[Bug 62809] New: cannot remote deploy with Ant DeployTask
https://bz.apache.org/bugzilla/show_bug.cgi?id=62809
Bug ID: 62809
Summary: cannot remote deploy with Ant DeployTask
Product: Tomcat 9
Version: 9.0.12
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Manager
Assignee: dev@tomcat.apache.org
Reporter: megas...@gmail.com
Target Milestone: -
I try to remote deploy with Ant DeployTask, but it not works.
source
DeployTask deployer = new DeployTask();
deployer.setUpdate(true);
deployer.setWar("C:\\tmp\\WebApplication1.war"); // if change to setLocalWar,
it works.
deployer.setUsername("tomcat");
deployer.setPassword("tomcat");
deployer.setUrl("http://localhost:8080/manager/text";);
deployer.setPath("/WebApplication1");
deployer.execute();
stacktrace
Exception in thread "main" java.net.HttpRetryException: cannot retry due to
server authentication, in streaming mode
at
org.apache.catalina.ant.AbstractCatalinaTask.execute(AbstractCatalinaTask.java:270)
at org.apache.catalina.ant.DeployTask.execute(DeployTask.java:178)
at tomcattest.TomcatTest.main(TomcatTest.java:28)
Caused by: java.net.HttpRetryException: cannot retry due to server
authentication, in streaming mode
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1692)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at
org.apache.catalina.ant.AbstractCatalinaTask.execute(AbstractCatalinaTask.java:231)
... 2 more
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62150] Behavior of relative paths with RequestDispatcher has changed
https://bz.apache.org/bugzilla/show_bug.cgi?id=62150 Manish Kumar Sharma changed: What|Removed |Added CC||manishks...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Setting up dev environment
Hi all, I need to set up tomcat development environment on Intellij Idea running on Windows 10 - 64 bit OS. I have searched, searched and searched and I cannot find a resource that will help me accomplish that. Also is there a developer quickstart for tomcat project ? It would be massively helpful for me to get started. Thank you very much. Regards, Harsha Amarasiri
Re: [GUMP@vmgump-vm3]: Project tomcat-trunk (in module tomcat-trunk) failed
On Tue, Oct 9, 2018 at 4:45 AM Bill Barker wrote: > The following work was performed: > > http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk/gump_work/build_tomcat-trunk_tomcat-trunk.html > Work Name: build_tomcat-trunk_tomcat-trunk (Type: Build) > Work ended in a state of : Failed > Elapsed: 16 secs > Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true > -Dbuild.sysclasspath=only -Dsun.zip.disableMemoryMapping=true > org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml > -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar > -Dbase.path=/srv/gump/public/workspace/tomcat-trunk/tomcat-build-libs > -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.7.3a-201803300640/ecj-4.7.3a.jar > -Dbndlib.jar=/srv/gump/packages/bnd/bndlib-4.0.0/biz.aQute.bndlib-4.0.0.jar > -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/target/commons-daemon-1.1.1-SNAPSHOT.jar > -Dbnd.jar=/srv/gump/packages/bnd/bnd-4.0.0/biz.aQute.bnd-4.0.0.jar > [Working Directory: /srv/gump/public/workspace/tomcat-trunk] > CLASSPATH: > /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/classes:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar:/srv/gump/packages/eclipse/plugins/R-4.7.3a-201803300640/ecj-4.7.3a.jar:/srv/gump/public/workspace/apache-commons/daemon/target/commons-daemon-1.1.1-SNAPSHOT.jar:/srv/gump/packages/bnd/bnd-4.0.0/biz.aQute.bnd-4.0.0.jar > - > [javac] import com.github.openjson.JSONTokener; > [javac] ^ > [javac] > /srv/gump/public/workspace/tomcat-trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:135: > error: cannot find symbol > [javac] JSONObject json = new JSONObject(new > JSONTokener(new InputStreamReader(stream, "UTF-8"))); > Missing openjson, but I'll be looking at the other json parser, so no need to add it yet. Rémy
svn commit: r1843232 - in /tomcat/trunk: java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java test/org/apache/catalina/tribes/membership/cloud/ test/org/apache/catalina/t
Author: remm
Date: Tue Oct 9 09:21:51 2018
New Revision: 1843232
URL: http://svn.apache.org/viewvc?rev=1843232&view=rev
Log:
Refactor to add a json test. The json isn't a separate text file since I cannot
put the license text in it.
Added:
tomcat/trunk/test/org/apache/catalina/tribes/membership/cloud/
tomcat/trunk/test/org/apache/catalina/tribes/membership/cloud/TestKubernetesJson.java
(with props)
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java?rev=1843232&r1=1843231&r2=1843232&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
Tue Oct 9 09:21:51 2018
@@ -20,6 +20,7 @@ package org.apache.catalina.tribes.membe
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
+import java.io.Reader;
import java.net.URLEncoder;
import java.nio.file.FileSystems;
import java.nio.file.Files;
@@ -56,8 +57,9 @@ public class KubernetesMembershipProvide
// Set up Kubernetes API parameters
String namespace = getEnv("KUBERNETES_NAMESPACE", CUSTOM_ENV_PREFIX +
"NAMESPACE");
-if (namespace == null || namespace.length() == 0)
-throw new
RuntimeException(sm.getString("kubernetesMembershipProvider.noNamespace"));
+if (namespace == null || namespace.length() == 0) {
+throw new
IllegalArgumentException(sm.getString("kubernetesMembershipProvider.noNamespace"));
+}
if (log.isDebugEnabled()) {
log.debug(String.format("Namespace [%s] set; clustering enabled",
namespace));
@@ -131,64 +133,70 @@ public class KubernetesMembershipProvide
List members = new ArrayList<>();
-try (InputStream stream = streamProvider.openStream(url, headers,
connectionTimeout, readTimeout)) {
-JSONObject json = new JSONObject(new JSONTokener(new
InputStreamReader(stream, "UTF-8")));
+try (InputStream stream = streamProvider.openStream(url, headers,
connectionTimeout, readTimeout);
+InputStreamReader reader = new InputStreamReader(stream,
"UTF-8")) {
+parsePods(reader, members);
+} catch (IOException e) {
+
log.error(sm.getString("kubernetesMembershipProvider.streamError"), e);
+}
-JSONArray items = json.getJSONArray("items");
+return members.toArray(new Member[0]);
+}
-for (int i = 0; i < items.length(); i++) {
-String phase;
-String ip;
-String name;
-Instant creationTime;
-
-try {
-JSONObject item = items.getJSONObject(i);
-JSONObject status = item.getJSONObject("status");
-phase = status.getString("phase");
-
-// Ignore shutdown pods
-if (!phase.equals("Running"))
-continue;
-
-ip = status.getString("podIP");
-
-// Get name & start time
-JSONObject metadata = item.getJSONObject("metadata");
-name = metadata.getString("name");
-String timestamp = metadata.getString("creationTimestamp");
-creationTime = Instant.parse(timestamp);
-} catch (JSONException e) {
-
log.warn(sm.getString("kubernetesMembershipProvider.jsonError"), e);
-continue;
-}
+protected void parsePods(Reader reader, List members)
+throws IOException{
+JSONObject json = new JSONObject(new JSONTokener(reader));
+
+JSONArray items = json.getJSONArray("items");
+
+for (int i = 0; i < items.length(); i++) {
+String phase;
+String ip;
+String name;
+Instant creationTime;
+
+try {
+JSONObject item = items.getJSONObject(i);
+JSONObject status = item.getJSONObject("status");
+phase = status.getString("phase");
-// We found ourselves, ignore
-if (name.equals(hostName))
+// Ignore shutdown pods
+if (!phase.equals("Running"))
continue;
-// id = md5(hostname)
-byte[] id = md5.digest(name.getBytes());
-long aliveTime = Duration.between(creationTime,
startTime).getSeconds() * 1000; // aliveTime is in ms
-
-
Re: SVN Workflow and Backporting
On 09/10/18 05:55, Igal Sapir wrote: > On Mon, Oct 8, 2018 at 3:04 AM Mark Thomas wrote: > >> On 06/10/18 23:08, Igal Sapir wrote: >>> I am rather new to SVN, and actually use it mostly via GIT, i.e. `git svn >>> rebase` and `git svn dcommit`. >>> >>> What is the best way to backport specific patches from trunk to 8.5, 7.0, >>> etc.? Patch utility? SVN Merge? GIT cherry-pick (though the git >> mirrors >>> have a separate repos which adds some complexity I think) >>> >>> I'd appreciate any tips that will point me in the right direction, or if >>> anyone can share their workflow. >> >> I use svn for backports. I use the following scripts. The first to merge >> from trunk to 8.5.x, the second to merge from 8.5.x to 7.0.x. I `cd` >> into the root of the repo for the version I want to merge to and then >> call the script with the revision of the commit I want to back-port. >> >> HTH, >> >> Mark >> >> mark@study04:~/bin$ cat tc-merge.sh >> #!/bin/sh >> svn up >> svn merge -c $1 https://svn.apache.org/repos/asf/tomcat/trunk >> >> mark@study04:~/bin$ cat tc85-merge.sh >> #!/bin/sh >> svn up >> svn merge -c $1 https://svn.apache.org/repos/asf/tomcat/tc8.5.x/trunk >> >> > It helps, thanks, but I don't know if the target file has been changed or > if I did something wrong, I'm getting a conflict (in git I can see the > differences and choose resolution, but here I don't know which one to > pick). Or is it because I waited too long and didn't do this immediately > after committing the original patch to trunk? > > Here's the output from the script: > > tc8.5.x]$ ~/bin/svn-merge-tc-trunk-to-85.sh 1842849 > Updating '.': > At revision 1843219. > --- Merging r1842849 into '.': >C test >C java > --- Recording mergeinfo for merge of r1842849 into '.': > U . > Summary of conflicts: > Tree conflicts: 2 > Searching tree conflict details for 'java' in repository: > Checking r1842849... done > Tree conflict on 'java': > Changes destined for a directory arrived during merge of > '^/tomcat/trunk/java:1842849'. > No such file or directory was found in the merge target working copy. > The item may have been deleted or moved away in the repository's history. > > Subversion is not smart enough to resolve this tree conflict automatically! > > Apparently neither am I :s That looks like you aren't in the right place in the 8.5.x source tree to apply the patch. Using my scripts I need to be in tc8.5.x/trunk when apply a patch from trunk to 8.5.x. Essentially, the path in the merge command and the cwd have to 'line up'. HTH, Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62808] "function-signature" text containing line breaks causes JasperException
https://bz.apache.org/bugzilla/show_bug.cgi?id=62808 --- Comment #1 from Mark Thomas --- There was a regression in 7.0.91 that is fixed for 7.0.92 in this area. I suspect this is the same issue but need to test it to be sure. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1842849 - in /tomcat/trunk: java/org/apache/tomcat/jni/Library.java test/org/apache/tomcat/util/net/TesterSupport.java test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
On 09/10/18 07:04, Igal Sapir wrote:
> Mark,
>
> On Mon, Oct 8, 2018 at 2:52 AM Mark Thomas wrote:
>
>> On 05/10/18 19:46, Christopher Schultz wrote:
>>
> +1 a lack of { } is too big a possible bug source to ignore.
>>>
I just tried enabling the CheckStyle test for this. There were
just under three thousand errors.
>>>
I'm wondering if it is worth going through the code base fixing
these.
>>>
>>> I'm nearly -1 on this, mostly because it will make back-porting stuff
>>> a total PITA.
>>
>> Fair enough. I don't need much convincing not to do it as I have plenty
>> of other stuff on my TODO list.
>>
>>> Definitely opportunistically "upgrade" code we find here and there,
>>> but I don't think it's worth taking a day or two to add missing
>>> explicit blocks everywhere.
>>
>> ACK.
>>
On a related topic, I did notice several instance of the
following:
>>>
if (a == b) ... if (a == c) ... if (a == d) ...
>>>
that could be more efficiently written as:
>>>
if (a == b) { ... } else if (a == c) { ... } else if (a == d) {
... }
>>>
>>> That would be nice. Sounds like a BZ issue that could have a
>>> "beginner" keyword attached.
>>
>> Good idea. Feel free to add that if I don't get there first.
>>
>>
> Did you notice the consecutive if statements by chance, or does CheckStyle
> report those?
I noticed them by chance while I was looking at CheckStyle warnings for
if statements not using { ... }
> I just imported the CheckStyle profile into IntelliJ IDEA
> and I see more than 82,000 warnings, many of which complaining of missing
> Javadoc comments and lines longer than 80 characters.
If you import the checkstyle configs from res/checkstyle.xml and apply
them as per https://github.com/apache/tomcat/blob/trunk/build.xml#L565
you should get a clean build.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Setting up dev environment
Hi, На вт, 9.10.2018 г. в 11:58 ч. Harsha Suranjith Amarasiri < harshasuranj...@gmail.com> написа: > > Hi all, > > I need to set up tomcat development environment on Intellij Idea running on > Windows 10 - 64 bit OS. > > I have searched, searched and searched and I cannot find a resource that > will help me accomplish that. Also is there a developer quickstart for > tomcat project ? > It would be massively helpful for me to get started. Try with this ant target ant ide-intellij When you need to see all ant targets you can execute ant -p Regards, Violeta
[Bug 62794] Tomcat request-read fails when using TLSv1.3 with APR connector
https://bz.apache.org/bugzilla/show_bug.cgi?id=62794 --- Comment #1 from Mark Thomas --- I have found the problem. It is related to how Tomcat Native tracks the renegotiation status and that TLS 1.3 doesn't use renegotiation. I have a working fix. I am currently reviewing the overall patch and should have something ready to commit later today. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Setting up dev environment
Hi, What are you trying to achieve? If you want to develop Tomcat source code, i.e. debug/develop code that will be a part of the Tomcat code base, then as Violeta suggested, you could use the ant command (or simply import Tomcat source code into Idea and build/run the code via command line). If you want to develop apps for Tomcat, then you don't need Tomcat's source code. In such a case, you'll be better served by searching for specific technology, for example getting started with Servlets, and using Tomcat as the container for your code. On 10/9/18 10:58 AM, Harsha Suranjith Amarasiri wrote: Hi all, I need to set up tomcat development environment on Intellij Idea running on Windows 10 - 64 bit OS. I have searched, searched and searched and I cannot find a resource that will help me accomplish that. Also is there a developer quickstart for tomcat project ? It would be massively helpful for me to get started. Thank you very much. Regards, Harsha Amarasiri -- Marek Czernek JWS/JBCS Associate Quality Engineer, RHCA
[Bug 62748] Add support for TLS 1.3 (RFC 8446)
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748 --- Comment #13 from Mark Thomas --- Note that it is likely that additional patches will be required to get CLIENT_CERT working. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1843285 - in /tomcat/trunk: TOMCAT-NEXT.txt build.properties.default build.xml java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java res/checkstyle/org-import
Author: remm
Date: Tue Oct 9 13:56:25 2018
New Revision: 1843285
URL: http://svn.apache.org/viewvc?rev=1843285&view=rev
Log:
Switch from OpenJSON to Noggit.
Modified:
tomcat/trunk/TOMCAT-NEXT.txt
tomcat/trunk/build.properties.default
tomcat/trunk/build.xml
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
tomcat/trunk/res/checkstyle/org-import-control.xml
Modified: tomcat/trunk/TOMCAT-NEXT.txt
URL:
http://svn.apache.org/viewvc/tomcat/trunk/TOMCAT-NEXT.txt?rev=1843285&r1=1843284&r2=1843285&view=diff
==
--- tomcat/trunk/TOMCAT-NEXT.txt (original)
+++ tomcat/trunk/TOMCAT-NEXT.txt Tue Oct 9 13:56:25 2018
@@ -38,6 +38,4 @@ New items for 10.0.x onwards:
3. Remove the ExtensionValidator and associated classes (assuming that the
minimum Java version is Java 9 or later).
-4. New builder style alternate embedded API (likely also for 9.x).
-
-5. Cloud aware cluster membership provider(s) (likely also for 9.x).
+4. New embedded APIs (likely also for 9.x).
Modified: tomcat/trunk/build.properties.default
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1843285&r1=1843284&r2=1843285&view=diff
==
--- tomcat/trunk/build.properties.default (original)
+++ tomcat/trunk/build.properties.default Tue Oct 9 13:56:25 2018
@@ -283,14 +283,14 @@ saaj-api.home=${base.path}/saaj-api-${sa
saaj-api.jar=${saaj-api.home}/saaj-api-${saaj-api.version}.jar
saaj-api.loc=${base-maven.loc}/javax/xml/soap/saaj-api/${saaj-api.version}/saaj-api-${saaj-api.version}.jar
-# - OpenJSON, version 1.0.10 or later -
-openjson.version=1.0.10
-openjson.checksum.enabled=true
-openjson.checksum.algorithm=MD5|SHA-1
-openjson.checksum.value=c7c4cb9266cacc0aab5dcbb59456720c|8dcccbcc8bbfa15162cd7ca77bcf2b9daa90e70a
-openjson.home=${base.path}/openjson-${openjson.version}
-openjson.jar=${openjson.home}/openjson-${openjson.version}.jar
-openjson.loc=${base-maven.loc}/com/github/openjson/openjson/${openjson.version}/openjson-${openjson.version}.jar
+# - Noggit, version 0.8 or later -
+noggit.version=0.8
+noggit.checksum.enabled=true
+noggit.checksum.algorithm=MD5|SHA-1
+noggit.checksum.value=6856f2ceab2dd7128595e4659d22d581|ba4ad65a62d7dfcf97a8d42c82ae7d8824f9087f
+noggit.home=${base.path}/noggit-${noggit.version}
+noggit.jar=${noggit.home}/noggit-${noggit.version}.jar
+noggit.loc=${base-maven.loc}/org/noggit/noggit/${noggit.version}/noggit-${noggit.version}.jar
# - bnd & bndlib, version 4.0.0 or later -
# - provides OSGI metadata for JARs -
Modified: tomcat/trunk/build.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.xml?rev=1843285&r1=1843284&r2=1843285&view=diff
==
--- tomcat/trunk/build.xml (original)
+++ tomcat/trunk/build.xml Tue Oct 9 13:56:25 2018
@@ -213,7 +213,7 @@
-
+
@@ -2718,14 +2718,14 @@ skip.installer property in build.propert
-
+
-
-
-
-
-
-
+
+
+
+
+
+
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java?rev=1843285&r1=1843284&r2=1843285&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
Tue Oct 9 13:56:25 2018
@@ -35,11 +35,7 @@ import org.apache.catalina.tribes.member
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.codec.binary.StringUtils;
-
-import com.github.openjson.JSONArray;
-import com.github.openjson.JSONException;
-import com.github.openjson.JSONObject;
-import com.github.openjson.JSONTokener;
+import org.noggit.JSONParser;
public class KubernetesMembershipProvider extends CloudMembershipProvider {
@@ -145,58 +141,170 @@ public class KubernetesMembershipProvide
protected void parsePods(Reader reader, List members)
throws IOException{
-JSONObject json = new JSONObject(new JSONTokener(reader));
-JSONArray items = json.getJSONArray("items");
+int event = 0;
+JSONParser parser = new JSONParser(reader);
+boolean parseItems = false;
+for (;;) {
+event = parser.nextEvent();
+switch (event) {
+case JSONParser.STRING:
+String value = parser.getString();
+if (parser.wasKey()
Re: svn commit: r1843285 - in /tomcat/trunk: TOMCAT-NEXT.txt build.properties.default build.xml java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java res/checkstyle/org-im
On Tue, Oct 9, 2018 at 3:56 PM wrote: > Author: remm > Date: Tue Oct 9 13:56:25 2018 > New Revision: 1843285 > > URL: http://svn.apache.org/viewvc?rev=1843285&view=rev > Log: > Switch from OpenJSON to Noggit. > > Modified: > tomcat/trunk/TOMCAT-NEXT.txt > tomcat/trunk/build.properties.default > tomcat/trunk/build.xml > > tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java > tomcat/trunk/res/checkstyle/org-import-control.xml > Given the Noggit version number and lack of recent commits, it might be a good idea to include the package renamed source in util. IMO. Maybe we can talk to the author about it. Or switch back to openjson. Rémy
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/3634 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1843285 Blamelist: remm BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Setting up dev environment
Thanks Violeta , Marek, I want to contribute to Tomcat project, therefore I want to setup the development environment and learn the internals. For dependency management and build process I have always used Maven and Gradle, therefore Ant is kind of new to me. However I figured out what's happening after reading Violeta's reply. Thank you very much. I was able to get the application running, but still throws some exceptions. Its complaining that JspFactory is null. It may be due to the method I have setup the IDE to run/debug application using the Bootstrap class. I may not be passing some required params. Is there a guide available for the developers at the initial learning phases of the application ?? Thanks you again for your support, Best Regards, Harsha On Tue, 9 Oct 2018 at 18:30, Marek Czernek wrote: > Hi, > > What are you trying to achieve? If you want to develop Tomcat source > code, i.e. debug/develop code that will be a part of the Tomcat code > base, then as Violeta suggested, you could use the ant command (or > simply import Tomcat source code into Idea and build/run the code via > command line). > > If you want to develop apps for Tomcat, then you don't need Tomcat's > source code. In such a case, you'll be better served by searching for > specific technology, for example getting started with Servlets, and > using Tomcat as the container for your code. > > On 10/9/18 10:58 AM, Harsha Suranjith Amarasiri wrote: > > Hi all, > > > > I need to set up tomcat development environment on Intellij Idea running > on > > Windows 10 - 64 bit OS. > > > > I have searched, searched and searched and I cannot find a resource that > > will help me accomplish that. Also is there a developer quickstart for > > tomcat project ? > > It would be massively helpful for me to get started. > > > > Thank you very much. > > > > > > Regards, > > > > Harsha Amarasiri > > > -- > > Marek Czernek > > JWS/JBCS Associate Quality Engineer, RHCA > > >
Re: SVN Workflow and Backporting
On Tue, Oct 9, 2018 at 2:31 AM Mark Thomas wrote: > On 09/10/18 05:55, Igal Sapir wrote: > > On Mon, Oct 8, 2018 at 3:04 AM Mark Thomas wrote: > > > >> On 06/10/18 23:08, Igal Sapir wrote: > >>> I am rather new to SVN, and actually use it mostly via GIT, i.e. `git > svn > >>> rebase` and `git svn dcommit`. > >>> > >>> What is the best way to backport specific patches from trunk to 8.5, > 7.0, > >>> etc.? Patch utility? SVN Merge? GIT cherry-pick (though the git > >> mirrors > >>> have a separate repos which adds some complexity I think) > >>> > >>> I'd appreciate any tips that will point me in the right direction, or > if > >>> anyone can share their workflow. > >> > >> I use svn for backports. I use the following scripts. The first to merge > >> from trunk to 8.5.x, the second to merge from 8.5.x to 7.0.x. I `cd` > >> into the root of the repo for the version I want to merge to and then > >> call the script with the revision of the commit I want to back-port. > >> > >> HTH, > >> > >> Mark > >> > >> mark@study04:~/bin$ cat tc-merge.sh > >> #!/bin/sh > >> svn up > >> svn merge -c $1 https://svn.apache.org/repos/asf/tomcat/trunk > >> > >> mark@study04:~/bin$ cat tc85-merge.sh > >> #!/bin/sh > >> svn up > >> svn merge -c $1 https://svn.apache.org/repos/asf/tomcat/tc8.5.x/trunk > >> > >> > > It helps, thanks, but I don't know if the target file has been changed or > > if I did something wrong, I'm getting a conflict (in git I can see the > > differences and choose resolution, but here I don't know which one to > > pick). Or is it because I waited too long and didn't do this immediately > > after committing the original patch to trunk? > > > > Here's the output from the script: > > > > tc8.5.x]$ ~/bin/svn-merge-tc-trunk-to-85.sh 1842849 > > Updating '.': > > At revision 1843219. > > --- Merging r1842849 into '.': > >C test > >C java > > --- Recording mergeinfo for merge of r1842849 into '.': > > U . > > Summary of conflicts: > > Tree conflicts: 2 > > Searching tree conflict details for 'java' in repository: > > Checking r1842849... done > > Tree conflict on 'java': > > Changes destined for a directory arrived during merge of > > '^/tomcat/trunk/java:1842849'. > > No such file or directory was found in the merge target working copy. > > The item may have been deleted or moved away in the repository's history. > > > > Subversion is not smart enough to resolve this tree conflict > automatically! > > > > Apparently neither am I :s > > That looks like you aren't in the right place in the 8.5.x source tree > to apply the patch. > > Using my scripts I need to be in tc8.5.x/trunk when apply a patch from > trunk to 8.5.x. Essentially, the path in the merge command and the cwd > have to 'line up'. > Ha! That seems to have worked smoothly from the trunk directory. Thank you, Igal
svn commit: r1843309 [2/2] - in /tomcat/trunk: ./ java/org/apache/catalina/tribes/membership/cloud/ java/org/apache/tomcat/util/json/ res/checkstyle/ webapps/docs/
Added: tomcat/trunk/java/org/apache/tomcat/util/json/JavaCharStream.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/json/JavaCharStream.java?rev=1843309&view=auto
==
--- tomcat/trunk/java/org/apache/tomcat/util/json/JavaCharStream.java (added)
+++ tomcat/trunk/java/org/apache/tomcat/util/json/JavaCharStream.java Tue Oct
9 16:36:54 2018
@@ -0,0 +1,637 @@
+/* Generated By:JavaCC: Do not edit this line. JavaCharStream.java Version 7.0
*/
+/* JavaCCOptions:STATIC=false,SUPPORT_CLASS_VISIBILITY_PUBLIC=true */
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.json;
+
+/**
+ * An implementation of interface CharStream, where the stream is assumed to
+ * contain only ASCII characters (with java-like unicode escape processing).
+ */
+
+public
+class JavaCharStream
+{
+ /** Whether parser is static. */
+ public static final boolean staticFlag = false;
+
+ static final int hexval(char c) throws java.io.IOException {
+switch(c)
+{
+ case '0' :
+ return 0;
+ case '1' :
+ return 1;
+ case '2' :
+ return 2;
+ case '3' :
+ return 3;
+ case '4' :
+ return 4;
+ case '5' :
+ return 5;
+ case '6' :
+ return 6;
+ case '7' :
+ return 7;
+ case '8' :
+ return 8;
+ case '9' :
+ return 9;
+
+ case 'a' :
+ case 'A' :
+ return 10;
+ case 'b' :
+ case 'B' :
+ return 11;
+ case 'c' :
+ case 'C' :
+ return 12;
+ case 'd' :
+ case 'D' :
+ return 13;
+ case 'e' :
+ case 'E' :
+ return 14;
+ case 'f' :
+ case 'F' :
+ return 15;
+}
+
+throw new java.io.IOException(); // Should never come here
+ }
+
+/** Position in buffer. */
+ public int bufpos = -1;
+ int bufsize;
+ int available;
+ int tokenBegin;
+ protected int bufline[];
+ protected int bufcolumn[];
+
+ protected int column = 0;
+ protected int line = 1;
+
+ protected boolean prevCharIsCR = false;
+ protected boolean prevCharIsLF = false;
+
+ protected java.io.Reader inputStream;
+
+ protected char[] nextCharBuf;
+ protected char[] buffer;
+ protected int maxNextCharInd = 0;
+ protected int nextCharInd = -1;
+ protected int inBuf = 0;
+ protected int tabSize = 1;
+ protected boolean trackLineColumn = true;
+
+ public void setTabSize(int i) { tabSize = i; }
+ public int getTabSize() { return tabSize; }
+
+ protected void ExpandBuff(boolean wrapAround)
+ {
+char[] newbuffer = new char[bufsize + 2048];
+int newbufline[] = new int[bufsize + 2048];
+int newbufcolumn[] = new int[bufsize + 2048];
+
+try
+{
+ if (wrapAround)
+ {
+System.arraycopy(buffer, tokenBegin, newbuffer, 0, bufsize -
tokenBegin);
+System.arraycopy(buffer, 0, newbuffer, bufsize - tokenBegin, bufpos);
+buffer = newbuffer;
+
+System.arraycopy(bufline, tokenBegin, newbufline, 0, bufsize -
tokenBegin);
+System.arraycopy(bufline, 0, newbufline, bufsize - tokenBegin, bufpos);
+bufline = newbufline;
+
+System.arraycopy(bufcolumn, tokenBegin, newbufcolumn, 0, bufsize -
tokenBegin);
+System.arraycopy(bufcolumn, 0, newbufcolumn, bufsize - tokenBegin,
bufpos);
+bufcolumn = newbufcolumn;
+
+bufpos += (bufsize - tokenBegin);
+}
+else
+{
+System.arraycopy(buffer, tokenBegin, newbuffer, 0, bufsize -
tokenBegin);
+buffer = newbuffer;
+
+System.arraycopy(bufline, tokenBegin, newbufline, 0, bufsize -
tokenBegin);
+bufline = newbufline;
+
+System.arraycopy(bufcolumn, tokenBegin, newbufcolumn, 0, bufsize -
tokenBegin);
+bufcolumn = newbufcolumn;
+
+bufpos -= tokenBegin;
+ }
+}
+catch (Throwable t)
+{
+ throw new Error(t.getMessage());
+}
+
+available = (bufsize += 2048);
+tokenBegin = 0;
+ }
+
+ protected void FillBuff() throws java.io.IOException
+ {
+int i;
+if (maxNextCharInd == 4096)
+ maxNextCha
svn commit: r1843309 [1/2] - in /tomcat/trunk: ./ java/org/apache/catalina/tribes/membership/cloud/ java/org/apache/tomcat/util/json/ res/checkstyle/ webapps/docs/
Author: remm
Date: Tue Oct 9 16:36:54 2018
New Revision: 1843309
URL: http://svn.apache.org/viewvc?rev=1843309&view=rev
Log:
Switch from Noggit to a javacc parser generated from a public domain json
grammar.
Added:
tomcat/trunk/java/org/apache/tomcat/util/json/
tomcat/trunk/java/org/apache/tomcat/util/json/JSONParser.java (with props)
tomcat/trunk/java/org/apache/tomcat/util/json/JSONParser.jj (with props)
tomcat/trunk/java/org/apache/tomcat/util/json/JSONParserConstants.java
(with props)
tomcat/trunk/java/org/apache/tomcat/util/json/JSONParserTokenManager.java
(with props)
tomcat/trunk/java/org/apache/tomcat/util/json/JavaCharStream.java (with
props)
tomcat/trunk/java/org/apache/tomcat/util/json/ParseException.java (with
props)
tomcat/trunk/java/org/apache/tomcat/util/json/Token.java (with props)
tomcat/trunk/java/org/apache/tomcat/util/json/TokenMgrError.java (with
props)
Modified:
tomcat/trunk/NOTICE
tomcat/trunk/build.properties.default
tomcat/trunk/build.xml
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
tomcat/trunk/res/checkstyle/org-import-control.xml
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/NOTICE
URL:
http://svn.apache.org/viewvc/tomcat/trunk/NOTICE?rev=1843309&r1=1843308&r2=1843309&view=diff
==
--- tomcat/trunk/NOTICE (original)
+++ tomcat/trunk/NOTICE Tue Oct 9 16:36:54 2018
@@ -24,6 +24,10 @@ JDT Core Batch Compiler component, which
The original software and related information is available at
https://www.eclipse.org/jdt/core/.
+org.apache.tomcat.util.json.JSONParser.jj is a public domain javacc grammar
+for JSON written by Robert Fischer.
+https://github.com/RobertFischer/json-parser
+
For portions of the Tomcat JNI OpenSSL API and the OpenSSL JSSE integration
The org.apache.tomcat.jni and the org.apache.tomcat.net.openssl packages
are derivative work originating from the Netty project and the finagle-native
Modified: tomcat/trunk/build.properties.default
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1843309&r1=1843308&r2=1843309&view=diff
==
--- tomcat/trunk/build.properties.default (original)
+++ tomcat/trunk/build.properties.default Tue Oct 9 16:36:54 2018
@@ -283,15 +283,6 @@ saaj-api.home=${base.path}/saaj-api-${sa
saaj-api.jar=${saaj-api.home}/saaj-api-${saaj-api.version}.jar
saaj-api.loc=${base-maven.loc}/javax/xml/soap/saaj-api/${saaj-api.version}/saaj-api-${saaj-api.version}.jar
-# - Noggit, version 0.8 or later -
-noggit.version=0.8
-noggit.checksum.enabled=true
-noggit.checksum.algorithm=MD5|SHA-1
-noggit.checksum.value=6856f2ceab2dd7128595e4659d22d581|ba4ad65a62d7dfcf97a8d42c82ae7d8824f9087f
-noggit.home=${base.path}/noggit-${noggit.version}
-noggit.jar=${noggit.home}/noggit-${noggit.version}.jar
-noggit.loc=${base-maven.loc}/org/noggit/noggit/${noggit.version}/noggit-${noggit.version}.jar
-
# - bnd & bndlib, version 4.0.0 or later -
# - provides OSGI metadata for JARs -
bnd.version=4.0.0
Modified: tomcat/trunk/build.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.xml?rev=1843309&r1=1843308&r2=1843309&view=diff
==
--- tomcat/trunk/build.xml (original)
+++ tomcat/trunk/build.xml Tue Oct 9 16:36:54 2018
@@ -213,7 +213,6 @@
-
@@ -390,6 +389,7 @@
+
@@ -596,6 +596,7 @@
+
@@ -2718,16 +2719,6 @@ skip.installer property in build.propert
-
-
-
-
-
-
-
-
-
-
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java?rev=1843309&r1=1843308&r2=1843309&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
Tue Oct 9 16:36:54 2018
@@ -27,6 +27,7 @@ import java.nio.file.Files;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
+import java.util.LinkedHashMap;
import java.util.List;
import org.apache.catalina.tribes.Member;
@@ -35,7 +36,7 @@ import org.apache.catalina.tribes.member
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.codec.binary.StringUtils;
-import org.noggit.JSONParser;
+import org.apache.tomcat.util.json.JSONParser;
public class KubernetesMembershipProvider extends CloudMembershipProvider {
svn commit: r1843313 - in /tomcat/native/trunk: native/include/ssl_private.h native/src/sslcontext.c native/src/sslutils.c xdocs/miscellaneous/changelog.xml
Author: markt
Date: Tue Oct 9 17:19:33 2018
New Revision: 1843313
URL: http://svn.apache.org/viewvc?rev=1843313&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62748
Add TLS 1.3 support (CLIENT-CERT untested)
Modified:
tomcat/native/trunk/native/include/ssl_private.h
tomcat/native/trunk/native/src/sslcontext.c
tomcat/native/trunk/native/src/sslutils.c
tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/trunk/native/include/ssl_private.h
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1843313&r1=1843312&r2=1843313&view=diff
==
--- tomcat/native/trunk/native/include/ssl_private.h (original)
+++ tomcat/native/trunk/native/include/ssl_private.h Tue Oct 9 17:19:33 2018
@@ -84,6 +84,7 @@
#define SSL_PROTOCOL_TLSV1 (1<<2)
#define SSL_PROTOCOL_TLSV1_1(1<<3)
#define SSL_PROTOCOL_TLSV1_2(1<<4)
+#define SSL_PROTOCOL_TLSV1_3(1<<5)
#define SSL_MODE_CLIENT (0)
#define SSL_MODE_SERVER (1)
@@ -180,6 +181,10 @@
#define HAVE_TLSV1_2
#endif
+#if defined(SSL_OP_NO_TLSv1_3)
+#define HAVE_TLSV1_3
+#endif
+
/* Check for SSL_CONF support */
#if defined(SSL_CONF_FLAG_FILE)
#define HAVE_SSL_CONF_CMD
Modified: tomcat/native/trunk/native/src/sslcontext.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1843313&r1=1843312&r2=1843313&view=diff
==
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Tue Oct 9 17:19:33 2018
@@ -152,7 +152,16 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
}
#if OPENSSL_VERSION_NUMBER < 0x1010L
-if (protocol == SSL_PROTOCOL_TLSV1_2) {
+if (protocol == SSL_PROTOCOL_TLSV1_3) {
+#ifdef HAVE_TLSV1_3
+if (mode == SSL_MODE_CLIENT)
+ctx = SSL_CTX_new(TLSv1_3_client_method());
+else if (mode == SSL_MODE_SERVER)
+ctx = SSL_CTX_new(TLSv1_3_server_method());
+else
+ctx = SSL_CTX_new(TLSv1_3_method());
+#endif
+} else if (protocol == SSL_PROTOCOL_TLSV1_2) {
#ifdef HAVE_TLSV1_2
if (mode == SSL_MODE_CLIENT)
ctx = SSL_CTX_new(TLSv1_2_client_method());
@@ -186,6 +195,10 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
ctx = SSL_CTX_new(SSLv3_method());
} else if (protocol == SSL_PROTOCOL_SSLV2) {
/* requested but not supported */
+#ifndef HAVE_TLSV1_3
+} else if (protocol & SSL_PROTOCOL_TLSV1_3) {
+/* requested but not supported */
+#endif
#ifndef HAVE_TLSV1_2
} else if (protocol & SSL_PROTOCOL_TLSV1_2) {
/* requested but not supported */
@@ -241,9 +254,19 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
if (!(protocol & SSL_PROTOCOL_TLSV1_2))
SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
#endif
+#ifdef HAVE_TLSV1_3
+if (!(protocol & SSL_PROTOCOL_TLSV1_3))
+SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_3);
+#endif
#else /* if OPENSSL_VERSION_NUMBER < 0x1010L ||
defined(LIBRESSL_VERSION_NUMBER) */
/* We first determine the maximum protocol version we should provide */
+#ifdef HAVE_TLSV1_3
+if (protocol & SSL_PROTOCOL_TLSV1_3) {
+prot = TLS1_3_VERSION;
+} else
+/* NOTE the dangling else above: take care to preserve it */
+#endif
if (protocol & SSL_PROTOCOL_TLSV1_2) {
prot = TLS1_2_VERSION;
} else if (protocol & SSL_PROTOCOL_TLSV1_1) {
@@ -261,6 +284,12 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
/* Next we scan for the minimal protocol version we should provide,
* but we do not allow holes between max and min */
+#ifdef HAVE_TLSV1_3
+if (prot == TLS1_3_VERSION && protocol & SSL_PROTOCOL_TLSV1_2) {
+prot = TLS1_2_VERSION;
+} else
+/* NOTE the dangling else above: take care to preserve it */
+#endif
if (prot == TLS1_2_VERSION && protocol & SSL_PROTOCOL_TLSV1_1) {
prot = TLS1_1_VERSION;
}
Modified: tomcat/native/trunk/native/src/sslutils.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1843313&r1=1843312&r2=1843313&view=diff
==
--- tomcat/native/trunk/native/src/sslutils.c (original)
+++ tomcat/native/trunk/native/src/sslutils.c Tue Oct 9 17:19:33 2018
@@ -386,12 +386,24 @@ int SSL_callback_SSL_verify(int ok, X509
void SSL_callback_handshake(const SSL *ssl, int where, int rc)
{
tcn_ssl_conn_t *con = (tcn_ssl_conn_t *)SSL_get_app_data(ssl);
+#ifdef HAVE_TLSV1_3
+const SSL_SESSION *session = SSL_get_session(ssl);
+#endif
/* Retrieve the conn_rec and the associated SSLConnRec. */
if (con == NULL) {
return;
}
+#ifdef HAVE_TLSV1_3
+/* TLS 1.3 does not use renegotiation so do not update the renegotiation
+ * state once we kno
svn commit: r1843314 - in /tomcat/trunk: java/org/apache/tomcat/jni/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ java/org/apache/tomcat/util/net/openssl/ webapps/docs/ webap
Author: markt
Date: Tue Oct 9 17:23:48 2018
New Revision: 1843314
URL: http://svn.apache.org/viewvc?rev=1843314&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62748
Add TLS 1.3 support (CLIENT-CERT untested)
Modified:
tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/http.xml
Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSL.java?rev=1843314&r1=1843313&r2=1843314&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/jni/SSL.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/SSL.java Tue Oct 9 17:23:48 2018
@@ -73,7 +73,9 @@ public final class SSL {
public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
public static final int SSL_PROTOCOL_TLSV1_1 = (1<<3);
public static final int SSL_PROTOCOL_TLSV1_2 = (1<<4);
-public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 |
SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2);
+public static final int SSL_PROTOCOL_TLSV1_3 = (1<<5);
+public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 |
SSL_PROTOCOL_TLSV1_1 |
+ SSL_PROTOCOL_TLSV1_2 |
SSL_PROTOCOL_TLSV1_3);
/*
* Define the SSL verify levels
Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java?rev=1843314&r1=1843313&r2=1843314&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/SSLContext.java Tue Oct 9 17:23:48
2018
@@ -41,6 +41,7 @@ public final class SSLContext {
* {@link SSL#SSL_PROTOCOL_TLSV1}
* {@link SSL#SSL_PROTOCOL_TLSV1_1}
* {@link SSL#SSL_PROTOCOL_TLSV1_2}
+ * {@link SSL#SSL_PROTOCOL_TLSV1_3}
* {@link SSL#SSL_PROTOCOL_ALL} ( == all TLS versions, no SSL)
*
* @param mode SSL mode to use
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1843314&r1=1843313&r2=1843314&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Tue Oct 9
17:23:48 2018
@@ -439,6 +439,8 @@ public class AprEndpoint extends Abstrac
value |= SSL.SSL_PROTOCOL_TLSV1_1;
} else if
(Constants.SSL_PROTO_TLSv1_2.equalsIgnoreCase(protocol)) {
value |= SSL.SSL_PROTOCOL_TLSV1_2;
+} else if
(Constants.SSL_PROTO_TLSv1_3.equalsIgnoreCase(protocol)) {
+value |= SSL.SSL_PROTOCOL_TLSV1_3;
} else {
// Should not happen since filtering to build
// enabled protocols removes invalid values.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1843314&r1=1843313&r2=1843314&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Tue Oct 9
17:23:48 2018
@@ -35,7 +35,6 @@ import javax.net.ssl.TrustManagerFactory
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
-import org.apache.tomcat.util.compat.TLS;
import org.apache.tomcat.util.net.openssl.OpenSSLConf;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
import
org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
@@ -62,9 +61,7 @@ public class SSLHostConfig implements Se
SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1);
SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1_1);
SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1_2);
-if (TLS.isTlsv13Available()) {
-SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1_3);
-}
+SSL_
[Bug 62794] Tomcat request-read fails when using TLSv1.3 with APR connector
https://bz.apache.org/bugzilla/show_bug.cgi?id=62794 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |DUPLICATE --- Comment #2 from Mark Thomas --- Fixed in trunk for 1.2.18 onwards. *** This bug has been marked as a duplicate of bug 62748 *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62748] Add support for TLS 1.3 (RFC 8446)
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748 Mark Thomas changed: What|Removed |Added CC||ch...@christopherschultz.ne ||t --- Comment #14 from Mark Thomas --- *** Bug 62794 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Bug 62794] Tomcat request-read fails when using TLSv1.3 with APR connector
On 09/10/18 18:25, bugzi...@apache.org wrote: > https://bz.apache.org/bugzilla/show_bug.cgi?id=62794 > > Mark Thomas changed: > >What|Removed |Added > > Status|NEW |RESOLVED > Resolution|--- |DUPLICATE > > --- Comment #2 from Mark Thomas --- > Fixed in trunk for 1.2.18 onwards. > > *** This bug has been marked as a duplicate of bug 62748 *** I've just realised this means we are going to need to a Tomcat Native 1.2.18 release before the next round of Tomcat releases to pick up TLS 1.3 support. My plan is to look at CLIENT-CERT support and then tag and release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62748] Add support for TLS 1.3 (RFC 8446)
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748 --- Comment #15 from Mark Thomas --- I've applied those patches with some minor modifications to: - fix the problem described in bug 62794 - ensure that the a warning is displayed when explicitly configuring TLSv1.3 but TLSv1.3 is not supported (Java and Tomcat Native) - align the patch to the existing implementation Still need to test CLIENT-CERT. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1843315 - in /tomcat/trunk/java/org/apache/tomcat/util/json: JSONParser.java JSONParserTokenManager.java JavaCharStream.java ParseException.java Token.java TokenMgrError.java
Author: markt
Date: Tue Oct 9 17:37:23 2018
New Revision: 1843315
URL: http://svn.apache.org/viewvc?rev=1843315&view=rev
Log:
Silence IDE warnings
Modified:
tomcat/trunk/java/org/apache/tomcat/util/json/JSONParser.java
tomcat/trunk/java/org/apache/tomcat/util/json/JSONParserTokenManager.java
tomcat/trunk/java/org/apache/tomcat/util/json/JavaCharStream.java
tomcat/trunk/java/org/apache/tomcat/util/json/ParseException.java
tomcat/trunk/java/org/apache/tomcat/util/json/Token.java
tomcat/trunk/java/org/apache/tomcat/util/json/TokenMgrError.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/json/JSONParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/json/JSONParser.java?rev=1843315&r1=1843314&r2=1843315&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/json/JSONParser.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/json/JSONParser.java Tue Oct 9
17:37:23 2018
@@ -24,7 +24,7 @@ import java.util.*;
import java.math.*;
/**
-* Basic JSON parser generated by JavaCC. It consumes the input provided
through the constructor when
+* Basic JSON parser generated by JavaCC. It consumes the input provided
through the constructor when
* {@code parseObject()}, {@code parseList()}, or {@code parse()} are called,
and there is no way to directly
* reset the state.
* Set the {@code fallbackToString} property if you want to enable
@@ -35,6 +35,7 @@ import java.math.*;
*
* This class makes no pretenses towards being thread safe.
*/
+@SuppressWarnings("all") // Ignore warnings in generated code
public class JSONParser implements JSONParserConstants {
private boolean nativeNumbers = false;
@@ -62,7 +63,7 @@ public class JSONParser implements JSONP
}
/**
-* Parses any JSON-parseable object, returning the value.
+* Parses any JSON-parseable object, returning the value.
*/
public Object parse() throws ParseException {
Object toReturn = anything();
Modified:
tomcat/trunk/java/org/apache/tomcat/util/json/JSONParserTokenManager.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/json/JSONParserTokenManager.java?rev=1843315&r1=1843314&r2=1843315&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/json/JSONParserTokenManager.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/json/JSONParserTokenManager.java
Tue Oct 9 17:37:23 2018
@@ -18,11 +18,9 @@
*/
package org.apache.tomcat.util.json;
-import java.io.*;
-import java.util.*;
-import java.math.*;
/** Token Manager. */
+@SuppressWarnings("all") // Ignore warnings in generated code
public class JSONParserTokenManager implements JSONParserConstants {
/** Debug output. */
@@ -593,8 +591,8 @@ private int jjMoveNfa_0(int startState,
/** Token literal values. */
public static final String[] jjstrLiteralImages = {
-"", null, null, null, null, null, "\54", "\173", "\175", "\72", "\133",
-"\135", null, null, null, null, null, null, null, null, null, null, "\47\47",
+"", null, null, null, null, null, "\54", "\173", "\175", "\72", "\133",
+"\135", null, null, null, null, null, null, null, null, null, null, "\47\47",
"\42\42", null, null, null, null, null, null, };
protected Token jjFillToken()
{
@@ -622,8 +620,8 @@ protected Token jjFillToken()
return t;
}
static final int[] jjnextStates = {
- 6, 7, 9, 27, 28, 30, 36, 19, 22, 29, 37, 31, 27, 30, 31, 11,
- 12, 14, 1, 2, 20, 21, 23, 25, 34, 35,
+ 6, 7, 9, 27, 28, 30, 36, 19, 22, 29, 37, 31, 27, 30, 31, 11,
+ 12, 14, 1, 2, 20, 21, 23, 25, 34, 35,
};
private static final boolean jjCanMove_0(int hiByte, int i1, int i2, long l1,
long l2)
{
@@ -646,7 +644,7 @@ int jjmatchedPos;
int jjmatchedKind;
/** Get the next Token. */
-public Token getNextToken()
+public Token getNextToken()
{
Token matchedToken;
int curPos = 0;
@@ -774,7 +772,7 @@ private void jjCheckNAddStates(int start
}
/** Reinitialise parser. */
-
+
public void ReInit(JavaCharStream stream)
{
@@ -797,7 +795,7 @@ private void jjCheckNAddStates(int start
/** Reinitialise parser. */
public void ReInit(JavaCharStream stream, int lexState)
-
+
{
ReInit(stream);
SwitchTo(lexState);
@@ -820,20 +818,20 @@ public static final String[] lexStateNam
/** Lex State array. */
public static final int[] jjnewLexState = {
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1,
};
static final long[] jjtoToken = {
- 0x3ccf8fc1L,
+ 0x3ccf8fc1L,
};
static final long[] jjtoSkip = {
- 0x3eL,
+ 0x3eL,
};
static final long[] jjtoSpecial = {
- 0x0L,
+ 0x0
svn commit: r1843325 - /tomcat/trunk/res/checkstyle/org-import-control.xml
Author: markt Date: Tue Oct 9 18:50:56 2018 New Revision: 1843325 URL: http://svn.apache.org/viewvc?rev=1843325&view=rev Log: Modify import controls so they do not overlap which prevents the reversal of deny/allow ordering from causing failures in Gump which uses the latest Checkstyle code Modified: tomcat/trunk/res/checkstyle/org-import-control.xml Modified: tomcat/trunk/res/checkstyle/org-import-control.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/res/checkstyle/org-import-control.xml?rev=1843325&r1=1843324&r2=1843325&view=diff == --- tomcat/trunk/res/checkstyle/org-import-control.xml (original) +++ tomcat/trunk/res/checkstyle/org-import-control.xml Tue Oct 9 18:50:56 2018 @@ -79,7 +79,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1843327 - in /tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud: AbstractStreamProvider.java CloudMembershipService.java InsecureStreamProvider.java
Author: markt
Date: Tue Oct 9 18:53:53 2018
New Revision: 1843327
URL: http://svn.apache.org/viewvc?rev=1843327&view=rev
Log:
Fix IDE warnings
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/InsecureStreamProvider.java
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java?rev=1843327&r1=1843326&r2=1843327&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java
Tue Oct 9 18:53:53 2018
@@ -38,8 +38,11 @@ public abstract class AbstractStreamProv
protected static final TrustManager[] INSECURE_TRUST_MANAGERS = new
TrustManager[] {
new X509TrustManager() {
+@Override
public void checkClientTrusted(X509Certificate[] chain, String
authType) throws CertificateException {}
+@Override
public void checkServerTrusted(X509Certificate[] chain, String
authType) throws CertificateException {}
+@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@@ -57,7 +60,8 @@ public abstract class AbstractStreamProv
*/
public URLConnection openConnection(String url, Map
headers, int connectTimeout, int readTimeout) throws IOException {
if (log.isDebugEnabled()) {
-log.debug(String.format("%s opening connection: url [%s], headers
[%s], connectTimeout [%s], readTimeout [%s]", getClass().getSimpleName(), url,
headers, connectTimeout, readTimeout));
+log.debug(String.format("%s opening connection: url [%s], headers
[%s], connectTimeout [%s], readTimeout [%s]",
+getClass().getSimpleName(), url, headers,
Integer.toString(connectTimeout), Integer.toString(readTimeout)));
}
URLConnection connection = new URL(url).openConnection();
if (headers != null) {
@@ -67,7 +71,8 @@ public abstract class AbstractStreamProv
}
if (connectTimeout < 0 || readTimeout < 0) {
throw new IllegalArgumentException(
-String.format("Neither connectTimeout [%s] nor readTimeout
[%s] can be less than 0 for URLConnection.", connectTimeout, readTimeout));
+String.format("Neither connectTimeout [%s] nor readTimeout
[%s] can be less than 0 for URLConnection.",
+Integer.toString(connectTimeout),
Integer.toString(readTimeout)));
}
connection.setConnectTimeout(connectTimeout);
connection.setReadTimeout(readTimeout);
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java?rev=1843327&r1=1843326&r2=1843327&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java
Tue Oct 9 18:53:53 2018
@@ -146,7 +146,8 @@ public class CloudMembershipService exte
@Override
public void setLocalMemberProperties(String listenHost, int listenPort,
int securePort, int udpPort) {
if (log.isDebugEnabled()) {
-log.debug(String.format("setLocalMemberProperties(%s, %d, %d,
%d)", listenHost, listenPort, securePort, udpPort));
+log.debug(String.format("setLocalMemberProperties(%s, %d, %d,
%d)", listenHost,
+Integer.toString(listenPort),
Integer.toString(securePort), Integer.toString(udpPort)));
}
properties.setProperty("tcpListenHost", listenHost);
properties.setProperty("tcpListenPort", String.valueOf(listenPort));
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/InsecureStreamProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/InsecureStreamProvider.java?rev=1843327&r1=1843326&r2=1843327&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/InsecureStreamProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/InsecureStreamProvider.java
Tue Oct 9 18:53:53 2018
@@ -35,6 +35,7 @@ public class
svn commit: r1843328 - /tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
Author: markt
Date: Tue Oct 9 18:55:17 2018
New Revision: 1843328
URL: http://svn.apache.org/viewvc?rev=1843328&view=rev
Log:
Fix unused code warning
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java?rev=1843328&r1=1843327&r2=1843328&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
Tue Oct 9 18:55:17 2018
@@ -90,7 +90,7 @@ public class CertificateStreamProvider e
String alias = cert.getSubjectX500Principal().getName();
keyStore.setKeyEntry(alias, privKey, clientKeyPassword, new
Certificate[]{cert});
-KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(clientKeyAlgo);
keyManagerFactory.init(keyStore, clientKeyPassword);
return keyManagerFactory.getKeyManagers();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1843328 - /tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
On 09/10/18 19:55, ma...@apache.org wrote:
> Author: markt
> Date: Tue Oct 9 18:55:17 2018
> New Revision: 1843328
>
> URL: http://svn.apache.org/viewvc?rev=1843328&view=rev
> Log:
> Fix unused code warning
My IDE popped up a warning that this parameter was unused. I think I
have fixed this correctly but additional review would be good here.
Mark
>
> Modified:
>
> tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
>
> Modified:
> tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java?rev=1843328&r1=1843327&r2=1843328&view=diff
> ==
> ---
> tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
> (original)
> +++
> tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
> Tue Oct 9 18:55:17 2018
> @@ -90,7 +90,7 @@ public class CertificateStreamProvider e
> String alias = cert.getSubjectX500Principal().getName();
> keyStore.setKeyEntry(alias, privKey, clientKeyPassword, new
> Certificate[]{cert});
>
> -KeyManagerFactory keyManagerFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> +KeyManagerFactory keyManagerFactory =
> KeyManagerFactory.getInstance(clientKeyAlgo);
> keyManagerFactory.init(keyStore, clientKeyPassword);
>
> return keyManagerFactory.getKeyManagers();
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1843328 - /tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
On Tue, Oct 9, 2018 at 8:56 PM Mark Thomas wrote: > On 09/10/18 19:55, ma...@apache.org wrote: > > Author: markt > > Date: Tue Oct 9 18:55:17 2018 > > New Revision: 1843328 > > > > URL: http://svn.apache.org/viewvc?rev=1843328&view=rev > > Log: > > Fix unused code warning > > My IDE popped up a warning that this parameter was unused. I think I > have fixed this correctly but additional review would be good here. > Good idea. My own IDE never cares about anything. Rémy
Re: svn commit: r1843328 - /tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
On 09/10/18 19:58, Rémy Maucherat wrote: > On Tue, Oct 9, 2018 at 8:56 PM Mark Thomas wrote: > >> On 09/10/18 19:55, ma...@apache.org wrote: >>> Author: markt >>> Date: Tue Oct 9 18:55:17 2018 >>> New Revision: 1843328 >>> >>> URL: http://svn.apache.org/viewvc?rev=1843328&view=rev >>> Log: >>> Fix unused code warning >> >> My IDE popped up a warning that this parameter was unused. I think I >> have fixed this correctly but additional review would be good here. >> > > Good idea. My own IDE never cares about anything. Some further testing suggests my change wasn't what was intended (since there is a hard-coded default of "RSA" set further up the stack and that is an invalid value here). Was was intended? I can't see anywhere else where clientKeyAlgo could be used. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1843329 - /tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
Author: markt
Date: Tue Oct 9 19:07:25 2018
New Revision: 1843329
URL: http://svn.apache.org/viewvc?rev=1843329&view=rev
Log:
Revert previous change. It will break with the defaults.
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java?rev=1843329&r1=1843328&r2=1843329&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
Tue Oct 9 19:07:25 2018
@@ -77,6 +77,7 @@ public class CertificateStreamProvider e
}
private static KeyManager[] configureClientCert(String clientCertFile,
String clientKeyFile, char[] clientKeyPassword, String clientKeyAlgo) throws
Exception {
+// TODO What is intended usage of clientKeyAlgo?
try (InputStream certInputStream = new
FileInputStream(clientCertFile)) {
CertificateFactory certFactory =
CertificateFactory.getInstance("X509");
X509Certificate cert =
(X509Certificate)certFactory.generateCertificate(certInputStream);
@@ -90,7 +91,7 @@ public class CertificateStreamProvider e
String alias = cert.getSubjectX500Principal().getName();
keyStore.setKeyEntry(alias, privKey, clientKeyPassword, new
Certificate[]{cert});
-KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(clientKeyAlgo);
+KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, clientKeyPassword);
return keyManagerFactory.getKeyManagers();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1843330 - in /tomcat/trunk/java/org/apache: catalina/tribes/membership/cloud/CloudMembershipService.java naming/factory/LookupFactory.java tomcat/dbcp/dbcp2/managed/BasicManagedDataSource
Author: markt
Date: Tue Oct 9 19:15:38 2018
New Revision: 1843330
URL: http://svn.apache.org/viewvc?rev=1843330&view=rev
Log:
Fix a few deprecation warnings when compiling with Java 11 (others remain that
are harder to fix).
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java
tomcat/trunk/java/org/apache/naming/factory/LookupFactory.java
tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/managed/BasicManagedDataSource.java
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java?rev=1843330&r1=1843329&r2=1843330&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java
Tue Oct 9 19:15:38 2018
@@ -106,7 +106,8 @@ public class CloudMembershipService exte
if (log.isDebugEnabled()) {
log.debug("Using membershipProvider: " + provider);
}
-membershipProvider = (MembershipProvider)
Class.forName(provider).newInstance();
+membershipProvider =
+(MembershipProvider)
Class.forName(provider).getConstructor().newInstance();
membershipProvider.setMembershipListener(this);
membershipProvider.setMembershipService(this);
membershipProvider.init(properties);
Modified: tomcat/trunk/java/org/apache/naming/factory/LookupFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/naming/factory/LookupFactory.java?rev=1843330&r1=1843329&r2=1843330&view=diff
==
--- tomcat/trunk/java/org/apache/naming/factory/LookupFactory.java (original)
+++ tomcat/trunk/java/org/apache/naming/factory/LookupFactory.java Tue Oct 9
19:15:38 2018
@@ -106,7 +106,7 @@ public class LookupFactory implements Ob
}
if (factoryClass != null) {
try {
-factory = (ObjectFactory)
factoryClass.newInstance();
+factory = (ObjectFactory)
factoryClass.getConstructor().newInstance();
} catch (Throwable t) {
if (t instanceof NamingException)
throw (NamingException) t;
Modified:
tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/managed/BasicManagedDataSource.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/managed/BasicManagedDataSource.java?rev=1843330&r1=1843329&r2=1843330&view=diff
==
---
tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/managed/BasicManagedDataSource.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/managed/BasicManagedDataSource.java
Tue Oct 9 19:15:38 2018
@@ -190,7 +190,7 @@ public class BasicManagedDataSource exte
}
try {
-xaDataSourceInstance = (XADataSource)
xaDataSourceClass.newInstance();
+xaDataSourceInstance = (XADataSource)
xaDataSourceClass.getConstructor().newInstance();
} catch (final Exception t) {
final String message = "Cannot create XA data source of class
'" + xaDataSource + "'";
throw new SQLException(message, t);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1843328 - /tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
On Tue, Oct 9, 2018 at 9:05 PM Mark Thomas wrote: > On 09/10/18 19:58, Rémy Maucherat wrote: > > On Tue, Oct 9, 2018 at 8:56 PM Mark Thomas wrote: > > > >> On 09/10/18 19:55, ma...@apache.org wrote: > >>> Author: markt > >>> Date: Tue Oct 9 18:55:17 2018 > >>> New Revision: 1843328 > >>> > >>> URL: http://svn.apache.org/viewvc?rev=1843328&view=rev > >>> Log: > >>> Fix unused code warning > >> > >> My IDE popped up a warning that this parameter was unused. I think I > >> have fixed this correctly but additional review would be good here. > >> > > > > Good idea. My own IDE never cares about anything. > > Some further testing suggests my change wasn't what was intended (since > there is a hard-coded default of "RSA" set further up the stack and that > is an invalid value here). Was was intended? I can't see anywhere else > where clientKeyAlgo could be used. > Ok, so it's because the jgroups code doesn't use our PEMFile to get the private key, and it tries three key algorithms until it works. I can add the ability in the PEMFile to pass that parameter (one extra constructor), or forget about it and keep it as is. Rémy
svn commit: r1843334 - in /tomcat/trunk/java/org/apache: catalina/tribes/membership/cloud/CertificateStreamProvider.java tomcat/util/net/jsse/PEMFile.java
Author: remm
Date: Tue Oct 9 19:27:09 2018
New Revision: 1843334
URL: http://svn.apache.org/viewvc?rev=1843334&view=rev
Log:
Fix use of client key algorithm parameter.
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java?rev=1843334&r1=184&r2=1843334&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
Tue Oct 9 19:27:09 2018
@@ -47,11 +47,8 @@ public class CertificateStreamProvider e
private final SSLSocketFactory factory;
CertificateStreamProvider(String clientCertFile, String clientKeyFile,
String clientKeyPassword, String clientKeyAlgo, String caCertFile) throws
Exception {
-// defaults - RSA and empty password
char[] password = (clientKeyPassword != null) ?
clientKeyPassword.toCharArray() : new char[0];
-String algorithm = (clientKeyAlgo != null) ? clientKeyAlgo : "RSA";
-
-KeyManager[] keyManagers = configureClientCert(clientCertFile,
clientKeyFile, password, algorithm);
+KeyManager[] keyManagers = configureClientCert(clientCertFile,
clientKeyFile, password, clientKeyAlgo);
TrustManager[] trustManagers = configureCaCert(caCertFile);
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagers, trustManagers, null);
@@ -77,12 +74,11 @@ public class CertificateStreamProvider e
}
private static KeyManager[] configureClientCert(String clientCertFile,
String clientKeyFile, char[] clientKeyPassword, String clientKeyAlgo) throws
Exception {
-// TODO What is intended usage of clientKeyAlgo?
try (InputStream certInputStream = new
FileInputStream(clientCertFile)) {
CertificateFactory certFactory =
CertificateFactory.getInstance("X509");
X509Certificate cert =
(X509Certificate)certFactory.generateCertificate(certInputStream);
-PEMFile pemFile = new PEMFile(clientKeyFile, new
String(clientKeyPassword));
+PEMFile pemFile = new PEMFile(clientKeyFile, new
String(clientKeyPassword), clientKeyAlgo);
PrivateKey privKey = pemFile.getPrivateKey();
KeyStore keyStore = KeyStore.getInstance("JKS");
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java?rev=1843334&r1=184&r2=1843334&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java Tue Oct 9
19:27:09 2018
@@ -70,6 +70,10 @@ public class PEMFile {
}
public PEMFile(String filename, String password) throws IOException,
GeneralSecurityException {
+this(filename, password, null);
+}
+
+public PEMFile(String filename, String password, String keyAlgorithm)
throws IOException, GeneralSecurityException {
this.filename = filename;
List parts = new ArrayList<>();
@@ -93,10 +97,10 @@ public class PEMFile {
for (Part part : parts) {
switch (part.type) {
case "PRIVATE KEY":
-privateKey = part.toPrivateKey(null);
+privateKey = part.toPrivateKey(null, keyAlgorithm);
break;
case "ENCRYPTED PRIVATE KEY":
-privateKey = part.toPrivateKey(password);
+privateKey = part.toPrivateKey(password, keyAlgorithm);
break;
case "CERTIFICATE":
case "X509 CERTIFICATE":
@@ -122,7 +126,7 @@ public class PEMFile {
return (X509Certificate) factory.generateCertificate(new
ByteArrayInputStream(decode()));
}
-public PrivateKey toPrivateKey(String password) throws
GeneralSecurityException, IOException {
+public PrivateKey toPrivateKey(String password, String keyAlgorithm)
throws GeneralSecurityException, IOException {
KeySpec keySpec;
if (password == null) {
@@ -139,9 +143,17 @@ public class PEMFile {
}
InvalidKeyException exception = new
InvalidKeyException(sm.getString("jsse.pemParseError", filename));
-for (String algorithm : new String[] {"RSA", "DSA", "EC"}) {
+if (keyAlgorithm == null) {
+for (String algo
[Bug 62748] Add support for TLS 1.3 (RFC 8446)
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748 --- Comment #16 from Christopher Schultz --- A quick smoke-test using openssl appears to work. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62748] Add support for TLS 1.3 (RFC 8446)
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748 --- Comment #17 from Christopher Schultz --- A quick test with Firefox 62 and Chrome 69 shows that they are still connecting using TLSv1.2. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62748] Add support for TLS 1.3 (RFC 8446)
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748 --- Comment #18 from Christopher Schultz --- When using my ssltest tool[1] with OpenJDK 11, I get the following output when configured with protocols="TLSv1.2+TLSv1.3": Host [localhost] resolves to addresses [127.0.0.1], [0:0:0:0:0:0:0:1] Auto-detected client-supported protocols: [DTLSv1.0, DTLSv1.2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3] Testing server localhost:8443 Supported Protocol Cipher Accepted TLSv1.2 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Accepted TLSv1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Accepted TLSv1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Accepted TLSv1.2 TLS_DHE_RSA_WITH_AES_128_CBC_SHA Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Accepted TLSv1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Accepted TLSv1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Accepted TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Accepted TLSv1.3 TLS_AES_128_GCM_SHA256 Accepted TLSv1.3 TLS_AES_256_GCM_SHA384 Given this client's capabilities ([DTLSv1.0, DTLSv1.2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3]), the server prefers protocol=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256 Note that ssltest only performs a TLS handshake and does not attempt to communicate using HTTP over that connection. [1] https://github.com/ChristopherSchultz/ssltest -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62748] Add support for TLS 1.3 (RFC 8446)
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748 --- Comment #19 from Michael Osipov --- Try sslscan(1), it can also do an HTTP request: https://github.com/rbsec/sslscan -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62748] Add support for TLS 1.3 (RFC 8446)
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748 --- Comment #20 from Christopher Schultz --- Using OpenJDK 11, a simple https:// protocol test works for both configurations "TLSv1.2+TLSv1.3" and simply "TLSv1.3". In the former case, Firefox/Chrome connect using TLSv1.2. For the latter case, Firefox/Chrome fail with SSL_ERROR_PROTOCOL_VERSION_ALERT or ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors. ssltest successfully negotiates both TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384. Qualys/SSLLabs client test[1] confirms that both of these ciphers are supported by my browser. [1] https://www.ssllabs.com/ssltest/viewMyClient.html -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1843361 - /tomcat/trunk/build.xml
Author: remm
Date: Tue Oct 9 22:44:05 2018
New Revision: 1843361
URL: http://svn.apache.org/viewvc?rev=1843361&view=rev
Log:
Fix ant javadoc.
Modified:
tomcat/trunk/build.xml
Modified: tomcat/trunk/build.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.xml?rev=1843361&r1=1843360&r2=1843361&view=diff
==
--- tomcat/trunk/build.xml (original)
+++ tomcat/trunk/build.xml Tue Oct 9 22:44:05 2018
@@ -1972,6 +1972,7 @@ Apache Tomcat ${version} native binaries
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ClusteringCloud" by JeanFredericClere
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ClusteringCloud" page has been changed by JeanFredericClere: https://wiki.apache.org/tomcat/ClusteringCloud New page: How to use tomcat clustering in the cloud. The load-balancer and the sticky (or not sticky) logic is provided by the cloud it self, basically you have to expose a service and configure a route. Cloud configuration depends on the cloud providers, document for the mean cloud providers will be added to this wiki. The tomcat clustering for the cloud uses Kubernetes you have to configure your nodes to use Kubernetes, all cloud providers support Kubernetes. Kubernetes uses Docker so you have to create a Docker image to use tomcat in the cloud. There are 2 ways to organize your images, use a standalone tomcat and add your webapps to it or prepare your webapps as a micro service and have one image per webapps. Each image will be started as a pod on kubernetes, you can scale up and down by changing the number of pods running your webapp or your tomcat. Hanging or dying pods are restarted by kubernetes. = 1 - "Standalone" tomcat configuration: =; In server.xml use the following: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ClusteringCloud" by JeanFredericClere
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ClusteringCloud" page has been changed by JeanFredericClere: https://wiki.apache.org/tomcat/ClusteringCloud?action=diff&rev1=1&rev2=2 There are 2 ways to organize your images, use a standalone tomcat and add your webapps to it or prepare your webapps as a micro service and have one image per webapps. Each image will be started as a pod on kubernetes, you can scale up and down by changing the number of pods running your webapp or your tomcat. Hanging or dying pods are restarted by kubernetes. - = 1 - "Standalone" tomcat configuration: =; + = "Standalone" tomcat configuration: =; In server.xml use the following: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ClusteringCloud" by JeanFredericClere
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ClusteringCloud" page has been changed by JeanFredericClere: https://wiki.apache.org/tomcat/ClusteringCloud?action=diff&rev1=2&rev2=3 There are 2 ways to organize your images, use a standalone tomcat and add your webapps to it or prepare your webapps as a micro service and have one image per webapps. Each image will be started as a pod on kubernetes, you can scale up and down by changing the number of pods running your webapp or your tomcat. Hanging or dying pods are restarted by kubernetes. - = "Standalone" tomcat configuration: =; + 1 - "Full" tomcat configuration: + In server.xml use the following: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
