Re: November releases
On 02/11/2021 16:58, Christopher Schultz wrote: Mark, On 11/2/21 07:45, Mark Thomas wrote: Hi all, There doesn't seem to be much in the changelogs at the moment and the code signing is currently unavailable as the renewal process is taking longer than expected. Therefore, my current thinking is to delay the release process and review the situation towards the end of the week. Thoughts? +1 I was thinking the same thing (not much to release). The code signing service is now back up and running. I'd like to configure the code signing service to use a certificate that includes "Tomcat" in the name (currently we have a dedicated cert for Tomcat but it names the ASF as a whole). That should be fairly quick. I'd also like to iron out the wrinkles in the new CI service. As far as I can tell, the Tomcat jobs have been migrated but there are a few small issues to resolve. I plan to work on the above today and - if make sufficient progress - intend to tag towards the end of today although that might slip to over the weekend / early next week. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add new methods from OpenSSL module
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b1ae8af Add new methods from OpenSSL module
b1ae8af is described below
commit b1ae8aff68a64b3f81bf848452cddbf71eb48eaa
Author: remm
AuthorDate: Fri Nov 5 11:29:30 2021 +0100
Add new methods from OpenSSL module
---
java/org/apache/tomcat/util/buf/Asn1Parser.java | 10 ++
1 file changed, 10 insertions(+)
diff --git a/java/org/apache/tomcat/util/buf/Asn1Parser.java
b/java/org/apache/tomcat/util/buf/Asn1Parser.java
index e8e5727..436e5ea 100644
--- a/java/org/apache/tomcat/util/buf/Asn1Parser.java
+++ b/java/org/apache/tomcat/util/buf/Asn1Parser.java
@@ -41,6 +41,16 @@ public class Asn1Parser {
}
+public boolean eof() {
+return pos == source.length;
+}
+
+
+public int peekTag() {
+return source[pos] & 0xFF;
+}
+
+
public void parseTag(int tag) {
int value = next();
if (value != tag) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Add new methods from OpenSSL module
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 71dcc52 Add new methods from OpenSSL module
71dcc52 is described below
commit 71dcc52a8b815edc9a53e417634ce2473a32
Author: remm
AuthorDate: Fri Nov 5 11:29:30 2021 +0100
Add new methods from OpenSSL module
---
java/org/apache/tomcat/util/buf/Asn1Parser.java | 10 ++
1 file changed, 10 insertions(+)
diff --git a/java/org/apache/tomcat/util/buf/Asn1Parser.java
b/java/org/apache/tomcat/util/buf/Asn1Parser.java
index e8e5727..436e5ea 100644
--- a/java/org/apache/tomcat/util/buf/Asn1Parser.java
+++ b/java/org/apache/tomcat/util/buf/Asn1Parser.java
@@ -41,6 +41,16 @@ public class Asn1Parser {
}
+public boolean eof() {
+return pos == source.length;
+}
+
+
+public int peekTag() {
+return source[pos] & 0xFF;
+}
+
+
public void parseTag(int tag) {
int value = next();
if (value != tag) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Add new methods from OpenSSL module
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new df9fa96 Add new methods from OpenSSL module
df9fa96 is described below
commit df9fa962c1c6dd0f515e641ac5cb9ee0b2082bcf
Author: remm
AuthorDate: Fri Nov 5 11:29:30 2021 +0100
Add new methods from OpenSSL module
---
java/org/apache/tomcat/util/buf/Asn1Parser.java | 10 ++
1 file changed, 10 insertions(+)
diff --git a/java/org/apache/tomcat/util/buf/Asn1Parser.java
b/java/org/apache/tomcat/util/buf/Asn1Parser.java
index e8e5727..436e5ea 100644
--- a/java/org/apache/tomcat/util/buf/Asn1Parser.java
+++ b/java/org/apache/tomcat/util/buf/Asn1Parser.java
@@ -41,6 +41,16 @@ public class Asn1Parser {
}
+public boolean eof() {
+return pos == source.length;
+}
+
+
+public int peekTag() {
+return source[pos] & 0xFF;
+}
+
+
public void parseTag(int tag) {
int value = next();
if (value != tag) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Add new methods from OpenSSL module
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 22317d3 Add new methods from OpenSSL module
22317d3 is described below
commit 22317d39c7d0dc4e0628fd60cf96b27a41b192cd
Author: remm
AuthorDate: Fri Nov 5 11:29:30 2021 +0100
Add new methods from OpenSSL module
---
java/org/apache/tomcat/util/buf/Asn1Parser.java | 10 ++
1 file changed, 10 insertions(+)
diff --git a/java/org/apache/tomcat/util/buf/Asn1Parser.java
b/java/org/apache/tomcat/util/buf/Asn1Parser.java
index e8e5727..436e5ea 100644
--- a/java/org/apache/tomcat/util/buf/Asn1Parser.java
+++ b/java/org/apache/tomcat/util/buf/Asn1Parser.java
@@ -41,6 +41,16 @@ public class Asn1Parser {
}
+public boolean eof() {
+return pos == source.length;
+}
+
+
+public int peekTag() {
+return source[pos] & 0xFF;
+}
+
+
public void parseTag(int tag) {
int value = next();
if (value != tag) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix comment TODO
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new e61a39c Fix comment TODO
e61a39c is described below
commit e61a39c9daaa9b29dd628c0888cc35fea2ad3c7f
Author: Mark Thomas
AuthorDate: Fri Nov 5 10:31:44 2021 +
Fix comment TODO
While this needed fixing, this commit has primarily been made to trigger
a CI build to
---
java/jakarta/servlet/ServletContext.java | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/java/jakarta/servlet/ServletContext.java
b/java/jakarta/servlet/ServletContext.java
index c4ff7db..d3c4032 100644
--- a/java/jakarta/servlet/ServletContext.java
+++ b/java/jakarta/servlet/ServletContext.java
@@ -116,7 +116,11 @@ public interface ServletContext {
public int getMinorVersion();
/**
- * @return TODO
+ * Obtain the major version of the servlet specification for which this web
+ * application is implemented.
+ *
+ * @return The major version declared in web.xml
+ *
* @throws UnsupportedOperationExceptionIf called from a
*{@link
ServletContextListener#contextInitialized(ServletContextEvent)}
*method of a {@link ServletContextListener} that was not defined in a
@@ -125,7 +129,7 @@ public interface ServletContext {
*{@link ServletContextListener} defined in a TLD would not be able to
*use this method.
*
- * @since Servlet 3.0 TODO SERVLET3 - Add comments
+ * @since Servlet 3.0
*/
public int getEffectiveMajorVersion();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Fix comment TODO
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new c904f41 Fix comment TODO
c904f41 is described below
commit c904f41f04d932ce196b519d011c9d1dfa25646e
Author: Mark Thomas
AuthorDate: Fri Nov 5 10:31:44 2021 +
Fix comment TODO
While this needed fixing, this commit has primarily been made to trigger
a CI build to
---
java/jakarta/servlet/ServletContext.java | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/java/jakarta/servlet/ServletContext.java
b/java/jakarta/servlet/ServletContext.java
index c238e75..8752af2 100644
--- a/java/jakarta/servlet/ServletContext.java
+++ b/java/jakarta/servlet/ServletContext.java
@@ -116,7 +116,11 @@ public interface ServletContext {
public int getMinorVersion();
/**
- * @return TODO
+ * Obtain the major version of the servlet specification for which this web
+ * application is implemented.
+ *
+ * @return The major version declared in web.xml
+ *
* @throws UnsupportedOperationExceptionIf called from a
*{@link
ServletContextListener#contextInitialized(ServletContextEvent)}
*method of a {@link ServletContextListener} that was not defined in a
@@ -125,7 +129,7 @@ public interface ServletContext {
*{@link ServletContextListener} defined in a TLD would not be able to
*use this method.
*
- * @since Servlet 3.0 TODO SERVLET3 - Add comments
+ * @since Servlet 3.0
*/
public int getEffectiveMajorVersion();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix comment TODO
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new db90e53 Fix comment TODO
db90e53 is described below
commit db90e53e3289f8ca19273f20f6ef85e7ca116bea
Author: Mark Thomas
AuthorDate: Fri Nov 5 10:31:44 2021 +
Fix comment TODO
While this needed fixing, this commit has primarily been made to trigger
a CI build to
---
java/javax/servlet/ServletContext.java | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/java/javax/servlet/ServletContext.java
b/java/javax/servlet/ServletContext.java
index 590dce1..4785810 100644
--- a/java/javax/servlet/ServletContext.java
+++ b/java/javax/servlet/ServletContext.java
@@ -116,7 +116,11 @@ public interface ServletContext {
public int getMinorVersion();
/**
- * @return TODO
+ * Obtain the major version of the servlet specification for which this web
+ * application is implemented.
+ *
+ * @return The major version declared in web.xml
+ *
* @throws UnsupportedOperationExceptionIf called from a
*{@link
ServletContextListener#contextInitialized(ServletContextEvent)}
*method of a {@link ServletContextListener} that was not defined in a
@@ -125,7 +129,7 @@ public interface ServletContext {
*{@link ServletContextListener} defined in a TLD would not be able to
*use this method.
*
- * @since Servlet 3.0 TODO SERVLET3 - Add comments
+ * @since Servlet 3.0
*/
public int getEffectiveMajorVersion();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add OCSP support
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3f8ba85 Add OCSP support
3f8ba85 is described below
commit 3f8ba85a55e019f6ffc38b5a5bf87edec75338bf
Author: remm
AuthorDate: Fri Nov 5 11:40:13 2021 +0100
Add OCSP support
Avoid code duplication with the context since the verifier there is the
same and usually not used.
Fix oops in verify logic.
Not tested yet with an actual OCSP responder.
---
modules/openssl-panama-foreign/openssl-tomcat.conf | 21 ++
modules/openssl-panama-foreign/openssl.h | 1 +
.../util/net/openssl/panama/OpenSSLContext.java| 99 +
.../util/net/openssl/panama/OpenSSLEngine.java | 233 -
.../apache/tomcat/util/openssl/constants$26.java | 54 -
.../apache/tomcat/util/openssl/constants$27.java | 49 -
.../{constants$26.java => constants$28.java} | 21 +-
.../{constants$27.java => constants$29.java} | 4 +-
.../org/apache/tomcat/util/openssl/openssl_h.java | 184 +++-
.../net/openssl/panama/LocalStrings.properties | 3 +
10 files changed, 547 insertions(+), 122 deletions(-)
diff --git a/modules/openssl-panama-foreign/openssl-tomcat.conf
b/modules/openssl-panama-foreign/openssl-tomcat.conf
index 2a172ab..25e121b 100644
--- a/modules/openssl-panama-foreign/openssl-tomcat.conf
+++ b/modules/openssl-panama-foreign/openssl-tomcat.conf
@@ -90,6 +90,27 @@
--include-macro NID_info_access
# header: /usr/include/openssl/obj_mac.h
+ Extracted from: /usr/include/openssl/ocsp.h
+
+--include-function OCSP_BASICRESP_free # header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_CERTID_free # header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_REQUEST_free# header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_REQUEST_new # header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_RESPONSE_free # header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_cert_to_id # header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_request_add0_id # header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_response_get1_basic # header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_response_status # header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_resp_find # header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_resp_get0 # header:
/usr/include/openssl/ocsp.h
+--include-function OCSP_single_get0_status # header:
/usr/include/openssl/ocsp.h
+--include-function d2i_OCSP_RESPONSE# header:
/usr/include/openssl/ocsp.h
+--include-function i2d_OCSP_REQUEST # header:
/usr/include/openssl/ocsp.h
+--include-macro OCSP_RESPONSE_STATUS_SUCCESSFUL # header:
/usr/include/openssl/ocsp.h
+--include-macro V_OCSP_CERTSTATUS_GOOD # header:
/usr/include/openssl/ocsp.h
+--include-macro V_OCSP_CERTSTATUS_REVOKED # header:
/usr/include/openssl/ocsp.h
+--include-macro V_OCSP_CERTSTATUS_UNKNOWN # header:
/usr/include/openssl/ocsp.h
+
Extracted from: /usr/include/openssl/opensslconf-x86_64.h
--include-macro OPENSSL_API_COMPAT# header:
/usr/include/openssl/opensslconf-x86_64.h
diff --git a/modules/openssl-panama-foreign/openssl.h
b/modules/openssl-panama-foreign/openssl.h
index 8d01f90..3f7368b 100644
--- a/modules/openssl-panama-foreign/openssl.h
+++ b/modules/openssl-panama-foreign/openssl.h
@@ -27,4 +27,5 @@
#include
#include
#include
+#include
diff --git
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 57bc809..ee65359 100644
---
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -92,10 +92,6 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 |
SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2 |
SSL_PROTOCOL_TLSV1_3);
-public static final int OCSP_STATUS_OK = 0;
-public static final int OCSP_STATUS_REVOKED = 1;
-public static final int OCSP_STATUS_UNKNOWN = 2;
-
private static final String BEGIN_KEY = "-BEGIN
[tomcat] branch 8.5.x updated: Fix comment TODO
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 3ec8a47 Fix comment TODO
3ec8a47 is described below
commit 3ec8a479a0956fc9f528e13699185cdc50d10d66
Author: Mark Thomas
AuthorDate: Fri Nov 5 10:31:44 2021 +
Fix comment TODO
While this needed fixing, this commit has primarily been made to trigger
a CI build to
---
java/javax/servlet/ServletContext.java | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/java/javax/servlet/ServletContext.java
b/java/javax/servlet/ServletContext.java
index a86a428..811ea7d 100644
--- a/java/javax/servlet/ServletContext.java
+++ b/java/javax/servlet/ServletContext.java
@@ -116,7 +116,11 @@ public interface ServletContext {
public int getMinorVersion();
/**
- * @return TODO
+ * Obtain the major version of the servlet specification for which this web
+ * application is implemented.
+ *
+ * @return The major version declared in web.xml
+ *
* @throws UnsupportedOperationExceptionIf called from a
*{@link
ServletContextListener#contextInitialized(ServletContextEvent)}
*method of a {@link ServletContextListener} that was not defined in a
@@ -125,7 +129,7 @@ public interface ServletContext {
*{@link ServletContextListener} defined in a TLD would not be able to
*use this method.
*
- * @since Servlet 3.0 TODO SERVLET3 - Add comments
+ * @since Servlet 3.0
*/
public int getEffectiveMajorVersion();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Keep parser around until the next release
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new ebbb726 Keep parser around until the next release
ebbb726 is described below
commit ebbb72633660cdde1695170a53d6ebf8abc16305
Author: remm
AuthorDate: Fri Nov 5 12:20:58 2021 +0100
Keep parser around until the next release
---
.../java/org/apache/tomcat/util/net/openssl/panama/Asn1Parser.java | 5 +
.../org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java | 1 -
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/Asn1Parser.java
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/Asn1Parser.java
index 4a39ded..ec32d48 100644
---
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/Asn1Parser.java
+++
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/Asn1Parser.java
@@ -41,6 +41,11 @@ public class Asn1Parser {
}
+public boolean eof() {
+return pos == source.length;
+}
+
+
public int peekTag() {
return source[pos] & 0xFF;
}
diff --git
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index f226bd9..70a70cd 100644
---
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -64,7 +64,6 @@ import static org.apache.tomcat.util.openssl.openssl_h.*;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
-import org.apache.tomcat.util.buf.Asn1Parser;
import org.apache.tomcat.util.buf.ByteBufferUtils;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLUtil;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: First pass at updating RAT exclude files
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 0a4d1ff First pass at updating RAT exclude files 0a4d1ff is described below commit 0a4d1ffb64409fde68132436b80502a31f403699 Author: Mark Thomas AuthorDate: Fri Nov 5 13:13:21 2021 + First pass at updating RAT exclude files --- res/rat/rat-excludes.txt | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/res/rat/rat-excludes.txt b/res/rat/rat-excludes.txt index 470b5af..5273f15 100644 --- a/res/rat/rat-excludes.txt +++ b/res/rat/rat-excludes.txt @@ -27,10 +27,9 @@ - *.manifest, MANIFEST.MF JAR manifest files cannot contain license - - package-list and script.js files in API documentation (javadoc) are -generated + - Files in API documentation (javadoc) that are generated - - other test files, such as trivial textual files containing only "OK' string, + - test files, such as trivial textual files containing only "OK' string, files in unusual encodings or compressed files are also excluded. - JSON files (RFC7159) are data and cannot contain comments @@ -55,8 +54,6 @@ - Temporary cache files used by Checkstle - - Configuration files for third party Continuous Integration systems like Travis CI - output/build/logs/* output/test-tmp/** @@ -70,7 +67,12 @@ output/deployer/deployer-howto.html **/MANIFEST.MF **/*.manifest -output/dist/webapps/docs/*/package-list +output/dist/webapps/docs/*/element-list +output/dist/webapps/docs/*/jquery/* +output/dist/webapps/docs/*/member-search-index.js +output/dist/webapps/docs/*/package-search-index.js +output/dist/webapps/docs/*/search.js +output/dist/webapps/docs/*/type-search-index.js output/dist/webapps/docs/*/script.js output/dist/src/test/webapp/404.html - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Avoid hardcoding https with OCSP
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 66d3bad Avoid hardcoding https with OCSP
66d3bad is described below
commit 66d3baddd305c6545deb32d5e410b0d3f9d5f487
Author: remm
AuthorDate: Fri Nov 5 14:16:36 2021 +0100
Avoid hardcoding https with OCSP
Especially useful since I failed to make openssl do tls with ocsp.
Also catch exceptions, it's safer.
---
.../tomcat/util/net/openssl/panama/OpenSSLEngine.java | 17 +
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 70a70cd..29c4ce7 100644
---
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -25,6 +25,7 @@ import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.ref.Cleaner;
import java.lang.ref.Cleaner.Cleanable;
+import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.ByteBuffer;
@@ -1403,14 +1404,14 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
if (!urls.isEmpty()) {
// Use OpenSSL to build OCSP request
for (String urlString : urls) {
-if (logger.isDebugEnabled()) {
-logger.debug("Processing OCSP URL: " +
urlString);
-}
try {
URL url = new URL(urlString);
ocspResponse = processOCSPRequest(url,
issuer, x509, x509ctx, scope);
+if (logger.isDebugEnabled()) {
+logger.debug("OCSP response for
URL: " + urlString + " was " + ocspResponse);
+}
} catch (MalformedURLException e) {
-
logger.warn(sm.getString("engine.invalidOCSPURL"));
+
logger.warn(sm.getString("engine.invalidOCSPURL", urlString));
}
if (ocspResponse !=
V_OCSP_CERTSTATUS_UNKNOWN()) {
break;
@@ -1460,7 +1461,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
MemoryAddress ocspResponse = MemoryAddress.NULL;
MemoryAddress id = MemoryAddress.NULL;
MemoryAddress ocspOneReq = MemoryAddress.NULL;
-HttpsURLConnection connection = null;
+HttpURLConnection connection = null;
MemoryAddress basicResponse = MemoryAddress.NULL;
MemoryAddress certId = MemoryAddress.NULL;
try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
@@ -1489,7 +1490,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// Content-Type: application/ocsp-request
// Content-Length: ocspRequestData.length
byte[] ocspRequestData = MemorySegment.ofAddressNative(buf,
requestLength, scope).toArray(ValueLayout.JAVA_BYTE);
-connection = (HttpsURLConnection) url.openConnection();
+connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setDoInput(true);
connection.setDoOutput(true);
@@ -1498,7 +1499,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
connection.connect();
connection.getOutputStream().write(ocspRequestData);
int responseCode = connection.getResponseCode();
-if (responseCode != HttpsURLConnection.HTTP_OK) {
+if (responseCode != HttpURLConnection.HTTP_OK) {
return V_OCSP_CERTSTATUS_UNKNOWN();
}
InputStream is = connection.getInputStream();
@@ -1524,7 +1525,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
MemoryAddress.NULL, MemoryAddress.NULL,
MemoryAddress.NULL);
}
}
-} catch (IOException e) {
+} catch (Exception e) {
logger.warn(sm.getString("engine.ocspRequestError",
url.toString()), e);
} finally {
if (MemoryAdd
[tomcat] branch main updated: Expand excludes
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new a8d6ec0 Expand excludes a8d6ec0 is described below commit a8d6ec017366fd833456b64b4d2387fedee7a5f0 Author: Mark Thomas AuthorDate: Fri Nov 5 14:06:58 2021 + Expand excludes --- res/rat/rat-excludes.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/res/rat/rat-excludes.txt b/res/rat/rat-excludes.txt index 5273f15..127f52a 100644 --- a/res/rat/rat-excludes.txt +++ b/res/rat/rat-excludes.txt @@ -68,7 +68,7 @@ output/deployer/deployer-howto.html **/*.manifest output/dist/webapps/docs/*/element-list -output/dist/webapps/docs/*/jquery/* +output/dist/webapps/docs/*/jquery/** output/dist/webapps/docs/*/member-search-index.js output/dist/webapps/docs/*/package-search-index.js output/dist/webapps/docs/*/search.js - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Additional exclude required for new BuildBot setup
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 99b0f34 Additional exclude required for new BuildBot setup 99b0f34 is described below commit 99b0f34e26cafed121a5e0516887766b1e7a687c Author: Mark Thomas AuthorDate: Fri Nov 5 17:52:17 2021 + Additional exclude required for new BuildBot setup --- res/rat/rat-excludes.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/res/rat/rat-excludes.txt b/res/rat/rat-excludes.txt index 127f52a..00ad84d 100644 --- a/res/rat/rat-excludes.txt +++ b/res/rat/rat-excludes.txt @@ -54,6 +54,8 @@ - Temporary cache files used by Checkstle + - Temporary files used by buildbot + output/build/logs/* output/test-tmp/** @@ -232,3 +234,4 @@ output/dist/temp/safeToDelete.tmp output/res/checkstyle/* +tomcat-10.1.x/** - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Complete some Javadoc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 98361af Complete some Javadoc
98361af is described below
commit 98361af1aa07e839ffb041ffcf4fa3235b91e132
Author: Mark Thomas
AuthorDate: Fri Nov 5 20:29:28 2021 +
Complete some Javadoc
Needed to be done but primarily committed to trigger CI builds
---
java/jakarta/servlet/ServletContext.java | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/java/jakarta/servlet/ServletContext.java
b/java/jakarta/servlet/ServletContext.java
index d3c4032..457785d 100644
--- a/java/jakarta/servlet/ServletContext.java
+++ b/java/jakarta/servlet/ServletContext.java
@@ -134,7 +134,11 @@ public interface ServletContext {
public int getEffectiveMajorVersion();
/**
- * @return TODO
+ * Obtain the minor version of the servlet specification for which this web
+ * application is implemented.
+ *
+ * @return The minor version declared in web.xml
+ *
* @throws UnsupportedOperationExceptionIf called from a
*{@link
ServletContextListener#contextInitialized(ServletContextEvent)}
*method of a {@link ServletContextListener} that was not defined in a
@@ -142,7 +146,8 @@ public interface ServletContext {
*{@link jakarta.servlet.annotation.WebListener}. For example, a
*{@link ServletContextListener} defined in a TLD would not be able to
*use this method.
- * @since Servlet 3.0 TODO SERVLET3 - Add comments
+ *
+ * @since Servlet 3.0
*/
public int getEffectiveMinorVersion();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Complete some Javadoc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new bdb5dd6 Complete some Javadoc
bdb5dd6 is described below
commit bdb5dd679d58c4ae4e142ea969f95f7b4b706bc7
Author: Mark Thomas
AuthorDate: Fri Nov 5 20:29:28 2021 +
Complete some Javadoc
Needed to be done but primarily committed to trigger CI builds
---
java/jakarta/servlet/ServletContext.java | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/java/jakarta/servlet/ServletContext.java
b/java/jakarta/servlet/ServletContext.java
index 8752af2..a991e05 100644
--- a/java/jakarta/servlet/ServletContext.java
+++ b/java/jakarta/servlet/ServletContext.java
@@ -134,7 +134,11 @@ public interface ServletContext {
public int getEffectiveMajorVersion();
/**
- * @return TODO
+ * Obtain the minor version of the servlet specification for which this web
+ * application is implemented.
+ *
+ * @return The minor version declared in web.xml
+ *
* @throws UnsupportedOperationExceptionIf called from a
*{@link
ServletContextListener#contextInitialized(ServletContextEvent)}
*method of a {@link ServletContextListener} that was not defined in a
@@ -142,7 +146,8 @@ public interface ServletContext {
*{@link jakarta.servlet.annotation.WebListener}. For example, a
*{@link ServletContextListener} defined in a TLD would not be able to
*use this method.
- * @since Servlet 3.0 TODO SERVLET3 - Add comments
+ *
+ * @since Servlet 3.0
*/
public int getEffectiveMinorVersion();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Complete some Javadoc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 14df4e1 Complete some Javadoc
14df4e1 is described below
commit 14df4e1cdf40880e5f484dbefb90049bbdf730eb
Author: Mark Thomas
AuthorDate: Fri Nov 5 20:29:28 2021 +
Complete some Javadoc
Needed to be done but primarily committed to trigger CI builds
---
java/javax/servlet/ServletContext.java | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/java/javax/servlet/ServletContext.java
b/java/javax/servlet/ServletContext.java
index 4785810..d530a6e 100644
--- a/java/javax/servlet/ServletContext.java
+++ b/java/javax/servlet/ServletContext.java
@@ -134,7 +134,11 @@ public interface ServletContext {
public int getEffectiveMajorVersion();
/**
- * @return TODO
+ * Obtain the minor version of the servlet specification for which this web
+ * application is implemented.
+ *
+ * @return The minor version declared in web.xml
+ *
* @throws UnsupportedOperationExceptionIf called from a
*{@link
ServletContextListener#contextInitialized(ServletContextEvent)}
*method of a {@link ServletContextListener} that was not defined in a
@@ -142,7 +146,8 @@ public interface ServletContext {
*{@link javax.servlet.annotation.WebListener}. For example, a
*{@link ServletContextListener} defined in a TLD would not be able to
*use this method.
- * @since Servlet 3.0 TODO SERVLET3 - Add comments
+ *
+ * @since Servlet 3.0
*/
public int getEffectiveMinorVersion();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Complete some Javadoc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 7f975d8 Complete some Javadoc
7f975d8 is described below
commit 7f975d8242351726317685a9c8adb0578a76270c
Author: Mark Thomas
AuthorDate: Fri Nov 5 20:29:28 2021 +
Complete some Javadoc
Needed to be done but primarily committed to trigger CI builds
---
java/javax/servlet/ServletContext.java | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/java/javax/servlet/ServletContext.java
b/java/javax/servlet/ServletContext.java
index 811ea7d..2aea8ea 100644
--- a/java/javax/servlet/ServletContext.java
+++ b/java/javax/servlet/ServletContext.java
@@ -134,7 +134,11 @@ public interface ServletContext {
public int getEffectiveMajorVersion();
/**
- * @return TODO
+ * Obtain the minor version of the servlet specification for which this web
+ * application is implemented.
+ *
+ * @return The minor version declared in web.xml
+ *
* @throws UnsupportedOperationExceptionIf called from a
*{@link
ServletContextListener#contextInitialized(ServletContextEvent)}
*method of a {@link ServletContextListener} that was not defined in a
@@ -142,7 +146,8 @@ public interface ServletContext {
*{@link javax.servlet.annotation.WebListener}. For example, a
*{@link ServletContextListener} defined in a TLD would not be able to
*use this method.
- * @since Servlet 3.0 TODO SERVLET3 - Add comments
+ *
+ * @since Servlet 3.0
*/
public int getEffectiveMinorVersion();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Cleanups
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a862247 Cleanups
a862247 is described below
commit a862247ef8442ebec536b15f0588040550376c49
Author: remm
AuthorDate: Fri Nov 5 23:12:18 2021 +0100
Cleanups
---
.../util/net/openssl/panama/OpenSSLContext.java| 22 --
.../util/net/openssl/panama/OpenSSLEngine.java | 13 +
2 files changed, 21 insertions(+), 14 deletions(-)
diff --git
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index ee65359..27b9efc 100644
---
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -872,11 +872,11 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
|| certificateVerifyMode == SSL_VERIFY_NONE()) {
return 1;
}
-/*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum ==
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
-|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
-|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
-|| (errnum == X509_V_ERR_CERT_UNTRUSTED) \
-|| (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))*/
+/*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum ==
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
+|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
+|| (errnum == X509_V_ERR_CERT_UNTRUSTED)
+|| (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))*/
boolean verifyErrorIsOptional = (errnum ==
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT())
|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN())
|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY())
@@ -1173,7 +1173,17 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
cert = PEM_read_bio_X509_AUX(bio, MemoryAddress.NULL,
openSSLCallbackPassword, MemoryAddress.NULL);
if (MemoryAddress.NULL.equals(cert) &&
-// FIXME: Unfortunately jextract doesn't convert
this ERR_GET_REASON(ERR_peek_last_error())
+// Missing ERR_GET_REASON(ERR_peek_last_error())
+/*int ERR_GET_REASON(unsigned long errcode) {
+ *if (ERR_SYSTEM_ERROR(errcode))
+ *return errcode & ERR_SYSTEM_MASK;
+ *return errcode & ERR_REASON_MASK;
+ *}
+ *# define ERR_SYSTEM_ERROR(errcode)
(((errcode) & ERR_SYSTEM_FLAG) != 0)
+ *# define ERR_SYSTEM_FLAG
((unsigned int)INT_MAX + 1)
+ *# define ERR_SYSTEM_MASK
((unsigned int)INT_MAX)
+ *# define ERR_REASON_MASK0X7F
+ */
((ERR_peek_last_error() & 0X7F) ==
PEM_R_NO_START_LINE())) {
ERR_clear_error();
BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemoryAddress.NULL);
diff --git
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 29c4ce7..7b920ae 100644
---
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -1302,10 +1302,10 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
if (certificateVerifyMode == -1 /*SSL_CVERIFY_UNSET*/ ||
certificateVerifyMode == SSL_VERIFY_NONE()) {
return 1;
}
-/*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum ==
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
-|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
-|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
-|| (errnum == X509_V_ERR_CERT_UNTRUSTED) \
+/*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum ==
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
+
