[tomcat] branch main updated: Fix missing strings
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 69c7588e18 Fix missing strings
69c7588e18 is described below
commit 69c7588e1880135843950bb61af01dbaf552e6c4
Author: remm
AuthorDate: Tue Apr 5 16:24:04 2022 +0200
Fix missing strings
---
java/org/apache/catalina/core/DefaultInstanceManager.java | 4 ++--
java/org/apache/catalina/core/LocalStrings.properties | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/core/DefaultInstanceManager.java
b/java/org/apache/catalina/core/DefaultInstanceManager.java
index f673334158..9a91775891 100644
--- a/java/org/apache/catalina/core/DefaultInstanceManager.java
+++ b/java/org/apache/catalina/core/DefaultInstanceManager.java
@@ -713,7 +713,7 @@ public class DefaultInstanceManager implements
InstanceManager {
if (method.getName().equals(methodNameFromXml)) {
if (!Introspection.isValidLifecycleCallback(method)) {
throw new IllegalArgumentException(
-"Invalid " + annotation.getName() + " annotation");
+
sm.getString("defaultInstanceManager.invalidAnnotation", annotation.getName()));
}
result = method;
}
@@ -721,7 +721,7 @@ public class DefaultInstanceManager implements
InstanceManager {
if (method.isAnnotationPresent(annotation)) {
if (currentMethod != null ||
!Introspection.isValidLifecycleCallback(method)) {
throw new IllegalArgumentException(
-"Invalid " + annotation.getName() + " annotation");
+
sm.getString("defaultInstanceManager.invalidAnnotation", annotation.getName()));
}
result = method;
}
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index 80dbc79847..0fd769eaef 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -122,6 +122,7 @@ containerBase.realm.stop=Error stopping old realm
containerBase.threadedStartFailed=A child container failed during start
containerBase.threadedStopFailed=A child container failed during stop
+defaultInstanceManager.invalidAnnotation=Invalid [{0}] annotation
defaultInstanceManager.invalidInjection=Invalid method resource injection
annotation
defaultInstanceManager.postConstructNotFound=Post construct method [{0}] for
class [{1}] is declared in deployment descriptor but cannot be found
defaultInstanceManager.preDestroyNotFound=Pre destroy method [{0}] for class
[{1}] is declared in deployment descriptor but cannot be found
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Fix missing strings
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new d93f10ff77 Fix missing strings
d93f10ff77 is described below
commit d93f10ff772182bb847fa0ed817ece27344d4498
Author: remm
AuthorDate: Tue Apr 5 16:24:04 2022 +0200
Fix missing strings
---
java/org/apache/catalina/core/DefaultInstanceManager.java | 4 ++--
java/org/apache/catalina/core/LocalStrings.properties | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/core/DefaultInstanceManager.java
b/java/org/apache/catalina/core/DefaultInstanceManager.java
index 9557c05270..fd29ce8f87 100644
--- a/java/org/apache/catalina/core/DefaultInstanceManager.java
+++ b/java/org/apache/catalina/core/DefaultInstanceManager.java
@@ -709,7 +709,7 @@ public class DefaultInstanceManager implements
InstanceManager {
if (method.getName().equals(methodNameFromXml)) {
if (!Introspection.isValidLifecycleCallback(method)) {
throw new IllegalArgumentException(
-"Invalid " + annotation.getName() + " annotation");
+
sm.getString("defaultInstanceManager.invalidAnnotation", annotation.getName()));
}
result = method;
}
@@ -717,7 +717,7 @@ public class DefaultInstanceManager implements
InstanceManager {
if (method.isAnnotationPresent(annotation)) {
if (currentMethod != null ||
!Introspection.isValidLifecycleCallback(method)) {
throw new IllegalArgumentException(
-"Invalid " + annotation.getName() + " annotation");
+
sm.getString("defaultInstanceManager.invalidAnnotation", annotation.getName()));
}
result = method;
}
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index 54747cc4a1..9c6d6fa0e2 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -122,6 +122,7 @@ containerBase.realm.stop=Error stopping old realm
containerBase.threadedStartFailed=A child container failed during start
containerBase.threadedStopFailed=A child container failed during stop
+defaultInstanceManager.invalidAnnotation=Invalid [{0}] annotation
defaultInstanceManager.invalidInjection=Invalid method resource injection
annotation
defaultInstanceManager.postConstructNotFound=Post construct method [{0}] for
class [{1}] is declared in deployment descriptor but cannot be found
defaultInstanceManager.preDestroyNotFound=Pre destroy method [{0}] for class
[{1}] is declared in deployment descriptor but cannot be found
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix missing strings
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 323630026c Fix missing strings
323630026c is described below
commit 323630026cff0814c7942ca1f654b4738d379da2
Author: remm
AuthorDate: Tue Apr 5 16:24:04 2022 +0200
Fix missing strings
---
java/org/apache/catalina/core/DefaultInstanceManager.java | 4 ++--
java/org/apache/catalina/core/LocalStrings.properties | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/core/DefaultInstanceManager.java
b/java/org/apache/catalina/core/DefaultInstanceManager.java
index 588c367fac..931f8a3018 100644
--- a/java/org/apache/catalina/core/DefaultInstanceManager.java
+++ b/java/org/apache/catalina/core/DefaultInstanceManager.java
@@ -708,7 +708,7 @@ public class DefaultInstanceManager implements
InstanceManager {
if (method.getName().equals(methodNameFromXml)) {
if (!Introspection.isValidLifecycleCallback(method)) {
throw new IllegalArgumentException(
-"Invalid " + annotation.getName() + " annotation");
+
sm.getString("defaultInstanceManager.invalidAnnotation", annotation.getName()));
}
result = method;
}
@@ -716,7 +716,7 @@ public class DefaultInstanceManager implements
InstanceManager {
if (method.isAnnotationPresent(annotation)) {
if (currentMethod != null ||
!Introspection.isValidLifecycleCallback(method)) {
throw new IllegalArgumentException(
-"Invalid " + annotation.getName() + " annotation");
+
sm.getString("defaultInstanceManager.invalidAnnotation", annotation.getName()));
}
result = method;
}
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index 2ad9cc560f..d3739b6b66 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -123,6 +123,7 @@ containerBase.realm.stop=Error stopping old realm
containerBase.threadedStartFailed=A child container failed during start
containerBase.threadedStopFailed=A child container failed during stop
+defaultInstanceManager.invalidAnnotation=Invalid [{0}] annotation
defaultInstanceManager.invalidInjection=Invalid method resource injection
annotation
defaultInstanceManager.postConstructNotFound=Post construct method [{0}] for
class [{1}] is declared in deployment descriptor but cannot be found
defaultInstanceManager.preDestroyNotFound=Pre destroy method [{0}] for class
[{1}] is declared in deployment descriptor but cannot be found
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix missing strings
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 0c72b67bd8 Fix missing strings
0c72b67bd8 is described below
commit 0c72b67bd895fd36b8605d7b8887368a7e36e6dc
Author: remm
AuthorDate: Tue Apr 5 16:24:04 2022 +0200
Fix missing strings
---
java/org/apache/catalina/core/DefaultInstanceManager.java | 4 ++--
java/org/apache/catalina/core/LocalStrings.properties | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/core/DefaultInstanceManager.java
b/java/org/apache/catalina/core/DefaultInstanceManager.java
index c104d4582a..c0c17829b2 100644
--- a/java/org/apache/catalina/core/DefaultInstanceManager.java
+++ b/java/org/apache/catalina/core/DefaultInstanceManager.java
@@ -707,7 +707,7 @@ public class DefaultInstanceManager implements
InstanceManager {
if (method.getName().equals(methodNameFromXml)) {
if (!Introspection.isValidLifecycleCallback(method)) {
throw new IllegalArgumentException(
-"Invalid " + annotation.getName() + " annotation");
+
sm.getString("defaultInstanceManager.invalidAnnotation", annotation.getName()));
}
result = method;
}
@@ -715,7 +715,7 @@ public class DefaultInstanceManager implements
InstanceManager {
if (method.isAnnotationPresent(annotation)) {
if (currentMethod != null ||
!Introspection.isValidLifecycleCallback(method)) {
throw new IllegalArgumentException(
-"Invalid " + annotation.getName() + " annotation");
+
sm.getString("defaultInstanceManager.invalidAnnotation", annotation.getName()));
}
result = method;
}
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index eefd403c82..8e10444ba9 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -125,6 +125,7 @@ containerBase.realm.stop=Error stopping old realm
containerBase.threadedStartFailed=A child container failed during start
containerBase.threadedStopFailed=A child container failed during stop
+defaultInstanceManager.invalidAnnotation=Invalid [{0}] annotation
defaultInstanceManager.invalidInjection=Invalid method resource injection
annotation
defaultInstanceManager.postConstructNotFound=Post construct method [{0}] for
class [{1}] is declared in deployment descriptor but cannot be found
defaultInstanceManager.preDestroyNotFound=Pre destroy method [{0}] for class
[{1}] is declared in deployment descriptor but cannot be found
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65994] New: NPE in SSLAuthenticator.java:201 if SSLAuthenticator valve is defined
https://bz.apache.org/bugzilla/show_bug.cgi?id=65994 Bug ID: 65994 Summary: NPE in SSLAuthenticator.java:201 if SSLAuthenticator valve is defined Product: Tomcat 9 Version: 9.0.62 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: james.h.coving...@gmail.com Target Milestone: - Note this appears very similar to Bug 65991 In conf/context.xml, defined SSLAuthenticator valve: '' With this valve defined, catalina startup produced this call stack: SEVERE [main] org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web application directory [/apps/alfresco/apache-tomcat-9.0.62/webapps/ROOT] java.lang.IllegalStateException: Error starting child at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:729) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:698) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:696) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1185) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1933) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:118) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1095) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:477) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1618) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:319) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:946) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:835) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1396) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1386) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:140) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:919) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:263) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:432) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:927) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.startup.Catalina.start(Catalina.java:772) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:476) Caused by: org.apache.catalina.LifecycleException: Failed to start component [SSLAuthenticator[StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]] at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198) at org.apache.catalina.core.StandardPipeline.startInte
[Bug 65991] NPE in SSLAuthenticator.java:201 if bindOnInit="false"
https://bz.apache.org/bugzilla/show_bug.cgi?id=65991 Remy Maucherat changed: What|Removed |Added CC||james.h.coving...@gmail.com --- Comment #1 from Remy Maucherat --- *** Bug 65994 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65994] NPE in SSLAuthenticator.java:201 if SSLAuthenticator valve is defined
https://bz.apache.org/bugzilla/show_bug.cgi?id=65994 Remy Maucherat changed: What|Removed |Added Resolution|--- |DUPLICATE Status|NEW |RESOLVED --- Comment #1 from Remy Maucherat --- *** This bug has been marked as a duplicate of bug 65991 *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65991] NPE in SSLAuthenticator.java:201 if bindOnInit="false"
https://bz.apache.org/bugzilla/show_bug.cgi?id=65991 --- Comment #2 from Remy Maucherat --- Logic was added to detect bad client cert configurations (where the valve would require renegociation that cannot be done), but there seems to be a problem. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Potential mention on the website
David, On 3/31/22 22:25, David Blevins wrote: On Mar 31, 2022, at 12:13 PM, Christopher Schultz wrote: Mark, On 3/29/22 19:40, Mark Thomas wrote: I worry that putting much more than a simple link on the which version page could cause confusion. Something like: "For users wanting a Java EE / Jakarta EE container that supports additional specifications like XXX see Apache TomEE." +1 My preference is for a new menu item - probably under misc - called "Related Apache Projects" (a shorter, snappier title preferred) where we can link to the various ASF projects related to Tomcat and have a paragraph or two on each project. I like this. What else might qualify? If it's really only TomEE (and flavors thereof), we could name that section "Enterprise .. something". Off the top of my head, there is Ant (initially created to build Tomcat), Commons Pool, DBCP, Modeler, Daemon (all spun off from Tomcat), httpd, TomEE and probably a bunch I have forgotten about. Digester, another Tomcat graduate. Other than TomEE (and httpd), those are all dependencies / upstream from Tomcat, which IMO puts TomEE in a slightly different bucket. I would say that httpd isn't really "related" to Tomcat other than (a) they are both ASF projects and (b) they are both web servers. But there's also ATS, ATC and probably one or two other web servers under ASF umbrella I haven't heard of yet. On httpd, I know a very large number of Tomcat/TomEE users I see in the wild use httpd in front for load balancing. Sure, but plenty of people use nginx, squid, haproxy, etc. and at some point, listing them all is silly. It's fine if we want to have a preference for ASF projects. I think a related projects page could be pretty great if we: - Mentioned why it is potentially interesting to Tomcat users and provided a pointer or two. I.e. treat it as documentation, not just a list of links. The section would still have to be brief -- no taking up a whole or even half a page. We already have a "Load Balancing" section of the user guide. It's, ahem, brief, but it exists: https://tomcat.apache.org/tomcat-9.0-doc/balancer-howto.html - Gave people a reason to look at it by linking to in other sections of the website beyond the left nav. It would be context dependent. For example, if we're talking about load balancing, we mention httpd and link to https://tomcat.apache.org/related.html#httpd. The whichversion.html could have the one sentence that mentions TomEE as a way to get more Jakarta EE impls on Tomcat out-of-the-box and link to https://tomcat.apache.org/related.html#tomee Could be a nice balance. We could still mention things like TomEE where needed, but they'd be going to a page with a great big "related projects" title and a clear statement these are external projects, which would allow us to give a bit more information on why it's useful for Tomcat people without potentially confusing people in thinking it's a Tomcat thing. Thoughts? I think it makes sense to put a section under "Which Version" which says something obvious like "Looking for Enterprise Features?" and then list some of the biggies like JMS, EJB, JPA, other TLAs... with a link to TomEE. I'm okay adding a "Related Projects" page into the menu as well. David, want to take a stab at a doc patch? The web site still uses the old svn repository. http://svn.apache.org/repos/asf/tomcat/site/ The main menu is defined in xdocs/stylesheet/project.xml. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: 65991: Avoid NPE when checking for client cert
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new ba6432cbb3 65991: Avoid NPE when checking for client cert
ba6432cbb3 is described below
commit ba6432cbb312e6595af5fa49e77161f7d8805956
Author: remm
AuthorDate: Tue Apr 5 20:45:59 2022 +0200
65991: Avoid NPE when checking for client cert
SSLAuthenticator would throw a NPE when boundOnInit was used on one of
the connectors since enabledProtocols is null until the connector is
started. Fall back on protocols when that happens (it is what is
configured, rather than what is actually used, so it's not as good).
---
java/org/apache/catalina/authenticator/SSLAuthenticator.java | 4
webapps/docs/changelog.xml | 9 +
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
index 30344b9bdd..45d166ceb3 100644
--- a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
@@ -198,6 +198,10 @@ public class SSLAuthenticator extends AuthenticatorBase {
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
if (!sslHostConfig.isTls13RenegotiationAvailable()) {
String[] enabledProtocols =
sslHostConfig.getEnabledProtocols();
+if (enabledProtocols == null) {
+// Possibly boundOnInit is used, so use the less
accurate protocols
+enabledProtocols =
sslHostConfig.getProtocols().toArray(new String[0]);
+}
for (String enbabledProtocol : enabledProtocols) {
if
(Constants.SSL_PROTO_TLSv1_3.equals(enbabledProtocol)) {
log.warn(sm.getString("sslAuthenticatorValve.tls13", context.getName(),
host.getName(), connector));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 49fb49f95f..0540db1f1c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+65991: Avoid NPE with SSLAuthenticator when
+boundOnInit is used on a connector, during the check
+for client certificate authentication availability. (remm)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: 65991: Avoid NPE when checking for client cert
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 88b4da4a1d 65991: Avoid NPE when checking for client cert
88b4da4a1d is described below
commit 88b4da4a1deef7be565d0276240636eede193202
Author: remm
AuthorDate: Tue Apr 5 20:45:59 2022 +0200
65991: Avoid NPE when checking for client cert
SSLAuthenticator would throw a NPE when boundOnInit was used on one of
the connectors since enabledProtocols is null until the connector is
started. Fall back on protocols when that happens (it is what is
configured, rather than what is actually used, so it's not as good).
---
java/org/apache/catalina/authenticator/SSLAuthenticator.java | 4
webapps/docs/changelog.xml | 9 +
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
index 30344b9bdd..45d166ceb3 100644
--- a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
@@ -198,6 +198,10 @@ public class SSLAuthenticator extends AuthenticatorBase {
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
if (!sslHostConfig.isTls13RenegotiationAvailable()) {
String[] enabledProtocols =
sslHostConfig.getEnabledProtocols();
+if (enabledProtocols == null) {
+// Possibly boundOnInit is used, so use the less
accurate protocols
+enabledProtocols =
sslHostConfig.getProtocols().toArray(new String[0]);
+}
for (String enbabledProtocol : enabledProtocols) {
if
(Constants.SSL_PROTO_TLSv1_3.equals(enbabledProtocol)) {
log.warn(sm.getString("sslAuthenticatorValve.tls13", context.getName(),
host.getName(), connector));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c4cd547c71..db4bc415d3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+65991: Avoid NPE with SSLAuthenticator when
+boundOnInit is used on a connector, during the check
+for client certificate authentication availability. (remm)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: 65991: Avoid NPE when checking for client cert
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 1bb00911c6 65991: Avoid NPE when checking for client cert
1bb00911c6 is described below
commit 1bb00911c61aca80743852f82e72bfa9bc5b6ccf
Author: remm
AuthorDate: Tue Apr 5 20:45:59 2022 +0200
65991: Avoid NPE when checking for client cert
SSLAuthenticator would throw a NPE when boundOnInit was used on one of
the connectors since enabledProtocols is null until the connector is
started. Fall back on protocols when that happens (it is what is
configured, rather than what is actually used, so it's not as good).
---
java/org/apache/catalina/authenticator/SSLAuthenticator.java | 4
webapps/docs/changelog.xml | 9 +
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
index a406061314..0f6955bee1 100644
--- a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
@@ -198,6 +198,10 @@ public class SSLAuthenticator extends AuthenticatorBase {
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
if (!sslHostConfig.isTls13RenegotiationAvailable()) {
String[] enabledProtocols =
sslHostConfig.getEnabledProtocols();
+if (enabledProtocols == null) {
+// Possibly boundOnInit is used, so use the less
accurate protocols
+enabledProtocols =
sslHostConfig.getProtocols().toArray(new String[0]);
+}
for (String enbabledProtocol : enabledProtocols) {
if
(Constants.SSL_PROTO_TLSv1_3.equals(enbabledProtocol)) {
log.warn(sm.getString("sslAuthenticatorValve.tls13", context.getName(),
host.getName(), connector));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3e6db14ac6..92d3ce20e2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+65991: Avoid NPE with SSLAuthenticator when
+boundOnInit is used on a connector, during the check
+for client certificate authentication availability. (remm)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: 65991: Avoid NPE when checking for client cert
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 59c807b0d1 65991: Avoid NPE when checking for client cert
59c807b0d1 is described below
commit 59c807b0d14b64fd3b4bc95674f13febd3a46068
Author: remm
AuthorDate: Tue Apr 5 20:45:59 2022 +0200
65991: Avoid NPE when checking for client cert
SSLAuthenticator would throw a NPE when boundOnInit was used on one of
the connectors since enabledProtocols is null until the connector is
started. Fall back on protocols when that happens (it is what is
configured, rather than what is actually used, so it's not as good).
---
java/org/apache/catalina/authenticator/SSLAuthenticator.java | 4
webapps/docs/changelog.xml | 9 +
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
index a406061314..0f6955bee1 100644
--- a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
@@ -198,6 +198,10 @@ public class SSLAuthenticator extends AuthenticatorBase {
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
if (!sslHostConfig.isTls13RenegotiationAvailable()) {
String[] enabledProtocols =
sslHostConfig.getEnabledProtocols();
+if (enabledProtocols == null) {
+// Possibly boundOnInit is used, so use the less
accurate protocols
+enabledProtocols =
sslHostConfig.getProtocols().toArray(new String[0]);
+}
for (String enbabledProtocol : enabledProtocols) {
if
(Constants.SSL_PROTO_TLSv1_3.equals(enbabledProtocol)) {
log.warn(sm.getString("sslAuthenticatorValve.tls13", context.getName(),
host.getName(), connector));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 10d4d3a57a..9498e8286f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+65991: Avoid NPE with SSLAuthenticator when
+boundOnInit is used on a connector, during the check
+for client certificate authentication availability. (remm)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Skip setting TLS 1.3 ciphers with the defaults
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3cb24e6780 Skip setting TLS 1.3 ciphers with the defaults
3cb24e6780 is described below
commit 3cb24e67801ee18c79a7972b5c995d26bcfeb1dc
Author: remm
AuthorDate: Tue Apr 5 20:59:39 2022 +0200
Skip setting TLS 1.3 ciphers with the defaults
---
modules/openssl-java17/pom.xml | 2 +-
.../java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/openssl-java17/pom.xml b/modules/openssl-java17/pom.xml
index f0049451de..09e239ae89 100644
--- a/modules/openssl-java17/pom.xml
+++ b/modules/openssl-java17/pom.xml
@@ -31,7 +31,7 @@
0.1-SNAPSHOT
-9.0.60
+9.0.62
2021-12-02T12:00:00Z
diff --git
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 66942b8d8a..ee2ab2f9d1 100644
---
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -569,7 +569,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
log.warn(sm.getString("engine.failedCipherList",
sslHostConfig.getCiphers()));
}
}
-if (maxTlsVersion >= TLS1_3_VERSION()) {
+if (maxTlsVersion >= TLS1_3_VERSION() &&
(sslHostConfig.getCiphers() != SSLHostConfig.DEFAULT_TLS_CIPHERS)) {
if (SSL_CTX_set_ciphersuites(state.sslCtx,
CLinker.toCString(sslHostConfig.getCiphers(), state.contextScope)) <= 0) {
log.warn(sm.getString("engine.failedCipherSuite",
sslHostConfig.getCiphers()));
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
