Re: [VOTE] Release Apache Tomcat 8.0.41
2017-01-19 1:07 GMT+02:00 Violeta Georgieva : > > The proposed Apache Tomcat 8.0.41 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.41/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1118/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_41/ > > The proposed 8.0.41 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.0.41 Regards, Violeta
Re: [VOTE] Release Apache Tomcat 7.0.75
2017-01-18 23:45 GMT+02:00 Violeta Georgieva : > > The proposed Apache Tomcat 7.0.75 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.75/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1117/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_75/ > > The proposed 7.0.75 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 7.0.75 Stable Regards, Violeta
svn commit: r1779442 - /tomcat/tc6.0.x/trunk/dist.xml
Author: violetagg Date: Thu Jan 19 09:55:12 2017 New Revision: 1779442 URL: http://svn.apache.org/viewvc?rev=1779442&view=rev Log: Ensure there are no files with DOS line endings in the bin tar.gz Modified: tomcat/tc6.0.x/trunk/dist.xml Modified: tomcat/tc6.0.x/trunk/dist.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/dist.xml?rev=1779442&r1=1779441&r2=1779442&view=diff == --- tomcat/tc6.0.x/trunk/dist.xml (original) +++ tomcat/tc6.0.x/trunk/dist.xml Thu Jan 19 09:55:12 2017 @@ -94,6 +94,27 @@ + + + + + + + + + + + + + + + + + + + + + @@ -566,7 +587,9 @@ - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[jira] [Commented] (MTOMCAT-308) SNI header not sent
[ https://issues.apache.org/jira/browse/MTOMCAT-308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15830474#comment-15830474 ] Matthew Broadhead commented on MTOMCAT-308: --- hi, is anyone able to help with this issue? > SNI header not sent > --- > > Key: MTOMCAT-308 > URL: https://issues.apache.org/jira/browse/MTOMCAT-308 > Project: Apache Tomcat Maven Plugin > Issue Type: Bug > Components: tomcat7 >Affects Versions: 2.2 > Environment: CentOS 7 >Reporter: Matthew Broadhead >Assignee: Olivier Lamy (*$^¨%`£) > > tomcat7-maven-plugin fails to deploy to the server saying the certificate was > wrong and showed the primary host certificate instead of the one specified > [ERROR] Failed to execute goal > org.apache.tomcat.maven:tomcat7-maven-plugin:2.3-SNAPSHOT:redeploy > (default-cli) on project domain2: Cannot invoke Tomcat manager: hostname in > certificate didn't match: != OR > OR -> [Help 1] > is there a workaround or any plans to fix in the future? > i submitted a workaround using a custom sslsocketfactory at > https://issues.apache.org/jira/browse/TOMEE-1910 -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 60597] Add ability to set cipher suites for websocket connections
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597 --- Comment #6 from Christopher Schultz --- (In reply to Michael Orr from comment #5) > In general I'd much prefer the direct mutators approach as well. In this > case, however, the intent is to provide additional configuration > capabilities to the generic javax.websocket.* API classes that were missing > from that generic API. Understood. I think the system-property-based configuration is probably best, then. No need to build infrastructure only to remove it later when the public API improves. > Of course, the best thing would be if protocol/ciphers configurability were > to be added to the official java.websocket.* API spec, but I have no idea > when that's coming... After wrestling with several third-party APIs which didn't support various TLS configuration parameters, I've decided that the only sane way to accomplish it is to allow the caller to supply their own SSLSocketFactory. Otherwise, you end up re-inventing the wheel for everything: protocols, cipher suites, trust stores, key management, certificate revocation lists, hostname verifiers, certificate verifiers, etc. Apache HTTP Components (http-client) stepped on this landmine long ago and it took them several versions to climb out of the hole and remove all of the Apache-specific configuration in favor of the standard SSLSocketFactory. It didn't help that it took the Java API a while to standardize and expose that interface, too. Thanks for your patches! -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.75
On Wed, Jan 18, 2017 at 10:45 PM, Violeta Georgieva wrote: > The proposed Apache Tomcat 7.0.75 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.75/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1117/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_75/ > > The proposed 7.0.75 release is: > [ ] Broken - do not release > [ X ] Stable - go ahead and release as 7.0.75 Stable > Regards, Martin > > Regards, > Violeta >
Re: [VOTE] Release Apache Tomcat 8.0.41
On Thu, Jan 19, 2017 at 12:07 AM, Violeta Georgieva wrote: > The proposed Apache Tomcat 8.0.41 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.41/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1118/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_41/ > > The proposed 8.0.41 release is: > [ ] Broken - do not release > [ X ] Stable - go ahead and release as 8.0.41 > Regards, Martin > > Regards, > Violeta >
[Bug 60611] New: empty org.apache.dbcp.dbcp2.BasicDataSource ?
https://bz.apache.org/bugzilla/show_bug.cgi?id=60611 Bug ID: 60611 Summary: empty org.apache.dbcp.dbcp2.BasicDataSource ? Product: Tomcat 8 Version: 8.5.9 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: hau...@acm.org Target Milestone: to solve a cpu max problem (bug 60578#c2) I got the debian jessie backport of this tomcat version The cpu now appears to be fixed, but somtimes I get an empty DataSource (defined in server.xml). One hypothesis that tc8.0.14 (the real debain stable) didn't yet implement http://marc.info/?l=tomcat-user&m=148248630513239&w=2 (CVE-2016-6797) 1) that should be fixed in 8.0.14 for debian 2) I guess the https://tomcat.apache.org/tomcat-8.5-doc/config/globalresources.html#Resource_Definitions interestingly, when starting tomcat8.5.9 in eclipse, JNDI returns a org.apache.commons.dbcp.BasicDataSource -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1779542 - in /tomcat/trunk/java/org/apache/tomcat/util/compat: Jre9Compat.java JreCompat.java LocalStrings.properties
Author: markt
Date: Thu Jan 19 23:55:48 2017
New Revision: 1779542
URL: http://svn.apache.org/viewvc?rev=1779542&view=rev
Log:
Add SSLEngine.getApplicationProtocol() to JreCompat
Modified:
tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java
tomcat/trunk/java/org/apache/tomcat/util/compat/JreCompat.java
tomcat/trunk/java/org/apache/tomcat/util/compat/LocalStrings.properties
Modified: tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java?rev=1779542&r1=1779541&r2=1779542&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java Thu Jan 19
23:55:48 2017
@@ -19,20 +19,24 @@ package org.apache.tomcat.util.compat;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
+import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
class Jre9Compat extends JreCompat {
private static final Class inaccessibleObjectExceptionClazz;
private static final Method setApplicationProtocolsMethod;
+private static final Method getApplicationProtocolMethod;
static {
Class c1 = null;
Method m2 = null;
+Method m3 = null;
try {
c1 =
Class.forName("java.lang.reflect.InaccessibleObjectException");
-SSLParameters.class.getMethod("setApplicationProtocolsMethod",
String[].class);
+m2 =
SSLParameters.class.getMethod("setApplicationProtocolsMethod", String[].class);
+m3 = SSLEngine.class.getMethod("getApplicationProtocol");
} catch (SecurityException | NoSuchMethodException e) {
// Should never happen
} catch (ClassNotFoundException e) {
@@ -40,6 +44,7 @@ class Jre9Compat extends JreCompat {
}
inaccessibleObjectExceptionClazz = c1;
setApplicationProtocolsMethod = m2;
+getApplicationProtocolMethod = m3;
}
@@ -65,5 +70,15 @@ class Jre9Compat extends JreCompat {
} catch (IllegalAccessException | IllegalArgumentException |
InvocationTargetException e) {
throw new UnsupportedOperationException(e);
}
+}
+
+
+@Override
+public String getApplicationProtocol(SSLEngine sslEngine) {
+ try {
+return (String) getApplicationProtocolMethod.invoke(sslEngine);
+} catch (IllegalAccessException | IllegalArgumentException |
InvocationTargetException e) {
+throw new UnsupportedOperationException(e);
+}
}
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/compat/JreCompat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/compat/JreCompat.java?rev=1779542&r1=1779541&r2=1779542&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/compat/JreCompat.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/compat/JreCompat.java Thu Jan 19
23:55:48 2017
@@ -16,6 +16,7 @@
*/
package org.apache.tomcat.util.compat;
+import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import org.apache.tomcat.util.res.StringManager;
@@ -85,4 +86,18 @@ public class JreCompat {
public void setApplicationProtocols(SSLParameters sslParameters, String[]
protocols) {
throw new
UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocols"));
}
+
+
+/**
+ * Get the application protocol that has been negotiated for connection
+ * associated with the given SSLEngine.
+ *
+ * @param sslEngine The SSLEngine for which to obtain the negotiated
+ * protocol
+ *
+ * @return The name of the negotiated protocol
+ */
+public String getApplicationProtocol(SSLEngine sslEngine) {
+throw new
UnsupportedOperationException(sm.getString("jreCompat.noApplicationProtocol"));
+}
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/compat/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/compat/LocalStrings.properties?rev=1779542&r1=1779541&r2=1779542&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/compat/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/compat/LocalStrings.properties Thu
Jan 19 23:55:48 2017
@@ -13,4 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-jreCompat.noApplicationProtocols=Java Runtime does not support
SSLParameters.setApplicationProtocols(). You must use Java 9 to use this
feature.
\ No newline at end of file
+jreCompat.noApplicationProtocols=Java Runtime does not support
SS
svn commit: r1779543 - /tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java
Author: markt
Date: Thu Jan 19 23:58:10 2017
New Revision: 1779543
URL: http://svn.apache.org/viewvc?rev=1779543&view=rev
Log:
Tab police
Modified:
tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java?rev=1779543&r1=1779542&r2=1779543&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java Thu Jan 19
23:58:10 2017
@@ -75,7 +75,7 @@ class Jre9Compat extends JreCompat {
@Override
public String getApplicationProtocol(SSLEngine sslEngine) {
- try {
+try {
return (String) getApplicationProtocolMethod.invoke(sslEngine);
} catch (IllegalAccessException | IllegalArgumentException |
InvocationTargetException e) {
throw new UnsupportedOperationException(e);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1779544 - /tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java
Author: markt
Date: Fri Jan 20 00:07:21 2017
New Revision: 1779544
URL: http://svn.apache.org/viewvc?rev=1779544&view=rev
Log:
Fix copy/paste error
Modified:
tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java?rev=1779544&r1=1779543&r2=1779544&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java Fri Jan 20
00:07:21 2017
@@ -35,7 +35,7 @@ class Jre9Compat extends JreCompat {
try {
c1 =
Class.forName("java.lang.reflect.InaccessibleObjectException");
-m2 =
SSLParameters.class.getMethod("setApplicationProtocolsMethod", String[].class);
+m2 = SSLParameters.class.getMethod("setApplicationProtocols",
String[].class);
m3 = SSLEngine.class.getMethod("getApplicationProtocol");
} catch (SecurityException | NoSuchMethodException e) {
// Should never happen
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1779545 - in /tomcat/trunk: java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/
Author: markt
Date: Fri Jan 20 00:12:16 2017
New Revision: 1779545
URL: http://svn.apache.org/viewvc?rev=1779545&view=rev
Log:
Adding ALPN support for JSSE with Java 9
Enable ALPN and also, therefore, HTTP/2 for the NIO and NIO2 HTTP connectors
when using the JSSE implementation for TLS when running on Java 9.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1779545&r1=1779544&r2=1779545&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Fri
Jan 20 00:12:16 2017
@@ -30,6 +30,7 @@ import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.SSLHostConfig.Type;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
@@ -169,6 +170,20 @@ public abstract class AbstractJsseEndpoi
SSLParameters sslParameters = engine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(sslHostConfig.getHonorCipherOrder());
+if (JreCompat.isJre9Available() &&
clientRequestedApplicationProtocols.size() > 0 &&
+negotiableProtocols.size() > 0) {
+// Only try to negotiate if both client and server have at least
+// one protocol in common
+// Note: Tomcat does not explicitly negotiate http/1.1
+// TODO: Is this correct? Should it change?
+List commonProtocols = new ArrayList<>();
+commonProtocols.addAll(negotiableProtocols);
+commonProtocols.retainAll(clientRequestedApplicationProtocols);
+if (commonProtocols.size() > 0) {
+String[] commonProtocolsArray = commonProtocols.toArray(new
String[commonProtocols.size()]);
+JreCompat.getInstance().setApplicationProtocols(sslParameters,
commonProtocolsArray);
+}
+}
// In case the getter returns a defensive copy
engine.setSSLParameters(sslParameters);
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1779545&r1=1779544&r2=1779545&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Fri Jan
20 00:12:16 2017
@@ -38,6 +38,7 @@ import javax.net.ssl.SSLException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteBufferUtils;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
import org.apache.tomcat.util.res.StringManager;
@@ -227,8 +228,14 @@ public class SecureNio2Channel extends N
throw new
IOException(sm.getString("channel.nio.ssl.notHandshaking"));
}
case FINISHED: {
-if (endpoint.hasNegotiableProtocols() && sslEngine
instanceof SSLUtil.ProtocolInfo) {
-socket.setNegotiatedProtocol(((SSLUtil.ProtocolInfo)
sslEngine).getNegotiatedProtocol());
+if (endpoint.hasNegotiableProtocols()) {
+if (sslEngine instanceof SSLUtil.ProtocolInfo) {
+socket.setNegotiatedProtocol(
+((SSLUtil.ProtocolInfo)
sslEngine).getNegotiatedProtocol());
+} else if (JreCompat.isJre9Available()) {
+socket.setNegotiatedProtocol(
+
JreCompat.getInstance().getApplicationProtocol(sslEngine));
+}
}
//we are complete if we have delivered the last package
handshakeComplete = !netOutBuffer.hasRemaining();
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1779545&r1=1779544&r2=1779545&view=diff
[Bug 60613] New: getting Maximum code footprint error after upgrade to Tomcat 8.5.11
https://bz.apache.org/bugzilla/show_bug.cgi?id=60613 Bug ID: 60613 Summary: getting Maximum code footprint error after upgrade to Tomcat 8.5.11 Product: Tomcat 8 Version: 8.5.11 Hardware: PC Status: NEW Severity: major Priority: P2 Component: Jasper Assignee: dev@tomcat.apache.org Reporter: manme...@gmail.com Target Milestone: Hello, I recently upgraded my Tomcat to 8.5.11 and certain JSPs have stopped working since the maximum method/file size error 65535. The stack trace is below: An error occurred at line: [362] in the generated java file: [C:\Fieldglass\InSite-2017.10\work\Catalina\localhost\ROOT\org\apache\jsp\WEB_002dINF\pages\buyer\job_005fposting_005fform_002d3_jsp.java] The code of method _jspService(HttpServletRequest, HttpServletResponse) is exceeding the 65535 bytes limit Stacktrace: at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:102) at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:212) at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:457) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:377) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:349) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:333) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:600) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:368) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:726) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:592) The project I have doesn't contain any error/bug that might cause this. Rather than reformatting/refactoring >200 files, I was wondering if you guys would take a look at this and provide some comments on why this is happening. I have already tried adding the following attributes to %CATALINA_HOME%\conf\web.xml suppressSmap=true mappedFile=False -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
