOW &&
netInBuffer.capacity() < endpoint.getSniParseLimit()) {
@@ -326,7 +326,7 @@ public class SecureNio2Channel extends N
netInBuffer = ByteBufferUtils.expand(netInBuffer, newLimit);
sc.read(netInBuffer);
-extractor = new SNIExtractor(netInBuffer);
+extractor = new TLSClientHelloExtractor(netInBuffer);
}
String hostName = null;
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1686409&r1=1686408&r2=1686409&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Fri Jun
19 13:24:27 2015
@@ -33,7 +33,7 @@ import javax.net.ssl.SSLException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
-import org.apache.tomcat.util.net.SNIExtractor.SNIResult;
+import org.apache.tomcat.util.net.TLSClientHelloExtractor.SNIResult;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -252,7 +252,7 @@ public class SecureNioChannel extends Ni
private int processSNI() throws IOException {
// Read some data into the network input buffer so we can peek at it.
sc.read(netInBuffer);
-SNIExtractor extractor = new SNIExtractor(netInBuffer);
+TLSClientHelloExtractor extractor = new
TLSClientHelloExtractor(netInBuffer);
while (extractor.getResult() == SNIResult.UNDERFLOW &&
netInBuffer.capacity() < endpoint.getSniParseLimit()) {
@@ -264,7 +264,7 @@ public class SecureNioChannel extends Ni
netInBuffer = ByteBufferUtils.expand(netInBuffer, newLimit);
sc.read(netInBuffer);
-extractor = new SNIExtractor(netInBuffer);
+extractor = new TLSClientHelloExtractor(netInBuffer);
}
String hostName = null;
Copied:
tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java (from
r1686374, tomcat/trunk/java/org/apache/tomcat/util/net/SNIExtractor.java)
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java?p2=tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java&p1=tomcat/trunk/java/org/apache/tomcat/util/net/SNIExtractor.java&r1=1686374&r2=1686409&rev=1686409&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SNIExtractor.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
Fri Jun 19 13:24:27 2015
@@ -26,10 +26,10 @@ import org.apache.tomcat.util.res.String
/**
* This class extracts the SNI host name from a TLS client-hello message.
*/
-public class SNIExtractor {
+public class TLSClientHelloExtractor {
-private static final Log log = LogFactory.getLog(SNIExtractor.class);
-private static final StringManager sm =
StringManager.getManager(SNIEx
svn commit: r1686410 - in /tomcat/trunk/java/org/apache/tomcat/util/net: SecureNio2Channel.java SecureNioChannel.java TLSClientHelloExtractor.java
Author: markt
Date: Fri Jun 19 13:26:52 2015
New Revision: 1686410
URL: http://svn.apache.org/r1686410
Log:
More renaming since the extractor will be used to extract more than just the
SNI information
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1686410&r1=1686409&r2=1686410&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Fri Jun
19 13:26:52 2015
@@ -36,7 +36,7 @@ import javax.net.ssl.SSLException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
-import org.apache.tomcat.util.net.TLSClientHelloExtractor.SNIResult;
+import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -316,7 +316,7 @@ public class SecureNio2Channel extends N
TLSClientHelloExtractor extractor = new
TLSClientHelloExtractor(netInBuffer);
-while (extractor.getResult() == SNIResult.UNDERFLOW &&
+while (extractor.getResult() == ExtractorResult.UNDERFLOW &&
netInBuffer.capacity() < endpoint.getSniParseLimit()) {
// extractor needed more data to process but netInBuffer was full
so
// expand the buffer and read some more data.
@@ -331,7 +331,7 @@ public class SecureNio2Channel extends N
String hostName = null;
switch (extractor.getResult()) {
-case FOUND:
+case COMPLETE:
hostName = extractor.getSNIValue();
break;
case NOT_PRESENT:
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1686410&r1=1686409&r2=1686410&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Fri Jun
19 13:26:52 2015
@@ -33,7 +33,7 @@ import javax.net.ssl.SSLException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
-import org.apache.tomcat.util.net.TLSClientHelloExtractor.SNIResult;
+import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -254,7 +254,7 @@ public class SecureNioChannel extends Ni
sc.read(netInBuffer);
TLSClientHelloExtractor extractor = new
TLSClientHelloExtractor(netInBuffer);
-while (extractor.getResult() == SNIResult.UNDERFLOW &&
+while (extractor.getResult() == ExtractorResult.UNDERFLOW &&
netInBuffer.capacity() < endpoint.getSniParseLimit()) {
// extractor needed more data to process but netInBuffer was full
so
// expand the buffer and read some more data.
@@ -269,7 +269,7 @@ public class SecureNioChannel extends Ni
String hostName = null;
switch (extractor.getResult()) {
-case FOUND:
+case COMPLETE:
hostName = extractor.getSNIValue();
break;
case NOT_PRESENT:
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java?rev=1686410&r1=1686409&r2=1686410&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
Fri Jun 19 13:26:52 2015
@@ -31,7 +31,7 @@ public class TLSClientHelloExtractor {
private static final Log log =
LogFactory.getLog(TLSClientHelloExtractor.class);
private static final StringManager sm =
StringManager.getManager(TLSClientHelloExtractor.class);
-private final SNIResult result;
+private final ExtractorResult result;
private final String sniValue;
private static final int TLS_RECORD_HEADER_LEN = 5;
@@ -53,7 +53,7 @@ public class TLSClientHelloExtractor {
// the buffer state can be restored at the end of this method.
int pos = netInBuffer.position();
int limit = netInBuffer.limit();
-SNIResult result = SNIResult.NOT_PRESENT;
+ExtractorResult
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1415 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686410 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686415 - /tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
Author: markt
Date: Fri Jun 19 13:40:57 2015
New Revision: 1686415
URL: http://svn.apache.org/r1686415
Log:
Also extract cipher suites from TLS client-hello. Will be used to support
multiple certificate types per virtual host.
Untested.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java?rev=1686415&r1=1686414&r2=1686415&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
Fri Jun 19 13:40:57 2015
@@ -18,9 +18,12 @@ package org.apache.tomcat.util.net;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.net.jsse.openssl.Cipher;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -32,6 +35,7 @@ public class TLSClientHelloExtractor {
private static final StringManager sm =
StringManager.getManager(TLSClientHelloExtractor.class);
private final ExtractorResult result;
+private final List clientRequestedCiphers;
private final String sniValue;
private static final int TLS_RECORD_HEADER_LEN = 5;
@@ -54,6 +58,7 @@ public class TLSClientHelloExtractor {
int pos = netInBuffer.position();
int limit = netInBuffer.limit();
ExtractorResult result = ExtractorResult.NOT_PRESENT;
+List clientRequestedCiphers = null;
String sniValue = null;
try {
// Switch to read mode.
@@ -92,8 +97,16 @@ public class TLSClientHelloExtractor {
skipBytes(netInBuffer, 32);
// Session ID (single byte for length)
skipBytes(netInBuffer, (netInBuffer.get() & 0xFF));
-// Cipher Suites (2 bytes for length)
-skipBytes(netInBuffer, (netInBuffer.getChar()));
+
+// Cipher Suites
+// (2 bytes for length, each cipher ID is 2 bytes)
+int cipherCount = netInBuffer.getChar() / 2;
+clientRequestedCiphers = new ArrayList<>(cipherCount);
+for (int i = 0; i < cipherCount; i++) {
+int cipherId = netInBuffer.getChar();
+clientRequestedCiphers.add(Cipher.valueOf(cipherId));
+}
+
// Compression methods (single byte for length)
skipBytes(netInBuffer, (netInBuffer.get() & 0xFF));
@@ -113,6 +126,7 @@ public class TLSClientHelloExtractor {
}
} finally {
this.result = result;
+this.clientRequestedCiphers = clientRequestedCiphers;
this.sniValue = sniValue;
// Whatever happens, return the buffer to its original state
netInBuffer.limit(limit);
@@ -132,6 +146,15 @@ public class TLSClientHelloExtractor {
} else {
throw new IllegalStateException();
}
+}
+
+
+public List getClientRequestedCiphers() {
+if (result == ExtractorResult.COMPLETE) {
+return clientRequestedCiphers;
+} else {
+throw new IllegalStateException();
+}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58055] New: initConnectionSqls property of Resource inside context.xml has issues when Oracle is used as database server
https://bz.apache.org/bugzilla/show_bug.cgi?id=58055
Bug ID: 58055
Summary: initConnectionSqls property of Resource inside
context.xml has issues when Oracle is used as database
server
Product: Tomcat 7
Version: 7.0.62
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: dhryvas...@serena.com
Hi -
We are using Tobcat as our application server and have some problems with
context.xml. There are some actions that we want to do in the database when new
connection is established. SQL query that we want to run is "BEGIN
DBMS_SESSION.SET_IDENTIFIER('SBM_TOMCAT'); END;". To do this, we have added
property initConnectionSqls to the Resource object in context.xml. But ";"
(semicolon) efore the END are treated as a separator between different SQL
queries and cut version of query is sent to Oracle. Oracle in turn reports an
error:
org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create
PoolableConnectionFactory (ORA-06550: line 1, column 47:
PLS-00103: Encountered the symbol "end-of-file" when expecting one of the
following:
:= . ( % ;
)
at
org.apache.tomcat.dbcp.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549)
...
We tried to change our SQL to something that does not contain ";", for example
"EXEC DBMS_SESSION.SET_IDENTIFIER('SBM_TOMCAT');", but got another error:
Caused by: java.sql.SQLException: ORA-00900: invalid SQL statement.
The interesting thing is that both SQL queries are working fine if to run them
from Oracle SQL Developer.
Another fact is that the same functionality with the same SQL is working fine
on Jboss (we are now moving from Jboss to Tomcat and faced with such a
problem).
Please, help us to fix it or at least find workaround for it.
Thanks,
Denys
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58055] initConnectionSqls property of Resource inside context.xml has issues when Oracle is used as database server
https://bz.apache.org/bugzilla/show_bug.cgi?id=58055 Mark Thomas changed: What|Removed |Added Resolution|--- |MOVED OS||All Status|NEW |RESOLVED --- Comment #1 from Mark Thomas --- You need to raise this issue against Commons DBCP (https://issues.apache.org/jira/browse/DBCP) since Tomcat uses a packaged renamed (to avoid conflicts) copy of Commons DBCP to provide database connection pooling. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686421 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AbstractJsseEndpoint.java SecureNio2Channel.java SecureNioChannel.java
Author: markt
Date: Fri Jun 19 14:17:43 2015
New Revision: 1686421
URL: http://svn.apache.org/r1686421
Log:
Some plumbing for supporting multiple certificate types for a virtual host
Incomplete and untested
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1686421&r1=1686420&r2=1686421&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Fri
Jun 19 14:17:43 2015
@@ -16,11 +16,14 @@
*/
package org.apache.tomcat.util.net;
+import java.util.List;
+
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
import org.apache.tomcat.util.net.SSLHostConfig.Type;
+import org.apache.tomcat.util.net.jsse.openssl.Cipher;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
public abstract class AbstractJsseEndpoint extends AbstractEndpoint {
@@ -87,7 +90,7 @@ public abstract class AbstractJsseEndpoi
}
-protected SSLEngine createSSLEngine(String sniHostName) {
+protected SSLEngine createSSLEngine(String sniHostName, List
clientRequestedCiphers) {
SSLHostConfig sslHostConfig = getSSLHostConfig(sniHostName);
SSLContextWrapper sslContextWrapper = (SSLContextWrapper)
sslHostConfig.getSslContext();
if (sslContextWrapper == null) {
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1686421&r1=1686420&r2=1686421&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Fri Jun
19 14:17:43 2015
@@ -22,6 +22,7 @@ import java.nio.ByteBuffer;
import java.nio.channels.AsynchronousSocketChannel;
import java.nio.channels.CompletionHandler;
import java.nio.channels.WritePendingException;
+import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
@@ -37,6 +38,7 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult;
+import org.apache.tomcat.util.net.jsse.openssl.Cipher;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -330,9 +332,11 @@ public class SecureNio2Channel extends N
}
String hostName = null;
+List clientRequestedCiphers = null;
switch (extractor.getResult()) {
case COMPLETE:
hostName = extractor.getSNIValue();
+clientRequestedCiphers = extractor.getClientRequestedCiphers();
break;
case NOT_PRESENT:
// NO-OP
@@ -353,7 +357,7 @@ public class SecureNio2Channel extends N
log.debug(sm.getString("channel.nio.ssl.sniHostName", hostName));
}
-sslEngine = endpoint.createSSLEngine(hostName);
+sslEngine = endpoint.createSSLEngine(hostName, clientRequestedCiphers);
// Ensure the application buffers (which have to be created earlier)
are
// big enough.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1686421&r1=1686420&r2=1686421&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Fri Jun
19 14:17:43 2015
@@ -23,6 +23,7 @@ import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
+import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
@@ -34,6 +35,7 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult;
+import org.apache.tomcat.util.net.jsse.openssl.Cipher;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -268,9 +270,11 @@ public class SecureNioChannel extends Ni
}
String hostName = null;
svn commit: r1686424 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/openssl/ webapps/docs/config/
Author: markt
Date: Fri Jun 19 14:29:03 2015
New Revision: 1686424
URL: http://svn.apache.org/r1686424
Log:
Remove support for certificateChainFile. httpd has deprecated it and it doesn't
play nicely with multiple certificate types.
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
tomcat/trunk/webapps/docs/config/http.xml
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1686424&r1=1686423&r2=1686424&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Fri
Jun 19 14:29:03 2015
@@ -574,12 +574,6 @@ public abstract class AbstractHttp11Prot
}
-public void setSSLCertificateChainFile(String certificateChainFile) {
-registerDefaultSSLHostConfig();
-defaultSSLHostConfig.setCertificateChainFile(certificateChainFile);
-}
-
-
public void setSSLCACertificatePath(String caCertificatePath) {
registerDefaultSSLHostConfig();
defaultSSLHostConfig.setCaCertificatePath(caCertificatePath);
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1686424&r1=1686423&r2=1686424&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri Jun 19
14:29:03 2015
@@ -500,10 +500,6 @@ public class AprEndpoint extends Abstrac
SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateFile()),
SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateKeyFile()),
sslHostConfig.getCertificateKeyPassword(),
SSL.SSL_AIDX_RSA);
-// Set certificate chain file
-SSLContext.setCertificateChainFile(ctx,
-
SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateChainFile()),
-false);
// Support Client Certificates
SSLContext.setCACertificate(ctx,
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1686424&r1=1686423&r2=1686424&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Fri Jun 19
14:29:03 2015
@@ -88,7 +88,6 @@ public class SSLHostConfig {
private String truststoreProvider =
System.getProperty("javax.net.ssl.trustStoreProvider");
private String truststoreType =
System.getProperty("javax.net.ssl.trustStoreType");
// OpenSSL
-private String certificateChainFile;
private String certificateFile;
private String certificateKeyFile;
private String certificateRevocationListPath;
@@ -476,17 +475,6 @@ public class SSLHostConfig {
// --- OpenSSL specific configuration
properties
-public void setCertificateChainFile(String certificateChainFile) {
-setProperty("certificateChainFile", Type.OPENSSL);
-this.certificateChainFile = certificateChainFile;
-}
-
-
-public String getCertificateChainFile() {
-return certificateChainFile;
-}
-
-
public void setCertificateFile(String certificateFile) {
setProperty("certificateFile", Type.OPENSSL);
this.certificateFile = certificateFile;
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1686424&r1=1686423&r2=1686424&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Fri Jun 19 14:29:03 2015
@@ -306,10 +306,6 @@ public class OpenSSLContext implements o
SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateFile()),
SSLHostConfig.adjustRelativePath(sslHostConfig.
svn commit: r1686425 - /tomcat/trunk/webapps/docs/config/http.xml
Author: markt Date: Fri Jun 19 14:30:10 2015 New Revision: 1686425 URL: http://svn.apache.org/r1686425 Log: Additional reference missed in r1686424 Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1686425&r1=1686424&r2=1686425&view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Fri Jun 19 14:30:10 2015 @@ -1535,12 +1535,6 @@ SSLHostConfig element. - - This is an alias for the certificateChainFile - attribute of the default - SSLHostConfig element. - - This is an alias for the certificateFile attribute of the default SSLHostConfig - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58056] New: FastHttpDateFormat.formats - non-synchronised access to SimpleDateFormat
https://bz.apache.org/bugzilla/show_bug.cgi?id=58056 Bug ID: 58056 Summary: FastHttpDateFormat.formats - non-synchronised access to SimpleDateFormat Product: Tomcat 9 Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: s...@apache.org The array FastHttpDateFormat.formats contains several SimpleDateFormat entries. These are passed to internalParseDate and used without synchronisation unless the caller provides their own threadLocal array to the public method parseDate. I've not checked to see whether parse is ever called with threadLocal == null, but given that the code allows this, it really ought to synchronise the access to the local SDF entries. Also the parseDate Javadoc really ought to document the parameters... -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686432 - /tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
Author: remm
Date: Fri Jun 19 15:16:51 2015
New Revision: 1686432
URL: http://svn.apache.org/r1686432
Log:
Remove unused shared formats.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java?rev=1686432&r1=1686431&r2=1686432&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java Fri
Jun 19 15:16:51 2015
@@ -49,16 +49,6 @@ public final class FastHttpDateFormat {
new SimpleDateFormat(RFC1123_DATE, Locale.US);
-/**
- * The set of SimpleDateFormat formats to use in getDateHeader().
- */
-private static final SimpleDateFormat formats[] = {
-new SimpleDateFormat(RFC1123_DATE, Locale.US),
-new SimpleDateFormat("EE, dd-MMM-yy HH:mm:ss zzz", Locale.US),
-new SimpleDateFormat("EEE d HH:mm:ss ", Locale.US)
-};
-
-
private static final TimeZone gmtZone = TimeZone.getTimeZone("GMT");
@@ -66,13 +56,7 @@ public final class FastHttpDateFormat {
* GMT timezone - all HTTP dates are on GMT
*/
static {
-
format.setTimeZone(gmtZone);
-
-formats[0].setTimeZone(gmtZone);
-formats[1].setTimeZone(gmtZone);
-formats[2].setTimeZone(gmtZone);
-
}
@@ -166,9 +150,6 @@ public final class FastHttpDateFormat {
if (threadLocalformats != null) {
date = internalParseDate(value, threadLocalformats);
updateParseCache(value, date);
-} else {
-date = internalParseDate(value, formats);
-updateParseCache(value, date);
}
if (date == null) {
return (-1L);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1419 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686432 Blamelist: remm BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58057] New: Inc
https://bz.apache.org/bugzilla/show_bug.cgi?id=58057 Bug ID: 58057 Summary: Inc Product: Tomcat Native Version: unspecified Hardware: PC OS: Mac OS X 10.4 Status: NEW Severity: normal Priority: P2 Component: Library Assignee: dev@tomcat.apache.org Reporter: s...@apache.org -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58053] Use loop rather than assuming the size of the array won't change
https://bz.apache.org/bugzilla/show_bug.cgi?id=58053 Remy Maucherat changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Remy Maucherat --- The formats field was unused, so the code is removed. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58056] FastHttpDateFormat.formats - non-synchronised access to SimpleDateFormat
https://bz.apache.org/bugzilla/show_bug.cgi?id=58056 Remy Maucherat changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #1 from Remy Maucherat --- The formats field was unused, so the code is removed. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1681300 - in /tomcat/native/trunk: build.properties.default build.xml java/ java/org/ java/org/apache/ java/org/apache/tomcat/ java/org/apache/tomcat/Apr.java java/org/apache/tomcat/a
On 23 May 2015 at 10:44, wrote:
> Author: rjung
> Date: Sat May 23 09:44:41 2015
> New Revision: 1681300
>
> URL: http://svn.apache.org/r1681300
> Log:
> Make tcnative trunk more consistent with 1.1 branch:
>
> - use externals for jni Java classes, but here
> pointing to TC trunk
>
> - remove download and copy targets for jni
> Java classes in build script
>
> - add Apr.java and apr.properties from 1.1a
>
> In addition:
> - use Java 8 in trunk
Is Java 8 really necessary?
If so README.txt needs to be updated.
> - expect next version to be 1.2 instead of 2.0
>
> Added:
> tomcat/native/trunk/java/
> tomcat/native/trunk/java/org/
> tomcat/native/trunk/java/org/apache/
> tomcat/native/trunk/java/org/apache/tomcat/ (with props)
> tomcat/native/trunk/java/org/apache/tomcat/Apr.java (with props)
> tomcat/native/trunk/java/org/apache/tomcat/apr.properties (with props)
> Modified:
> tomcat/native/trunk/build.properties.default
> tomcat/native/trunk/build.xml
>
> Modified: tomcat/native/trunk/build.properties.default
> URL:
> http://svn.apache.org/viewvc/tomcat/native/trunk/build.properties.default?rev=1681300&r1=1681299&r2=1681300&view=diff
> ==
> --- tomcat/native/trunk/build.properties.default (original)
> +++ tomcat/native/trunk/build.properties.default Sat May 23 09:44:41 2015
> @@ -16,8 +16,8 @@
> #
>
> # - Version Control Flags -
> -version.major=2
> -version.minor=0
> +version.major=1
> +version.minor=2
> version.build=0
> version.patch=0
> version.suffix=-dev
> @@ -30,8 +30,8 @@ base.path=/usr/share/java
> #base.path=C:/path/to/the/repository
> #base.path=/usr/local
>
> -compile.source=1.4
> -compile.target=1.4
> +compile.source=1.8
> +compile.target=1.8
> compile.debug=off
> compile.deprecation=on
> compile.optimize=on
> @@ -39,16 +39,6 @@ compile.optimize=on
> base-tomcat.loc=http://archive.apache.org/dist/tomcat
> base-sf.loc=http://downloads.sourceforge.net
>
> -# - Tomcat native Java sources -
> -# The Tomcat 6 version we use for getting the Java sources
> -tomcat.version=6.0.20
> -# The directory containing your source distribution of Tomcat
> -# It will be automatically downloaded if it doesn't exist
> -tomcat.src=${base.path}/apache-tomcat-${tomcat.version}-src
> -#tomcat.src=/usr/local/apache-tomcat-${tomcat.version}-src
> -# The URL used to download Tomcat if needed
> -tomcat.loc=${base-tomcat.loc}/tomcat-6/v${tomcat.version}/src/apache-tomcat-${tomcat.version}-src.tar.gz
> -
> # - JUnit Unit Test Suite, version 3.8 or later -
> # The JUnit version we will use
> junit.version=3.8.2
>
> Modified: tomcat/native/trunk/build.xml
> URL:
> http://svn.apache.org/viewvc/tomcat/native/trunk/build.xml?rev=1681300&r1=1681299&r2=1681300&view=diff
> ==
> --- tomcat/native/trunk/build.xml (original)
> +++ tomcat/native/trunk/build.xml Sat May 23 09:44:41 2015
> @@ -31,8 +31,8 @@
>
>
>
> -
> -
> +
> +
>
>
>
> @@ -54,8 +54,8 @@
>
>
>
> -
> -
> +
> +
>
>
>
> @@ -153,10 +153,6 @@
>
>
>
> -
> -
> -
> -
>
>
>
> @@ -215,12 +211,6 @@ limitations under the License.-->">
>
>
>
> -
> -
> - dir="${base.path}/apache-tomcat-${tomcat.version}-src/java">
> -
> -
> -
>
>
>
>
> Propchange: tomcat/native/trunk/java/org/apache/tomcat/
> --
> --- svn:externals (added)
> +++ svn:externals Sat May 23 09:44:41 2015
> @@ -0,0 +1 @@
> +^/tomcat/trunk/java/org/apache/tomcat/jni@1678592 jni
>
> Added: tomcat/native/trunk/java/org/apache/tomcat/Apr.java
> URL:
> http://svn.apache.org/viewvc/tomcat/native/trunk/java/org/apache/tomcat/Apr.java?rev=1681300&view=auto
> ==
> --- tomcat/native/trunk/java/org/apache/tomcat/Apr.java (added)
> +++ tomcat/native/trunk/java/org/apache/tomcat/Apr.java Sat May 23 09:44:41
> 2015
> @@ -0,0 +1,41 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one or more
> + * contributor license agreements. See the NOTICE file distributed with
> + * this work for additional information regarding copyright ownership.
> + * The ASF licenses this file to You under the Apache License, Version 2.0
> + * (the "License"); you may not use this file except in compliance with
> + * the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS"
[Bug 58057] Inc
https://bz.apache.org/bugzilla/show_bug.cgi?id=58057 Sebb changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Sebb --- Sorry, thought I pressed cancel... -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1686432 - /tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
On 19 June 2015 at 16:16, wrote:
> Author: remm
> Date: Fri Jun 19 15:16:51 2015
> New Revision: 1686432
>
> URL: http://svn.apache.org/r1686432
> Log:
> Remove unused shared formats.
>
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
>
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java?rev=1686432&r1=1686431&r2=1686432&view=diff
> ==
> --- tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
> (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java Fri
> Jun 19 15:16:51 2015
> @@ -49,16 +49,6 @@ public final class FastHttpDateFormat {
> new SimpleDateFormat(RFC1123_DATE, Locale.US);
>
>
> -/**
> - * The set of SimpleDateFormat formats to use in getDateHeader().
> - */
> -private static final SimpleDateFormat formats[] = {
> -new SimpleDateFormat(RFC1123_DATE, Locale.US),
> -new SimpleDateFormat("EE, dd-MMM-yy HH:mm:ss zzz", Locale.US),
> -new SimpleDateFormat("EEE d HH:mm:ss ", Locale.US)
> -};
> -
> -
> private static final TimeZone gmtZone = TimeZone.getTimeZone("GMT");
>
>
> @@ -66,13 +56,7 @@ public final class FastHttpDateFormat {
> * GMT timezone - all HTTP dates are on GMT
> */
> static {
> -
> format.setTimeZone(gmtZone);
> -
> -formats[0].setTimeZone(gmtZone);
> -formats[1].setTimeZone(gmtZone);
> -formats[2].setTimeZone(gmtZone);
> -
> }
>
>
> @@ -166,9 +150,6 @@ public final class FastHttpDateFormat {
> if (threadLocalformats != null) {
Does it make sense to allow null?
It won't crash, but it won't return anything useful (unless some other
caller has populated the relevant cache entry).
I would have thought it might be more useful to throw an IAE / NPE at
the start of the method if the parameter is null.
> date = internalParseDate(value, threadLocalformats);
> updateParseCache(value, date);
> -} else {
> -date = internalParseDate(value, formats);
> -updateParseCache(value, date);
> }
> if (date == null) {
> return (-1L);
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686442 - /tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
Author: remm
Date: Fri Jun 19 16:06:55 2015
New Revision: 1686442
URL: http://svn.apache.org/r1686442
Log:
Add IAE, although it cannot happen.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java?rev=1686442&r1=1686441&r2=1686442&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java Fri
Jun 19 16:06:55 2015
@@ -145,6 +145,9 @@ public final class FastHttpDateFormat {
if (cachedDate != null) {
return cachedDate.longValue();
}
+if (threadLocalformats == null) {
+throw new IllegalArgumentException();
+}
Long date = null;
if (threadLocalformats != null) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1420 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686442 Blamelist: remm Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58058] New: Library _instance needs to be volatile
https://bz.apache.org/bugzilla/show_bug.cgi?id=58058 Bug ID: 58058 Summary: Library _instance needs to be volatile Product: Tomcat Native Version: unspecified Hardware: PC OS: Mac OS X 10.4 Status: NEW Severity: normal Priority: P2 Component: Library Assignee: dev@tomcat.apache.org Reporter: s...@apache.org The static field Library._instance is mutable but access is not synchronised and the field is not volatile. There is no guarantee that the write by one thread will be seen by another in a timely manner (or at all) - i.e. the field is not safely published. The other fields are also not safely published for the same reason. Possible consequences: - init can be performed more than once - reader thread may see partial setup of static variables Making the _instance field volatile would prevent double init, but would not ensure safe publication of the other static fields. Otherwise the Library class is only safe to use from a single thread. It's possible that one could use some form of IODH (*) to avoid the need for synch. (*) https://en.wikipedia.org/wiki/Initialization-on-demand_holder_idiom -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1686442 - /tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
On 19 June 2015 at 17:06, wrote:
> Author: remm
> Date: Fri Jun 19 16:06:55 2015
> New Revision: 1686442
>
> URL: http://svn.apache.org/r1686442
> Log:
> Add IAE, although it cannot happen.
>
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
>
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java?rev=1686442&r1=1686441&r2=1686442&view=diff
> ==
> --- tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
> (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java Fri
> Jun 19 16:06:55 2015
> @@ -145,6 +145,9 @@ public final class FastHttpDateFormat {
> if (cachedDate != null) {
> return cachedDate.longValue();
> }
> +if (threadLocalformats == null) {
> +throw new IllegalArgumentException();
> +}
>
> Long date = null;
> if (threadLocalformats != null) {
The condition will now always be true, so can be eliminated.
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686445 - /tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
Author: remm
Date: Fri Jun 19 16:37:49 2015
New Revision: 1686445
URL: http://svn.apache.org/r1686445
Log:
Cleanup.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java?rev=1686445&r1=1686444&r2=1686445&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/FastHttpDateFormat.java Fri
Jun 19 16:37:49 2015
@@ -145,14 +145,13 @@ public final class FastHttpDateFormat {
if (cachedDate != null) {
return cachedDate.longValue();
}
-if (threadLocalformats == null) {
-throw new IllegalArgumentException();
-}
Long date = null;
if (threadLocalformats != null) {
date = internalParseDate(value, threadLocalformats);
updateParseCache(value, date);
+} else {
+throw new IllegalArgumentException();
}
if (date == null) {
return (-1L);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686483 - in /tomcat/trunk: java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ java/org/apache/tomcat/util/net/openssl/ test/org/apache/tomcat/util/net/jsse/
Author: markt
Date: Fri Jun 19 19:11:11 2015
New Revision: 1686483
URL: http://svn.apache.org/r1686483
Log:
Some more plumbing to support multiple certificates per virtual host
Added:
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
(with props)
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1686483&r1=1686482&r2=1686483&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Fri
Jun 19 19:11:11 2015
@@ -74,17 +74,19 @@ public abstract class AbstractJsseEndpoi
sslImplementation =
SSLImplementation.getInstance(getSslImplementationName());
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
-SSLUtil sslUtil = sslImplementation.getSSLUtil(sslHostConfig);
+for (SSLHostConfigCertificate certificate :
sslHostConfig.getCertificates(true)) {
+SSLUtil sslUtil =
sslImplementation.getSSLUtil(sslHostConfig, certificate);
-SSLContext sslContext = sslUtil.createSSLContext();
-sslContext.init(sslUtil.getKeyManagers(),
sslUtil.getTrustManagers(), null);
+SSLContext sslContext = sslUtil.createSSLContext();
+sslContext.init(sslUtil.getKeyManagers(),
sslUtil.getTrustManagers(), null);
-SSLSessionContext sessionContext =
sslContext.getServerSessionContext();
-if (sessionContext != null) {
-sslUtil.configureSessionContext(sessionContext);
+SSLSessionContext sessionContext =
sslContext.getServerSessionContext();
+if (sessionContext != null) {
+sslUtil.configureSessionContext(sessionContext);
+}
+SSLContextWrapper sslContextWrapper = new
SSLContextWrapper(sslContext, sslUtil);
+sslHostConfig.setSslContext(sslContextWrapper);
}
-SSLContextWrapper sslContextWrapper = new
SSLContextWrapper(sslContext, sslUtil);
-sslHostConfig.setSslContext(sslContextWrapper);
}
}
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1686483&r1=1686482&r2=1686483&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri Jun 19
19:11:11 2015
@@ -368,179 +368,181 @@ public class AprEndpoint extends Abstrac
if (isSSLEnabled()) {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
-if
(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateFile()) == null) {
-// This is required
-throw new
Exception(sm.getString("endpoint.apr.noSslCertFile"));
-}
-
-// SSL protocol
-int value = SSL.SSL_PROTOCOL_NONE;
-if (sslHostConfig.getProtocols().size() == 0) {
-// Native fallback used if protocols=""
-value = SSL.SSL_PROTOCOL_ALL;
-} else {
-for (String protocol : sslHostConfig.getProtocols()) {
-if
(Constants.SSL_PROTO_SSLv2Hello.equalsIgnoreCase(protocol)) {
-// NO-OP. OpenSSL always supports SSLv2Hello
-} else if
(Constants.SSL_PROTO_SSLv2.equalsIgnoreCase(protocol)) {
-value |= SSL.SSL_PROTOCOL_SSLV2;
-} else if
(Constants.SSL_PROTO_SSLv3.equalsIgnoreCase(protocol)) {
-value |= SSL.SSL_PROTOCOL_SSLV3;
-} else if
(Con
svn commit: r1686484 - /tomcat/trunk/webapps/docs/config/http.xml
Author: markt Date: Fri Jun 19 19:14:08 2015 New Revision: 1686484 URL: http://svn.apache.org/r1686484 Log: These fields have defaults so they are not required Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1686484&r1=1686483&r2=1686484&view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Fri Jun 19 19:14:08 2015 @@ -1030,7 +1030,7 @@ be concatenated to the certificate file. - + JSSE only. The alias used for the server key and certificate in the keystore. If not specified, the first key read from the keystore will be used. The @@ -1076,7 +1076,7 @@ changeit will be used. - + JSSE only. The name of the keystore provider to be used for the server certificate. If not specified, the value of the system property @@ -1087,7 +1087,7 @@ - + JSSE only. The type of keystore file to be used for the server certificate. If not specified, the value of the system property - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686490 - in /tomcat/trunk/java/org/apache/tomcat/util/net: SSLHostConfig.java SSLHostConfigCertificate.java jsse/JSSESocketFactory.java
Author: markt
Date: Fri Jun 19 19:38:20 2015
New Revision: 1686490
URL: http://svn.apache.org/r1686490
Log:
Complete the JSSE configuration plumbing for multiple certificates per virtual
host
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1686490&r1=1686489&r2=1686490&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Fri Jun 19
19:38:20 2015
@@ -75,11 +75,6 @@ public class SSLHostConfig {
private boolean honorCipherOrder = true;
private Set protocols = new HashSet<>();
// JSSE
-private String certificateKeyAlias;
-private String certificateKeystorePassword = "changeit";
-private String certificateKeystoreFile =
System.getProperty("user.home")+"/.keystore";
-private String certificateKeystoreProvider =
System.getProperty("javax.net.ssl.keyStoreProvider");
-private String certificateKeystoreType =
System.getProperty("javax.net.ssl.keyStoreType");
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
private int sessionCacheSize = 0;
private int sessionTimeout = 86400;
@@ -103,10 +98,6 @@ public class SSLHostConfig {
public SSLHostConfig() {
// Set defaults that can't be (easily) set when defining the fields.
setProtocols(Constants.SSL_PROTO_ALL);
-// Configure fall-back defaults if system property is not set.
-if (certificateKeystoreType == null) {
-certificateKeystoreType = "JKS";
-}
}
@@ -132,7 +123,7 @@ public class SSLHostConfig {
}
-private void setProperty(String name, Type configType) {
+void setProperty(String name, Type configType) {
if (this.configType == null) {
Set properties = configuredProperties.get(configType);
if (properties == null) {
@@ -153,8 +144,8 @@ public class SSLHostConfig {
private void registerDefaultCertificate() {
if (defaultCertificate == null) {
-defaultCertificate =
-new
SSLHostConfigCertificate(SSLHostConfigCertificate.Type.UNDEFINED);
+defaultCertificate = new SSLHostConfigCertificate(
+this, SSLHostConfigCertificate.Type.UNDEFINED);
certificates.add(defaultCertificate);
}
}
@@ -193,7 +184,7 @@ public class SSLHostConfig {
// - Common configuration
properties
-// TODO: All of these SSL setters can be removed once it is no longer
+// TODO: This certificate setter can be removed once it is no longer
// necessary to support the old configuration attributes (Tomcat 10?).
public void setCertificateKeyPassword(String certificateKeyPassword) {
@@ -344,58 +335,36 @@ public class SSLHostConfig {
// -- JSSE specific configuration
properties
-public void setCertificateKeyAlias(String certificateKeyAlias) {
-setProperty("certificateKeyAlias", Type.JSSE);
-this.certificateKeyAlias = certificateKeyAlias;
-}
-
+// TODO: These certificate setters can be removed once it is no longer
+// necessary to support the old configuration attributes (Tomcat 10?).
-public String getCertificateKeyAlias() {
-return certificateKeyAlias;
+public void setCertificateKeyAlias(String certificateKeyAlias) {
+registerDefaultCertificate();
+defaultCertificate.setCertificateKeyAlias(certificateKeyAlias);
}
public void setCertificateKeystoreFile(String certificateKeystoreFile) {
-setProperty("certificateKeystoreFile", Type.JSSE);
-this.certificateKeystoreFile = certificateKeystoreFile;
-}
-
-
-public String getCertificateKeystoreFile() {
-return certificateKeystoreFile;
+registerDefaultCertificate();
+defaultCertificate.setCertificateKeystoreFile(certificateKeystoreFile);
}
public void setCertificateKeystorePassword(String
certificateKeystorePassword) {
-setProperty("certificateKeystorePassword", Type.JSSE);
-this.certificateKeystorePassword = certificateKeystorePassword;
-}
-
-
-public String getCertificateKeystorePassword() {
-return certificateKeystorePassword;
+registerDefaultCertificate();
+
defaultCertificate.setCertificateKeystorePassword(certificateKeystorePassword);
}
public void setCertificateKeystoreProvider(String
certificateKeystoreProvider) {
-
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1423 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686490 Blamelist: markt BUILD FAILED: exception upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
tc-native and multiple certificates for a single virtual host
I'm looking at integrating multiple certificate support with APR/native and the new OpenSSLContext. I have a query about the following method that I hope those that have been working in this area recently will be able to answer. SSLContext.setCertificate(long ctx, String cert, String key, String password, int idx) The idx can either be 0 (RSA) or 1 (DSS). I know the tc-native enforces that idx is 0 or 1. Does it require that idx is 0 for RSA keys and 1 for DSS keys? How does one specify an ECC key? Thanks in advance, Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686497 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AprEndpoint.java LocalStrings.properties SSLHostConfig.java SSLHostConfigCertificate.java openssl/OpenSSLContext.java openssl/O
Author: markt
Date: Fri Jun 19 20:10:23 2015
New Revision: 1686497
URL: http://svn.apache.org/r1686497
Log:
Complete the OpenSSL configuration plumbing for multiple certificates per
virtual host
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1686497&r1=1686496&r2=1686497&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri Jun 19
20:10:23 2015
@@ -369,180 +369,189 @@ public class AprEndpoint extends Abstrac
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
for (SSLHostConfigCertificate certificate :
sslHostConfig.getCertificates(true)) {
-if
(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateFile()) == null) {
+if
(SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()) == null) {
// This is required
throw new
Exception(sm.getString("endpoint.apr.noSslCertFile"));
}
+}
+if (sslHostConfig.getCertificates().size() > 2) {
+// TODO: Can this limitation be removed?
+throw new
Exception(sm.getString("endpoint.apr.tooManyCertFiles"));
+}
-// SSL protocol
-int value = SSL.SSL_PROTOCOL_NONE;
-if (sslHostConfig.getProtocols().size() == 0) {
-// Native fallback used if protocols=""
-value = SSL.SSL_PROTOCOL_ALL;
-} else {
-for (String protocol : sslHostConfig.getProtocols()) {
-if
(Constants.SSL_PROTO_SSLv2Hello.equalsIgnoreCase(protocol)) {
-// NO-OP. OpenSSL always supports SSLv2Hello
-} else if
(Constants.SSL_PROTO_SSLv2.equalsIgnoreCase(protocol)) {
-value |= SSL.SSL_PROTOCOL_SSLV2;
-} else if
(Constants.SSL_PROTO_SSLv3.equalsIgnoreCase(protocol)) {
-value |= SSL.SSL_PROTOCOL_SSLV3;
-} else if
(Constants.SSL_PROTO_TLSv1.equalsIgnoreCase(protocol)) {
-value |= SSL.SSL_PROTOCOL_TLSV1;
-} else if
(Constants.SSL_PROTO_TLSv1_1.equalsIgnoreCase(protocol)) {
-value |= SSL.SSL_PROTOCOL_TLSV1_1;
-} else if
(Constants.SSL_PROTO_TLSv1_2.equalsIgnoreCase(protocol)) {
-value |= SSL.SSL_PROTOCOL_TLSV1_2;
-} else {
-// Protocol not recognized, fail to start as
it is safer than
-// continuing with the default which might
enable more than the
-// is required
-throw new Exception(sm.getString(
-"endpoint.apr.invalidSslProtocol",
protocol));
-}
+// SSL protocol
+int value = SSL.SSL_PROTOCOL_NONE;
+if (sslHostConfig.getProtocols().size() == 0) {
+// Native fallback used if protocols=""
+value = SSL.SSL_PROTOCOL_ALL;
+} else {
+for (String protocol : sslHostConfig.getProtocols()) {
+if
(Constants.SSL_PROTO_SSLv2Hello.equalsIgnoreCase(protocol)) {
+// NO-OP. OpenSSL always supports SSLv2Hello
+} else if
(Constants.SSL_PROTO_SSLv2.equalsIgnoreCase(protocol)) {
+value |= SSL.SSL_PROTOCOL_SSLV2;
+} else if
(Constants.SSL_PROTO_SSLv3.equalsIgnoreCase(protocol)) {
+value |= SSL.SSL_PROTOCOL_SSLV3;
+} else if
(Constants.SSL_PROTO_TLSv1.equalsIgnoreCase(protocol)) {
+value |= SSL.SSL_PROTOCOL_TLSV1;
+} else if
(Constants.SSL_PROTO_TLSv1_1.equalsIgnoreCase(protocol)) {
+value |= SSL.SSL_PROTOCOL_TLSV1_1;
+
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1424 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686497 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686499 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AbstractJsseEndpoint.java AprEndpoint.java SSLHostConfig.java SSLHostConfigCertificate.java
Author: markt
Date: Fri Jun 19 20:33:16 2015
New Revision: 1686499
URL: http://svn.apache.org/r1686499
Log:
Correct multiple certificate configuration plumbing.
APR/native can handle multiple certificates in a single 'SSLContext'
JSSE needs one 'SSLContext' per certificate
Get key/certificate selection completed to the point where a dummy
implementation in a single method needs to be replaced with the real
implementation.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1686499&r1=1686498&r2=1686499&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Fri
Jun 19 20:33:16 2015
@@ -17,6 +17,7 @@
package org.apache.tomcat.util.net;
import java.util.List;
+import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
@@ -85,7 +86,7 @@ public abstract class AbstractJsseEndpoi
sslUtil.configureSessionContext(sessionContext);
}
SSLContextWrapper sslContextWrapper = new
SSLContextWrapper(sslContext, sslUtil);
-sslHostConfig.setSslContext(sslContextWrapper);
+certificate.setSslContextWrapper(sslContextWrapper);
}
}
}
@@ -94,7 +95,10 @@ public abstract class AbstractJsseEndpoi
protected SSLEngine createSSLEngine(String sniHostName, List
clientRequestedCiphers) {
SSLHostConfig sslHostConfig = getSSLHostConfig(sniHostName);
-SSLContextWrapper sslContextWrapper = (SSLContextWrapper)
sslHostConfig.getSslContext();
+
+SSLHostConfigCertificate certificate =
selectCertificate(sslHostConfig, clientRequestedCiphers);
+
+SSLContextWrapper sslContextWrapper =
certificate.getSslContextWrapper();
if (sslContextWrapper == null) {
throw new IllegalStateException(
sm.getString("endpoint.jsse.noSslContext", sniHostName));
@@ -127,15 +131,35 @@ public abstract class AbstractJsseEndpoi
}
+private SSLHostConfigCertificate selectCertificate(
+SSLHostConfig sslHostConfig, List clientRequestedCiphers) {
+
+Set certificates =
sslHostConfig.getCertificates(true);
+if (certificates.size() == 1) {
+return certificates.iterator().next();
+}
+
+// TODO:
+// Need to select correct certificate based on the ciphers requested by
+// the client, the ciphers configured for the server and which is
+// configured to define the preference order
+
+// For now, just return the first certificate
+return certificates.iterator().next();
+}
+
+
@Override
public void unbind() throws Exception {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
-sslHostConfig.setSslContext(null);
+for (SSLHostConfigCertificate certificate :
sslHostConfig.getCertificates(true)) {
+certificate.setSslContextWrapper(null);
+}
}
}
-private static class SSLContextWrapper {
+static class SSLContextWrapper {
private final SSLContext sslContext;
private final String[] enabledCiphers;
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1686499&r1=1686498&r2=1686499&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri Jun 19
20:33:16 2015
@@ -551,10 +551,10 @@ public class AprEndpoint extends Abstrac
log.warn(sm.getString("endpoint.alpn.fail",
negotiableProtocols));
}
}
-sslHostConfig.setSslContext(Long.valueOf(ctx));
+sslHostConfig.setOpenSslContext(Long.valueOf(ctx));
}
SSLHostConfig defaultSSLHostConfig =
sslHostConfigs.get(getDefaultSSLHostConfigName());
-Long defaultSSLContext = (Long)
defaultSSLHostConfig.getSslContext();
+Long defaultSSLContext = (Long)
defaultSSLHostConfig.getOpenSslContext();
sslContext = defaultSSLContext.longValue();
SSLContext.registerDefault(defaultSS
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1425 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686499 Blamelist: markt BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686501 - in /tomcat/trunk/java/org/apache/tomcat/util/net: ./ jsse/ jsse/openssl/
Author: markt
Date: Fri Jun 19 21:20:02 2015
New Revision: 1686501
URL: http://svn.apache.org/r1686501
Log:
First pass at an implementation that supports multiple certificate types for
all connectors.
Smoke test (SNI with 2 hosts with NIO) passes.
Further testing required.
Configuration via server.xml is still TODO
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Authentication.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1686501&r1=1686500&r2=1686501&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Fri
Jun 19 21:20:02 2015
@@ -16,6 +16,9 @@
*/
package org.apache.tomcat.util.net;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
@@ -132,19 +135,36 @@ public abstract class AbstractJsseEndpoi
private SSLHostConfigCertificate selectCertificate(
-SSLHostConfig sslHostConfig, List clientRequestedCiphers) {
+SSLHostConfig sslHostConfig, List clientCiphers) {
Set certificates =
sslHostConfig.getCertificates(true);
if (certificates.size() == 1) {
return certificates.iterator().next();
}
-// TODO:
-// Need to select correct certificate based on the ciphers requested by
-// the client, the ciphers configured for the server and which is
-// configured to define the preference order
+LinkedHashSet serverCiphers = sslHostConfig.getCipherList();
-// For now, just return the first certificate
+List candidateCiphers = new ArrayList<>();
+if (sslHostConfig.getHonorCipherOrder()) {
+candidateCiphers.addAll(serverCiphers);
+candidateCiphers.retainAll(clientCiphers);
+} else {
+candidateCiphers.addAll(clientCiphers);
+candidateCiphers.retainAll(serverCiphers);
+}
+
+Iterator candidateIter = candidateCiphers.iterator();
+while (candidateIter.hasNext()) {
+Cipher candidate = candidateIter.next();
+for (SSLHostConfigCertificate certificate : certificates) {
+if (certificate.getType().isCompatibleWith(candidate.getAu()))
{
+return certificate;
+}
+}
+}
+
+// No matches. Just return the first certificate. The handshake will
+// then fail due to no matching ciphers.
return certificates.iterator().next();
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1686501&r1=1686500&r2=1686501&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Fri Jun 19
21:20:02 2015
@@ -19,6 +19,8 @@ package org.apache.tomcat.util.net;
import java.io.File;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.LinkedHashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -27,6 +29,7 @@ import javax.net.ssl.TrustManagerFactory
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.net.jsse.openssl.Cipher;
import
org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationParser;
import org.apache.tomcat.util.res.StringManager;
@@ -75,6 +78,8 @@ public class SSLHostConfig {
private CertificateVerification certificateVerification =
CertificateVerification.NONE;
private int certificateVerificationDepth = 10;
private String ciphers = "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
+private LinkedHashSet cipherList = null;
+private List jsseCipherNames = null;
private boolean honorCipherOrder = true;
private Set protocols = new HashSet<>();
// JSSE
@@ -250,6 +255,9 @@ public class SSLHostConfig {
} else {
this.ciphers = ciphersList;
}
+this.cipherList = null;
+this.jsseCipherNames = null;
+
}
@@ -258,6 +266,22 @@ public class SSLHostConfi
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1426 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686501 Blamelist: markt BUILD FAILED: exception svn upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58059] New: Value for @PathParam annotated variable in @OnOpen is not correct
https://bz.apache.org/bugzilla/show_bug.cgi?id=58059 Bug ID: 58059 Summary: Value for @PathParam annotated variable in @OnOpen is not correct Product: Tomcat 8 Version: 8.0.23 Hardware: PC Status: NEW Severity: major Priority: P2 Component: WebSocket Assignee: dev@tomcat.apache.org Reporter: ktmnea...@gmail.com Created attachment 32837 --> https://bz.apache.org/bugzilla/attachment.cgi?id=32837&action=edit Test projects to show @PathParam issues When connecting to a websocket server endpoint in Tomcat 8.0.23, the mechanism for populating a @PathParam annotated variable in the @OnOpen method does not appear to be thread safe. I have set up 2 test projects; one that is a single class container web-application that handles websockets, and a client that connects to said websocket. When multiple requests come in with different path params, the value that is passed on to the @OnOpen annotated method into the @PathParam annotated variable does not match the value that is found in the Session.getPathParameters() collection for the same session. It appears that the @PathParam annotated variable is being overwritten with another connection request's path param. Here is some sample output from the attached "WebsocketPathParamIssueClient" project showing the path param that was sent, what was set in the @PathParam annotated variable, and what is in the Session.getPathParaters() collection: 2015-06-19 15:07:22.460 INFO [Grizzly(2)] [pathParam=D, sessionId=c880b807-8a9e-4180-9bdb-3bc65e358556] pathParamVariable=B | pathParamSession=D 2015-06-19 15:07:22.460 INFO [Grizzly(2)] [pathParam=C, sessionId=9fa55740-30b5-41ad-8871-dfb553d04dc5] pathParamVariable=C | pathParamSession=C 2015-06-19 15:07:22.460 INFO [Grizzly(2)] [pathParam=B, sessionId=a578cd97-94d7-4d69-9e26-3862d8447a53] pathParamVariable=B | pathParamSession=B 2015-06-19 15:07:22.460 INFO [Grizzly(2)] [pathParam=A, sessionId=2540e0ef-2c8a-456b-9d9e-ee0f1550840d] pathParamVariable=B | pathParamSession=A -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57969] @PathParam annotation captures incorrect value under high load
https://bz.apache.org/bugzilla/show_bug.cgi?id=57969 Violeta Georgieva changed: What|Removed |Added CC||ktmnea...@gmail.com --- Comment #3 from Violeta Georgieva --- *** Bug 58059 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58059] Value for @PathParam annotated variable in @OnOpen is not correct
https://bz.apache.org/bugzilla/show_bug.cgi?id=58059 Violeta Georgieva changed: What|Removed |Added Resolution|--- |DUPLICATE Status|NEW |RESOLVED OS||All --- Comment #1 from Violeta Georgieva --- *** This bug has been marked as a duplicate of bug 57969 *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
