Re: [tomcat] branch main updated: Simplify reading of request body for x-www-form-urlencoded processing

[Mark Thomas]

On 23/06/2023 21:04, Christopher Schultz wrote:

Mark,

On 6/23/23 12:45, ma...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new e6ad02fb10 Simplify reading of request body for 
x-www-form-urlencoded processing

e6ad02fb10 is described below

commit e6ad02fb10506618f7e03c472105462b5c2f1d61
Author: Mark Thomas 
AuthorDate: Fri Jun 23 17:44:36 2023 +0100

 Simplify reading of request body for x-www-form-urlencoded 
processing
 An incomplete body is the same as a client disconnect before the 
request

 body has been read as that is the only way a client can provide an
 incomplete body.
---
  java/org/apache/catalina/connector/Request.java    | 31 
++

  .../catalina/filters/FailedRequestFilter.java  |  1 +
  java/org/apache/tomcat/util/http/Parameters.java   |  6 +
  3 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java

index 312b3f4e81..88de9be19a 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -17,6 +17,7 @@
  package org.apache.catalina.connector;
  import java.io.BufferedReader;
+import java.io.EOFException;
  import java.io.File;
  import java.io.IOException;
  import java.io.InputStream;
@@ -3115,10 +3116,7 @@ public class Request implements 
HttpServletRequest {

  formData = new byte[len];
  }
  try {
-    if (readPostBody(formData, len) != len) {
-
parameters.setParseFailedReason(FailReason.REQUEST_BODY_INCOMPLETE);

-    return;
-    }
+    readPostBodyFully(formData, len);
  } catch (IOException e) {
  // Client disconnect
  Context context = getContext();
@@ -3165,7 +3163,7 @@ public class Request implements 
HttpServletRequest {

  /**
- * Read post body in an array.
+ * Read post body into an array.
   *
   * @param body The bytes array in which the body will be read
   * @param len  The body length
@@ -3173,7 +3171,10 @@ public class Request implements 
HttpServletRequest {

   * @return the bytes count that has been read
   *
   * @throws IOException if an IO exception occurred
+ *
+ * @deprecated Unused. Will be removed in Tomcat 11.0.x onwards. 
Use {@link #readPostBodyFully(byte[], int)}

   */
+    @Deprecated
  protected int readPostBody(byte[] body, int len) throws 
IOException {

  int offset = 0;
@@ -3189,6 +3190,26 @@ public class Request implements 
HttpServletRequest {

  }
+    /**
+ * Read post body into an array.
+ *
+ * @param body The bytes array in which the body will be read
+ * @param len  The body length
+ *
+ * @throws IOException if an IO exception occurred or EOF is 
reached before the body has been fully read

+ */
+    protected void readPostBodyFully(byte[] body, int len) throws 
IOException {

+    int offset = 0;
+    do {
+    int inputLen = getStream().read(body, offset, len - offset);


Is it worth caching the return value of getStream() locally?


My instinct is no but I have no evidence to back up that instinct.

I'd expect 
the JVM to inline that method after a while, but it's not trivial and 
could potentially generate a new CoyoteInputStream object every time 
through the loop.


Sorry... I've been looking at C code lately and repeated function calls 
feel icky to me again.


No worries. It is a reasonable question. Given it has been this way for 
a long time and I'm not aware of any issues I intend to leave it as is. 
If a benchmark shows we'd be better changing it then I wouldn't object.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tomcat and filesystems

[Mark Thomas]

On 25/06/2023 13:50, Romain Manni-Bucau wrote:

Hi all,

Doing some tests I realized two things:

* tomcat still uses File a lot (thinking to default servlet stack)
* tomcat does not uses FileSystem abstraction and previous point would only
makes sense with this addition

What about a (nio) Fileystem/Path based implementation of WebResourceSet?
It would enable to not only rely on local filesystem but also more exotic
ones (in mem for ex).
Was it already discussed/studied?


I don't recall any discussions. There have been a few discussions around 
using custom implementations of various WebResouce classes but that has 
generally been to customize some specific behaviour.



Would it makes sense in tomcat codebase?


It depends if there is demand for it. My initial reaction is "probably not".

Where I think there probably is room for improvement is some refactoring 
to make it easier to use custom implementations for different parts of 
the WebResource implementation. Picking a random example, custom JAR 
handling to validate signatures.


If there is a demand for extending WebResource, making it easier to have 
custom implementations will hopefully give us an insight into what that 
demand is. If there was something folks were consistently asking for 
then it would make sense to include it in the default Tomcat distribution.


All that said, I do think if there was a demand for this sort of 
functionality we would have seen some indication of that on the users 
list. But maybe it is chicken/egg situation so I am in favour of making 
custom extensions/implementations easier and seeing what happens.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.1.x updated (aa6a0f6259 -> 80e3cfeec2)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from aa6a0f6259 Simplify reading of request body for x-www-form-urlencoded 
processing
 new 4aebe196cd Add control of byte decoding errors to ByteChunk and 
StringCache
 new 80e3cfeec2 Use the previous decode call in the old default for now

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 java/org/apache/tomcat/util/buf/ByteChunk.java |  52 ++-
 java/org/apache/tomcat/util/buf/StringCache.java   |  66 +++---
 test/org/apache/jasper/compiler/TestGenerator.java |   3 +-
 .../apache/tomcat/util/buf/TestStringCache.java| 100 +
 4 files changed, 208 insertions(+), 13 deletions(-)
 create mode 100644 test/org/apache/tomcat/util/buf/TestStringCache.java


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Use the previous decode call in the old default for now

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 80e3cfeec27f94b6d4f37376ec5a1c63e483c39a
Author: remm 
AuthorDate: Fri Jun 23 09:43:40 2023 +0200

Use the previous decode call in the old default for now

Just in case it makes a performance difference (the JVM code is very
different).
---
 java/org/apache/tomcat/util/buf/ByteChunk.java | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java 
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index ff00f55774..27c985e6e2 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -579,8 +579,13 @@ public final class ByteChunk extends AbstractChunk {
 // new String(byte[], int, int, Charset) takes a defensive copy of the
 // entire byte array. This is expensive if only a small subset of the
 // bytes will be used. The code below is from Apache Harmony.
-CharBuffer cb = 
charset.newDecoder().onMalformedInput(malformedInputAction)
-
.onUnmappableCharacter(unmappableCharacterAction).decode(ByteBuffer.wrap(buff, 
start, end - start));
+CharBuffer cb;
+if (malformedInputAction == CodingErrorAction.REPLACE && 
unmappableCharacterAction == CodingErrorAction.REPLACE) {
+cb = charset.decode(ByteBuffer.wrap(buff, start, end - start));
+} else {
+cb = charset.newDecoder().onMalformedInput(malformedInputAction)
+
.onUnmappableCharacter(unmappableCharacterAction).decode(ByteBuffer.wrap(buff, 
start, end - start));
+}
 return new String(cb.array(), cb.arrayOffset(), cb.length());
 }
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Add control of byte decoding errors to ByteChunk and StringCache

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 4aebe196cd02745689ced8d66c70f77c1a52af39
Author: Mark Thomas 
AuthorDate: Wed Jun 14 12:25:21 2023 +0100

Add control of byte decoding errors to ByteChunk and StringCache
---
 java/org/apache/tomcat/util/buf/ByteChunk.java |  47 +-
 java/org/apache/tomcat/util/buf/StringCache.java   |  66 +++---
 test/org/apache/jasper/compiler/TestGenerator.java |   3 +-
 .../apache/tomcat/util/buf/TestStringCache.java| 100 +
 4 files changed, 203 insertions(+), 13 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java 
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index 101f9c0eaa..ff00f55774 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -21,7 +21,9 @@ import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
+import java.nio.charset.CharacterCodingException;
 import java.nio.charset.Charset;
+import java.nio.charset.CodingErrorAction;
 import java.nio.charset.StandardCharsets;
 
 /*
@@ -521,23 +523,64 @@ public final class ByteChunk extends AbstractChunk {
 
 @Override
 public String toString() {
+try {
+return toString(CodingErrorAction.REPLACE, 
CodingErrorAction.REPLACE);
+} catch (CharacterCodingException e) {
+// Unreachable code. Use of REPLACE above means the exception will 
never be thrown.
+throw new IllegalStateException(e);
+}
+}
+
+
+public String toString(CodingErrorAction malformedInputAction, 
CodingErrorAction unmappableCharacterAction)
+throws CharacterCodingException {
 if (isNull()) {
 return null;
 } else if (end - start == 0) {
 return "";
 }
-return StringCache.toString(this);
+return StringCache.toString(this, malformedInputAction, 
unmappableCharacterAction);
 }
 
 
+/**
+ * Converts the current content of the byte buffer to a String using the 
configured character set.
+ *
+ * @return The result of converting the bytes to a String
+ *
+ * @deprecated Unused. This method will be removed in Tomcat 11 onwards.
+ */
+@Deprecated
 public String toStringInternal() {
+try {
+return toStringInternal(CodingErrorAction.REPLACE, 
CodingErrorAction.REPLACE);
+} catch (CharacterCodingException e) {
+// Unreachable code. Use of REPLACE above means the exception will 
never be thrown.
+throw new IllegalStateException(e);
+}
+}
+
+
+/**
+ * Converts the current content of the byte buffer to a String using the 
configured character set.
+ *
+ * @param malformedInputAction  Action to take if the input is 
malformed
+ * @param unmappableCharacterAction Action to take if a byte sequence 
can't be mapped to a character
+ *
+ * @return The result of converting the bytes to a String
+ *
+ * @throws CharacterCodingException If an error occurs during the 
conversion
+ */
+public String toStringInternal(CodingErrorAction malformedInputAction, 
CodingErrorAction unmappableCharacterAction)
+throws CharacterCodingException {
 if (charset == null) {
 charset = DEFAULT_CHARSET;
 }
 // new String(byte[], int, int, Charset) takes a defensive copy of the
 // entire byte array. This is expensive if only a small subset of the
 // bytes will be used. The code below is from Apache Harmony.
-CharBuffer cb = charset.decode(ByteBuffer.wrap(buff, start, end - 
start));
+CharBuffer cb = 
charset.newDecoder().onMalformedInput(malformedInputAction)
+
.onUnmappableCharacter(unmappableCharacterAction).decode(ByteBuffer.wrap(buff, 
start, end - start));
 return new String(cb.array(), cb.arrayOffset(), cb.length());
 }
 
diff --git a/java/org/apache/tomcat/util/buf/StringCache.java 
b/java/org/apache/tomcat/util/buf/StringCache.java
index d39de93cfa..5b82e44f74 100644
--- a/java/org/apache/tomcat/util/buf/StringCache.java
+++ b/java/org/apache/tomcat/util/buf/StringCache.java
@@ -16,10 +16,13 @@
  */
 package org.apache.tomcat.util.buf;
 
+import java.nio.charset.CharacterCodingException;
 import java.nio.charset.Charset;
+import java.nio.charset.CodingErrorAction;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map.Entry;
+import java.util.Objects;
 import java.util.TreeMap;
 
 import org.apache.juli.logging.Log;
@@ -208,11 +211,22 @@ public class StringCache {
 
 
 public static String toString(ByteChunk bc) {
+try {
+return toString(bc, CodingErrorAction.REPLACE, 
CodingErrorAction.REPLACE);
+} catch

[tomcat] branch 9.0.x updated (9bfc23fb97 -> 4b15583ee5)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 9bfc23fb97 Simplify reading of request body for x-www-form-urlencoded 
processing
 new 2ce6cdb5ea Add control of byte decoding errors to ByteChunk and 
StringCache
 new 4b15583ee5 Use the previous decode call in the old default for now

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 java/org/apache/tomcat/util/buf/ByteChunk.java |  52 ++-
 java/org/apache/tomcat/util/buf/StringCache.java   |  66 +++---
 test/org/apache/jasper/compiler/TestGenerator.java |   3 +-
 .../apache/tomcat/util/buf/TestStringCache.java| 100 +
 4 files changed, 208 insertions(+), 13 deletions(-)
 create mode 100644 test/org/apache/tomcat/util/buf/TestStringCache.java


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Add control of byte decoding errors to ByteChunk and StringCache

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 2ce6cdb5ea2de74832dea6ebd96f241788c8bb19
Author: Mark Thomas 
AuthorDate: Wed Jun 14 12:25:21 2023 +0100

Add control of byte decoding errors to ByteChunk and StringCache
---
 java/org/apache/tomcat/util/buf/ByteChunk.java |  47 +-
 java/org/apache/tomcat/util/buf/StringCache.java   |  66 +++---
 test/org/apache/jasper/compiler/TestGenerator.java |   3 +-
 .../apache/tomcat/util/buf/TestStringCache.java| 100 +
 4 files changed, 203 insertions(+), 13 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java 
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index 621f955af5..5872f41fc1 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -21,7 +21,9 @@ import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
+import java.nio.charset.CharacterCodingException;
 import java.nio.charset.Charset;
+import java.nio.charset.CodingErrorAction;
 import java.nio.charset.StandardCharsets;
 
 /*
@@ -564,23 +566,64 @@ public final class ByteChunk extends AbstractChunk {
 
 @Override
 public String toString() {
+try {
+return toString(CodingErrorAction.REPLACE, 
CodingErrorAction.REPLACE);
+} catch (CharacterCodingException e) {
+// Unreachable code. Use of REPLACE above means the exception will 
never be thrown.
+throw new IllegalStateException(e);
+}
+}
+
+
+public String toString(CodingErrorAction malformedInputAction, 
CodingErrorAction unmappableCharacterAction)
+throws CharacterCodingException {
 if (isNull()) {
 return null;
 } else if (end - start == 0) {
 return "";
 }
-return StringCache.toString(this);
+return StringCache.toString(this, malformedInputAction, 
unmappableCharacterAction);
 }
 
 
+/**
+ * Converts the current content of the byte buffer to a String using the 
configured character set.
+ *
+ * @return The result of converting the bytes to a String
+ *
+ * @deprecated Unused. This method will be removed in Tomcat 11 onwards.
+ */
+@Deprecated
 public String toStringInternal() {
+try {
+return toStringInternal(CodingErrorAction.REPLACE, 
CodingErrorAction.REPLACE);
+} catch (CharacterCodingException e) {
+// Unreachable code. Use of REPLACE above means the exception will 
never be thrown.
+throw new IllegalStateException(e);
+}
+}
+
+
+/**
+ * Converts the current content of the byte buffer to a String using the 
configured character set.
+ *
+ * @param malformedInputAction  Action to take if the input is 
malformed
+ * @param unmappableCharacterAction Action to take if a byte sequence 
can't be mapped to a character
+ *
+ * @return The result of converting the bytes to a String
+ *
+ * @throws CharacterCodingException If an error occurs during the 
conversion
+ */
+public String toStringInternal(CodingErrorAction malformedInputAction, 
CodingErrorAction unmappableCharacterAction)
+throws CharacterCodingException {
 if (charset == null) {
 charset = DEFAULT_CHARSET;
 }
 // new String(byte[], int, int, Charset) takes a defensive copy of the
 // entire byte array. This is expensive if only a small subset of the
 // bytes will be used. The code below is from Apache Harmony.
-CharBuffer cb = charset.decode(ByteBuffer.wrap(buff, start, end - 
start));
+CharBuffer cb = 
charset.newDecoder().onMalformedInput(malformedInputAction)
+
.onUnmappableCharacter(unmappableCharacterAction).decode(ByteBuffer.wrap(buff, 
start, end - start));
 return new String(cb.array(), cb.arrayOffset(), cb.length());
 }
 
diff --git a/java/org/apache/tomcat/util/buf/StringCache.java 
b/java/org/apache/tomcat/util/buf/StringCache.java
index d39de93cfa..5b82e44f74 100644
--- a/java/org/apache/tomcat/util/buf/StringCache.java
+++ b/java/org/apache/tomcat/util/buf/StringCache.java
@@ -16,10 +16,13 @@
  */
 package org.apache.tomcat.util.buf;
 
+import java.nio.charset.CharacterCodingException;
 import java.nio.charset.Charset;
+import java.nio.charset.CodingErrorAction;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map.Entry;
+import java.util.Objects;
 import java.util.TreeMap;
 
 import org.apache.juli.logging.Log;
@@ -208,11 +211,22 @@ public class StringCache {
 
 
 public static String toString(ByteChunk bc) {
+try {
+return toString(bc, CodingErrorAction.REPLACE, 
CodingErrorAction.REPLACE);
+} catch 

[tomcat] 02/02: Use the previous decode call in the old default for now

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 4b15583ee5781dd89b5181799b66949d2f27e514
Author: remm 
AuthorDate: Fri Jun 23 09:43:40 2023 +0200

Use the previous decode call in the old default for now

Just in case it makes a performance difference (the JVM code is very
different).
---
 java/org/apache/tomcat/util/buf/ByteChunk.java | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java 
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index 5872f41fc1..1002d2fe49 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -622,8 +622,13 @@ public final class ByteChunk extends AbstractChunk {
 // new String(byte[], int, int, Charset) takes a defensive copy of the
 // entire byte array. This is expensive if only a small subset of the
 // bytes will be used. The code below is from Apache Harmony.
-CharBuffer cb = 
charset.newDecoder().onMalformedInput(malformedInputAction)
-
.onUnmappableCharacter(unmappableCharacterAction).decode(ByteBuffer.wrap(buff, 
start, end - start));
+CharBuffer cb;
+if (malformedInputAction == CodingErrorAction.REPLACE && 
unmappableCharacterAction == CodingErrorAction.REPLACE) {
+cb = charset.decode(ByteBuffer.wrap(buff, start, end - start));
+} else {
+cb = charset.newDecoder().onMalformedInput(malformedInputAction)
+
.onUnmappableCharacter(unmappableCharacterAction).decode(ByteBuffer.wrap(buff, 
start, end - start));
+}
 return new String(cb.array(), cb.arrayOffset(), cb.length());
 }
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rmannibucau opened a new pull request, #630: [WIP] initial implementation of webresource based on path API

[via GitHub]

rmannibucau opened a new pull request, #630:
URL: https://github.com/apache/tomcat/pull/630

   Still needs a lot of work to make it usable and easily extendable but 
sharing for illustration (list).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tomcat and filesystems

[Romain Manni-Bucau]

If it helps, here is a draft: https://github.com/apache/tomcat/pull/630

Romain Manni-Bucau
@rmannibucau  |  Blog
 | Old Blog
 | Github  |
LinkedIn  | Book



Le lun. 26 juin 2023 à 10:53, Mark Thomas  a écrit :

> On 25/06/2023 13:50, Romain Manni-Bucau wrote:
> > Hi all,
> >
> > Doing some tests I realized two things:
> >
> > * tomcat still uses File a lot (thinking to default servlet stack)
> > * tomcat does not uses FileSystem abstraction and previous point would
> only
> > makes sense with this addition
> >
> > What about a (nio) Fileystem/Path based implementation of WebResourceSet?
> > It would enable to not only rely on local filesystem but also more exotic
> > ones (in mem for ex).
> > Was it already discussed/studied?
>
> I don't recall any discussions. There have been a few discussions around
> using custom implementations of various WebResouce classes but that has
> generally been to customize some specific behaviour.
>
> > Would it makes sense in tomcat codebase?
>
> It depends if there is demand for it. My initial reaction is "probably
> not".
>
> Where I think there probably is room for improvement is some refactoring
> to make it easier to use custom implementations for different parts of
> the WebResource implementation. Picking a random example, custom JAR
> handling to validate signatures.
>
> If there is a demand for extending WebResource, making it easier to have
> custom implementations will hopefully give us an insight into what that
> demand is. If there was something folks were consistently asking for
> then it would make sense to include it in the default Tomcat distribution.
>
> All that said, I do think if there was a demand for this sort of
> functionality we would have seen some indication of that on the users
> list. But maybe it is chicken/egg situation so I am in favour of making
> custom extensions/implementations easier and seeing what happens.
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

[tomcat] 02/05: Use the previous decode call in the old default for now

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 03b51908102e9fa42739e680f2b785b9b2b84f78
Author: remm 
AuthorDate: Fri Jun 23 09:43:40 2023 +0200

Use the previous decode call in the old default for now

Just in case it makes a performance difference (the JVM code is very
different).
---
 java/org/apache/tomcat/util/buf/ByteChunk.java | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java 
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index ef02a4f86b..58b6a57794 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -584,8 +584,13 @@ public final class ByteChunk extends AbstractChunk {
 // new String(byte[], int, int, Charset) takes a defensive copy of the
 // entire byte array. This is expensive if only a small subset of the
 // bytes will be used. The code below is from Apache Harmony.
-CharBuffer cb = 
charset.newDecoder().onMalformedInput(malformedInputAction)
-
.onUnmappableCharacter(unmappableCharacterAction).decode(ByteBuffer.wrap(buff, 
start, end - start));
+CharBuffer cb;
+if (malformedInputAction == CodingErrorAction.REPLACE && 
unmappableCharacterAction == CodingErrorAction.REPLACE) {
+cb = charset.decode(ByteBuffer.wrap(buff, start, end - start));
+} else {
+cb = charset.newDecoder().onMalformedInput(malformedInputAction)
+
.onUnmappableCharacter(unmappableCharacterAction).decode(ByteBuffer.wrap(buff, 
start, end - start));
+}
 return new String(cb.array(), cb.arrayOffset(), cb.length());
 }
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 04/05: Use correctly named method

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit ee8af21fe19b3c49086d30c3af4d36c61b7fb853
Author: Mark Thomas 
AuthorDate: Mon Jun 26 10:41:03 2023 +0100

Use correctly named method
---
 java/org/apache/coyote/http11/filters/SavedRequestInputFilter.java | 2 +-
 java/org/apache/tomcat/util/buf/B2CConverter.java  | 4 ++--
 java/org/apache/tomcat/util/buf/C2BConverter.java  | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/coyote/http11/filters/SavedRequestInputFilter.java 
b/java/org/apache/coyote/http11/filters/SavedRequestInputFilter.java
index ecfb8d6c13..5a79f8b4af 100644
--- a/java/org/apache/coyote/http11/filters/SavedRequestInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/SavedRequestInputFilter.java
@@ -78,7 +78,7 @@ public class SavedRequestInputFilter implements InputFilter {
 
 ByteBuffer byteBuffer = handler.getByteBuffer();
 byteBuffer.position(byteBuffer.limit()).limit(byteBuffer.capacity());
-input.substract(byteBuffer);
+input.subtract(byteBuffer);
 
 return byteBuffer.remaining();
 }
diff --git a/java/org/apache/tomcat/util/buf/B2CConverter.java 
b/java/org/apache/tomcat/util/buf/B2CConverter.java
index a7db2a3385..e623a20af4 100644
--- a/java/org/apache/tomcat/util/buf/B2CConverter.java
+++ b/java/org/apache/tomcat/util/buf/B2CConverter.java
@@ -158,7 +158,7 @@ public class B2CConverter {
 int pos = cb.position();
 // Loop until one char is decoded or there is a decoder error
 do {
-leftovers.put(bc.substractB());
+leftovers.put(bc.subtractB());
 leftovers.flip();
 result = decoder.decode(leftovers, cb, endOfInput);
 leftovers.position(leftovers.limit());
@@ -188,7 +188,7 @@ public class B2CConverter {
 if (bc.getLength() > 0) {
 leftovers.limit(leftovers.array().length);
 leftovers.position(bc.getLength());
-bc.substract(leftovers.array(), 0, bc.getLength());
+bc.subtract(leftovers.array(), 0, bc.getLength());
 }
 }
 }
diff --git a/java/org/apache/tomcat/util/buf/C2BConverter.java 
b/java/org/apache/tomcat/util/buf/C2BConverter.java
index 8082c09300..5cff0f3a78 100644
--- a/java/org/apache/tomcat/util/buf/C2BConverter.java
+++ b/java/org/apache/tomcat/util/buf/C2BConverter.java
@@ -88,7 +88,7 @@ public final class C2BConverter {
 int pos = bb.position();
 // Loop until one char is encoded or there is a encoder error
 do {
-leftovers.put((char) cc.substract());
+leftovers.put((char) cc.subtract());
 leftovers.flip();
 result = encoder.encode(leftovers, bb, false);
 leftovers.position(leftovers.limit());
@@ -117,7 +117,7 @@ public final class C2BConverter {
 if (cc.getLength() > 0) {
 leftovers.limit(leftovers.array().length);
 leftovers.position(cc.getLength());
-cc.substract(leftovers.array(), 0, cc.getLength());
+cc.subtract(leftovers.array(), 0, cc.getLength());
 }
 }
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 05/05: Use consistent naming for i18n keys

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b2d404875d5dd14d8be323fc5eca2d57c0a47919
Author: Mark Thomas 
AuthorDate: Mon Jun 26 10:43:40 2023 +0100

Use consistent naming for i18n keys
---
 java/org/apache/tomcat/util/buf/LocalStrings.properties | 3 +--
 java/org/apache/tomcat/util/buf/UDecoder.java   | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/LocalStrings.properties 
b/java/org/apache/tomcat/util/buf/LocalStrings.properties
index 523cd2dc1b..52e8efd906 100644
--- a/java/org/apache/tomcat/util/buf/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/buf/LocalStrings.properties
@@ -32,7 +32,6 @@ messageBytes.illegalCharacter=The Unicode character [{0}] at 
code point [{1}] ca
 uDecoder.eof=End of file (EOF)
 uDecoder.noSlash=The encoded slash character is not allowed
 uDecoder.urlDecode.conversionError=Failed to decode [{0}] using character set 
[{1}]
+uDecoder.urlDecode.iae=It is practical to %nn decode a byte array since how 
the %nn is encoded will vary by character set
 uDecoder.urlDecode.missingDigit=Failed to decode [{0}] because the % character 
must be followed by two hexadecimal digits
 uDecoder.urlDecode.uee=Unable to URL decode the specified input since the 
encoding [{0}] is not supported.
-
-udecoder.urlDecode.iae=It is practical to %nn decode a byte array since how 
the %nn is encoded will vary by character set
diff --git a/java/org/apache/tomcat/util/buf/UDecoder.java 
b/java/org/apache/tomcat/util/buf/UDecoder.java
index bf738ed7f8..1c46a6f566 100644
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -443,7 +443,7 @@ public final class UDecoder {
  */
 @Deprecated
 public static String URLDecode(byte[] bytes, String enc, boolean isQuery) {
-throw new 
IllegalArgumentException(sm.getString("udecoder.urlDecode.iae"));
+throw new 
IllegalArgumentException(sm.getString("uDecoder.urlDecode.iae"));
 }
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/05: Align with 9.0.x onwards

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c3b02a10c2a984553647b2fea38f2b7364a86933
Author: Mark Thomas 
AuthorDate: Mon Jun 26 10:39:02 2023 +0100

Align with 9.0.x onwards
---
 java/org/apache/tomcat/util/buf/AbstractChunk.java |  3 ++
 java/org/apache/tomcat/util/buf/ByteChunk.java | 48 +++---
 java/org/apache/tomcat/util/buf/CharChunk.java | 21 +-
 3 files changed, 65 insertions(+), 7 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/AbstractChunk.java 
b/java/org/apache/tomcat/util/buf/AbstractChunk.java
index 7bd7001181..3e06362f5f 100644
--- a/java/org/apache/tomcat/util/buf/AbstractChunk.java
+++ b/java/org/apache/tomcat/util/buf/AbstractChunk.java
@@ -18,12 +18,15 @@ package org.apache.tomcat.util.buf;
 
 import java.io.Serializable;
 
+import org.apache.tomcat.util.res.StringManager;
+
 /**
  * Base class for the *Chunk implementation to reduce duplication.
  */
 public abstract class AbstractChunk implements Cloneable, Serializable {
 
 private static final long serialVersionUID = 1L;
+protected static final StringManager sm = 
StringManager.getManager(AbstractChunk.class);
 
 /*
  * JVMs may limit the maximum array size to slightly less than 
Integer.MAX_VALUE. On markt's desktop the limit is
diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java 
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index 58b6a57794..1002d2fe49 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -26,8 +26,6 @@ import java.nio.charset.Charset;
 import java.nio.charset.CodingErrorAction;
 import java.nio.charset.StandardCharsets;
 
-import org.apache.tomcat.util.res.StringManager;
-
 /*
  * In a server it is very important to be able to operate on
  * the original byte[] without converting everything to chars.
@@ -114,8 +112,6 @@ public final class ByteChunk extends AbstractChunk {
 
 // 
 
-private static final StringManager sm = 
StringManager.getManager(ByteChunk.class);
-
 /**
  * Default encoding used to convert to strings. It should be UTF8, as most 
standards seem to converge, but the
  * servlet API requires 8859_1, and this object is used mostly for 
servlets.
@@ -387,15 +383,30 @@ public final class ByteChunk extends AbstractChunk {
 
 //  Removing data from the buffer 
 
+/*
+ * @deprecated Use {@link #subtract()}. This method will be removed in 
Tomcat 10
+ */
+@Deprecated
 public int substract() throws IOException {
+return subtract();
+}
+
+public int subtract() throws IOException {
 if (checkEof()) {
 return -1;
 }
 return buff[start++] & 0xFF;
 }
 
-
+/*
+ * @deprecated Use {@link #subtractB()}. This method will be removed in 
Tomcat 10
+ */
+@Deprecated
 public byte substractB() throws IOException {
+return subtractB();
+}
+
+public byte subtractB() throws IOException {
 if (checkEof()) {
 return -1;
 }
@@ -403,7 +414,15 @@ public final class ByteChunk extends AbstractChunk {
 }
 
 
+/*
+ * @deprecated Use {@link #subtract(byte[],int,int)}. This method will be 
removed in Tomcat 10
+ */
+@Deprecated
 public int substract(byte dest[], int off, int len) throws IOException {
+return subtract(dest, off, len);
+}
+
+public int subtract(byte dest[], int off, int len) throws IOException {
 if (checkEof()) {
 return -1;
 }
@@ -427,8 +446,27 @@ public final class ByteChunk extends AbstractChunk {
  * @return an integer specifying the actual number of bytes read, or -1 if 
the end of the stream is reached
  *
  * @throws IOException if an input or output exception has occurred
+ *
+ * @deprecated Use {@link #subtract(ByteBuffer)}. This method will be 
removed in Tomcat 10
  */
+@Deprecated
 public int substract(ByteBuffer to) throws IOException {
+return subtract(to);
+}
+
+
+/**
+ * Transfers bytes from the buffer to the specified ByteBuffer. After the 
operation the position of the ByteBuffer
+ * will be returned to the one before the operation, the limit will be the 
position incremented by the number of the
+ * transfered bytes.
+ *
+ * @param to the ByteBuffer into which bytes are to be written.
+ *
+ * @return an integer specifying the actual number of bytes read, or -1 if 
the end of the stream is reached
+ *
+ * @throws IOException if an input or output exception has occurred
+ */
+public int subtract(ByteBuffer to) throws IOException {
 if (checkEof()) {
 return -1;
 }
diff --git a/java/org/apache/tomcat/util/buf/CharChunk.java 
b/java/org

[tomcat] branch 8.5.x updated (9f55c9711c -> b2d404875d)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 9f55c9711c Simplify reading of request body for x-www-form-urlencoded 
processing
 new 04472f0d4b Add control of byte decoding errors to ByteChunk and 
StringCache
 new 03b5190810 Use the previous decode call in the old default for now
 new c3b02a10c2 Align with 9.0.x onwards
 new ee8af21fe1 Use correctly named method
 new b2d404875d Use consistent naming for i18n keys

The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../http11/filters/SavedRequestInputFilter.java|   2 +-
 java/org/apache/tomcat/util/buf/AbstractChunk.java |   3 +
 java/org/apache/tomcat/util/buf/B2CConverter.java  |   4 +-
 java/org/apache/tomcat/util/buf/ByteChunk.java | 102 +++--
 java/org/apache/tomcat/util/buf/C2BConverter.java  |   4 +-
 java/org/apache/tomcat/util/buf/CharChunk.java |  21 -
 .../apache/tomcat/util/buf/LocalStrings.properties |   3 +-
 java/org/apache/tomcat/util/buf/StringCache.java   |  66 +++--
 java/org/apache/tomcat/util/buf/UDecoder.java  |   2 +-
 test/org/apache/jasper/compiler/TestGenerator.java |   3 +-
 .../apache/tomcat/util/buf/TestStringCache.java| 100 
 11 files changed, 281 insertions(+), 29 deletions(-)
 create mode 100644 test/org/apache/tomcat/util/buf/TestStringCache.java


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/05: Add control of byte decoding errors to ByteChunk and StringCache

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 04472f0d4ba3796f5e07ba98c38c82d9154d8e7f
Author: Mark Thomas 
AuthorDate: Wed Jun 14 12:25:21 2023 +0100

Add control of byte decoding errors to ByteChunk and StringCache
---
 java/org/apache/tomcat/util/buf/ByteChunk.java |  49 +-
 java/org/apache/tomcat/util/buf/StringCache.java   |  66 +++---
 test/org/apache/jasper/compiler/TestGenerator.java |   3 +-
 .../apache/tomcat/util/buf/TestStringCache.java| 100 +
 4 files changed, 204 insertions(+), 14 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java 
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index a1a65cfdbc..ef02a4f86b 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -21,7 +21,9 @@ import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
+import java.nio.charset.CharacterCodingException;
 import java.nio.charset.Charset;
+import java.nio.charset.CodingErrorAction;
 import java.nio.charset.StandardCharsets;
 
 import org.apache.tomcat.util.res.StringManager;
@@ -526,23 +528,64 @@ public final class ByteChunk extends AbstractChunk {
 
 @Override
 public String toString() {
-if (null == buff) {
+try {
+return toString(CodingErrorAction.REPLACE, 
CodingErrorAction.REPLACE);
+} catch (CharacterCodingException e) {
+// Unreachable code. Use of REPLACE above means the exception will 
never be thrown.
+throw new IllegalStateException(e);
+}
+}
+
+
+public String toString(CodingErrorAction malformedInputAction, 
CodingErrorAction unmappableCharacterAction)
+throws CharacterCodingException {
+if (isNull()) {
 return null;
 } else if (end - start == 0) {
 return "";
 }
-return StringCache.toString(this);
+return StringCache.toString(this, malformedInputAction, 
unmappableCharacterAction);
 }
 
 
+/**
+ * Converts the current content of the byte buffer to a String using the 
configured character set.
+ *
+ * @return The result of converting the bytes to a String
+ *
+ * @deprecated Unused. This method will be removed in Tomcat 11 onwards.
+ */
+@Deprecated
 public String toStringInternal() {
+try {
+return toStringInternal(CodingErrorAction.REPLACE, 
CodingErrorAction.REPLACE);
+} catch (CharacterCodingException e) {
+// Unreachable code. Use of REPLACE above means the exception will 
never be thrown.
+throw new IllegalStateException(e);
+}
+}
+
+
+/**
+ * Converts the current content of the byte buffer to a String using the 
configured character set.
+ *
+ * @param malformedInputAction  Action to take if the input is 
malformed
+ * @param unmappableCharacterAction Action to take if a byte sequence 
can't be mapped to a character
+ *
+ * @return The result of converting the bytes to a String
+ *
+ * @throws CharacterCodingException If an error occurs during the 
conversion
+ */
+public String toStringInternal(CodingErrorAction malformedInputAction, 
CodingErrorAction unmappableCharacterAction)
+throws CharacterCodingException {
 if (charset == null) {
 charset = DEFAULT_CHARSET;
 }
 // new String(byte[], int, int, Charset) takes a defensive copy of the
 // entire byte array. This is expensive if only a small subset of the
 // bytes will be used. The code below is from Apache Harmony.
-CharBuffer cb = charset.decode(ByteBuffer.wrap(buff, start, end - 
start));
+CharBuffer cb = 
charset.newDecoder().onMalformedInput(malformedInputAction)
+
.onUnmappableCharacter(unmappableCharacterAction).decode(ByteBuffer.wrap(buff, 
start, end - start));
 return new String(cb.array(), cb.arrayOffset(), cb.length());
 }
 
diff --git a/java/org/apache/tomcat/util/buf/StringCache.java 
b/java/org/apache/tomcat/util/buf/StringCache.java
index 3ba1e6eebf..929ec58607 100644
--- a/java/org/apache/tomcat/util/buf/StringCache.java
+++ b/java/org/apache/tomcat/util/buf/StringCache.java
@@ -16,10 +16,13 @@
  */
 package org.apache.tomcat.util.buf;
 
+import java.nio.charset.CharacterCodingException;
 import java.nio.charset.Charset;
+import java.nio.charset.CodingErrorAction;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map.Entry;
+import java.util.Objects;
 import java.util.TreeMap;
 
 import org.apache.juli.logging.Log;
@@ -208,11 +211,22 @@ public class StringCache {
 
 
 public static String toString(ByteChunk bc) {
+try {
+return toString(bc

[GitHub] [tomcat] michael-o opened a new pull request, #631: Bug 66665: Provide option to supply role mapping from a properties file

[via GitHub]

michael-o opened a new pull request, #631:
URL: https://github.com/apache/tomcat/pull/631

   (no comment)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 66665] Provide option to supply role mapping from a properties file

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=5

--- Comment #1 from Michael Osipov  ---
PR provided.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot success in on tomcat-9.0.x

[buildbot]

Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/37/builds/604
Blamelist: Mark Thomas , remm 
Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch 9.0.x] 4b15583ee5781dd89b5181799b66949d2f27e514


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  compile: 1

  shell_6: 0

  shell_7: 0

  shell_8: 0

  shell_9: 0

  Rsync docs to nightlies.apache.org: 0

  shell_10: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 1

  shell_11: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot failure in on tomcat-8.5.x

[buildbot]

Build status: BUILD FAILED: failed compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/36/builds/533
Blamelist: Mark Thomas , remm 
Build Text: failed compile (failure)
Status Detected: new failure
Build Source Stamp: [branch 8.5.x] b2d404875d5dd14d8be323fc5eca2d57c0a47919


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  compile: 1

  shell_6: 0

  shell_7: 0

  shell_8: 0

  shell_9: 0

  Rsync docs to nightlies.apache.org: 0

  shell_10: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 2

  shell_11: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Arrange the doc for DNSMembershipProvider. Follow up to https://bz.apache.org/bugzilla/show_bug.cgi?id=66660

[jfclere]

This is an automated email from the ASF dual-hosted git repository.

jfclere pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 32d0d53fdd Arrange the doc for DNSMembershipProvider. Follow up to 
https://bz.apache.org/bugzilla/show_bug.cgi?id=0
32d0d53fdd is described below

commit 32d0d53fddb4ab30bf69796300ad8f2fb5297915
Author: Jean-Frederic Clere 
AuthorDate: Mon Jun 26 16:16:52 2023 +0200

Arrange the doc for DNSMembershipProvider.
Follow up to https://bz.apache.org/bugzilla/show_bug.cgi?id=0
---
 .../membership/cloud/DNSMembershipProvider.java| 26 +++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git 
a/java/org/apache/catalina/tribes/membership/cloud/DNSMembershipProvider.java 
b/java/org/apache/catalina/tribes/membership/cloud/DNSMembershipProvider.java
index f5a6874496..a9b89e2573 100644
--- 
a/java/org/apache/catalina/tribes/membership/cloud/DNSMembershipProvider.java
+++ 
b/java/org/apache/catalina/tribes/membership/cloud/DNSMembershipProvider.java
@@ -60,6 +60,8 @@ import org.apache.juli.logging.LogFactory;
  *  }
  *  
  *
+ * minimal example for the Service my-tomcat-app-membership, note the 
selector
+ *
  * {@code dns-membership-service.yml }
  *
  * 
@@ -73,14 +75,32 @@ import org.apache.juli.logging.LogFactory;
  *   name: my-tomcat-app-membership
  * spec:
  *   clusterIP: None
- *   ports:
- *   - name: membership
- * port: 
  *   selector:
  * app: my-tomcat-app
  * }
  * 
  *
+ * First Tomcat pod minimal example, note the labels that 
must correspond to the selector in the service.
+ *
+ * {@code tomcat1.yml }
+ *
+ * 
+ * {@code
+ * apiVersion: v1
+ * kind: Pod
+ * metadata:
+ *   name: tomcat1
+ *   labels:
+ * app: my-tomcat-app
+ * spec:
+ *   containers:
+ *   - name: tomcat
+ * image: tomcat
+ * ports:
+ * - containerPort: 8080
+ * }
+ * 
+ *
  * Environment variable configuration
  *
  * {@code DNS_MEMBERSHIP_SERVICE_NAME=my-tomcat-app-membership }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 66670] New: Add SSLHostConfig#certificateKeyPasswordFile

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=66670

Bug ID: 66670
   Summary: Add SSLHostConfig#certificateKeyPasswordFile
   Product: Tomcat 9
   Version: 9.0.76
  Hardware: All
OS: All
Status: NEW
  Severity: enhancement
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: micha...@apache.org
  Target Milestone: -

This is somewhat expired by
https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslpassphrasedialog and
its flexiblity, but I do not intend to request all of those features.

One of the current problems to use inline passwords (certificateKeyPassword) in
the server.xml
* Multiple connectors for the same certificate/key pair on different ports
* Multiple Tomcat instances for the same hostname, but you need different JVM
configs/version/etc. or need the physical separation between processes

All of these requires to touch every single certificateKeyPassword and update
when you rotate the cert/key pair and password. In HTTPd you don't have that
problem because you modify a single password file and done.
Note: I don't intend to put HTTPd in front of those Tomcat because I need to
configure and update it, it adds overhead and it has several open issues with
expect/continue support for some of our use cases.

I'd like to introduce this parameter only for OpenSSL or PEM-based cert keys,
not Java keystores since certificateKeystorePassword has a default value which
does not allow to make it mutually exclusive. This attribute will be mutually
exclusive with certificateKeyPassword since only either one should be
populated, an exception will be raised when both is provided.

This will require changes in a few Java files as well as Tomcat Native in Java
and C.

Target config example:
>  keepAliveTimeout="30" maxParameterCount="1000"
>   maxHttpHeaderSize="24576" maxThreads="250"
>   SSLEnabled="true" scheme="https" secure="true"
>   defaultSSLHostConfigName="%%VIRTUAL_HOSTNAME%%">
>honorCipherOrder="true" disableSessionTickets="true"
> 
> ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384">
>certificateKeyFile="/etc/ssl/%%VIRTUAL_HOSTNAME%%/key.crt"
>   certificateKeyPasswordFile="/etc/ssl/%%VIRTUAL_HOSTNAME%%/password" 
> type="RSA" />
>   
> 

IMPORTANT: This is not a security concern or to avoid plaintext passwords in
conf files, it is solely about reducing admin overhead.

Let me know what you think, I'd like to start implementing it this week.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 66670] Add SSLHostConfig#certificateKeyPasswordFile

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=66670

Michael Osipov  changed:

   What|Removed |Added

 CC||micha...@apache.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat-native] branch main updated: Trim trailing whitespace

[michaelo]

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/main by this push:
 new 3fbe5615c Trim trailing whitespace
3fbe5615c is described below

commit 3fbe5615c3350c21cdca2a84ba44888a58129aad
Author: Michael Osipov 
AuthorDate: Mon Jun 26 18:00:16 2023 +0200

Trim trailing whitespace
---
 native/src/sslconf.c| 2 +-
 native/src/sslcontext.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/native/src/sslconf.c b/native/src/sslconf.c
index a3b8cfdfd..e5b18a7ce 100644
--- a/native/src/sslconf.c
+++ b/native/src/sslconf.c
@@ -263,7 +263,7 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong 
cctx,
 c->no_ocsp_check = 1;
 TCN_FREE_CSTRING(cmd);
 TCN_FREE_CSTRING(value);
-return 1; 
+return 1;
 }
 SSL_ERR_clear();
 rc = SSL_CONF_cmd(c->cctx, J2S(cmd), buf != NULL ? buf : J2S(value));
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index 7305d72ae..73446a95d 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -141,7 +141,7 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg)
 const unsigned char *pos;
 size_t len, remaining;
 tcn_ssl_ctxt_t *c = (tcn_ssl_ctxt_t *) arg;
- 
+
 (*javavm)->AttachCurrentThread(javavm, (void **)&env, NULL);
 // Continue only if the static method exists
 if (sni_java_callback == NULL) {
@@ -161,7 +161,7 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg)
  */
 if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &pos,
&remaining)
-|| remaining <= 2) 
+|| remaining <= 2)
 goto give_up;
 
 /* Extract the length of the supplied list of names. */
@@ -221,7 +221,7 @@ give_up:
 SSL_set_session_id_context(ssl,  &(c->context_id[0]), sizeof 
c->context_id);
 }
 }
- 
+
 }
 return SSL_CLIENT_HELLO_SUCCESS;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Remove unnecessary exception wrapping

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 3e287ac4d7 Remove unnecessary exception wrapping
3e287ac4d7 is described below

commit 3e287ac4d7dbc04a364f10ede42b3518866d4ed1
Author: Mark Thomas 
AuthorDate: Mon Jun 26 17:01:36 2023 +0100

Remove unnecessary exception wrapping
---
 java/org/apache/catalina/connector/Request.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 5ce77d2d08..8094e7e565 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2799,7 +2799,7 @@ public class Request implements HttpServletRequest {
 partsParseException = new IllegalStateException(e);
 } catch (IOException e) {
 parameters.setParseFailedReason(FailReason.IO_ERROR);
-partsParseException = new IOException(e);
+partsParseException = e;
 } catch (IllegalStateException e) {
 // addParameters() will set parseFailedReason
 checkSwallowInput();


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.1.x updated: Remove unnecessary exception wrapping

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 3874e3e3ef Remove unnecessary exception wrapping
3874e3e3ef is described below

commit 3874e3e3eff6a4e9418da730899aa772ae7c5b69
Author: Mark Thomas 
AuthorDate: Mon Jun 26 17:01:36 2023 +0100

Remove unnecessary exception wrapping
---
 java/org/apache/catalina/connector/Request.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index b9307d4ccd..784f271c4c 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2841,7 +2841,7 @@ public class Request implements HttpServletRequest {
 partsParseException = new IllegalStateException(e);
 } catch (IOException e) {
 parameters.setParseFailedReason(FailReason.IO_ERROR);
-partsParseException = new IOException(e);
+partsParseException = e;
 } catch (IllegalStateException e) {
 // addParameters() will set parseFailedReason
 checkSwallowInput();


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Remove unnecessary exception wrapping

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 6986e93d6d Remove unnecessary exception wrapping
6986e93d6d is described below

commit 6986e93d6d1a8a0d27a0060b4785311a5b264014
Author: Mark Thomas 
AuthorDate: Mon Jun 26 17:01:36 2023 +0100

Remove unnecessary exception wrapping
---
 java/org/apache/catalina/connector/Request.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 79d28ef805..2a6934daa4 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2891,7 +2891,7 @@ public class Request implements HttpServletRequest {
 partsParseException = new IllegalStateException(e);
 } catch (IOException e) {
 parameters.setParseFailedReason(FailReason.IO_ERROR);
-partsParseException = new IOException(e);
+partsParseException = e;
 } catch (IllegalStateException e) {
 // addParameters() will set parseFailedReason
 checkSwallowInput();


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Remove unnecessary exception wrapping

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new faa450ac3f Remove unnecessary exception wrapping
faa450ac3f is described below

commit faa450ac3fd6c1039c20deafb7610060919272b7
Author: Mark Thomas 
AuthorDate: Mon Jun 26 17:01:36 2023 +0100

Remove unnecessary exception wrapping
---
 java/org/apache/catalina/connector/Request.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 6418b8c269..276343415c 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2906,7 +2906,7 @@ public class Request implements HttpServletRequest {
 partsParseException = new IllegalStateException(e);
 } catch (IOException e) {
 parameters.setParseFailedReason(FailReason.IO_ERROR);
-partsParseException = new IOException(e);
+partsParseException = e;
 } catch (IllegalStateException e) {
 // addParameters() will set parseFailedReason
 checkSwallowInput();


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat-native] branch 1.2.x updated: Trim trailing whitespace

[michaelo]

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 1.2.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.2.x by this push:
 new d108b0288 Trim trailing whitespace
d108b0288 is described below

commit d108b02885cea1d46948939883bfe02da464fdb1
Author: Michael Osipov 
AuthorDate: Mon Jun 26 18:00:16 2023 +0200

Trim trailing whitespace
---
 native/src/address.c| 2 +-
 native/src/info.c   | 2 +-
 native/src/poll.c   | 2 +-
 native/src/sslconf.c| 2 +-
 native/src/sslcontext.c | 6 +++---
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/native/src/address.c b/native/src/address.c
index 87a877178..af43122d6 100644
--- a/native/src/address.c
+++ b/native/src/address.c
@@ -46,7 +46,7 @@ TCN_IMPLEMENT_CALL(jlong, Address, info)(TCN_STDARGS,
 J2S(hostname), f, (apr_port_t)port,
 (apr_int32_t)flags, p), sa);
 sl = sa;
-/* 
+/*
  * apr_sockaddr_info_get may return several address so this is not
  * go to work in some cases (but as least it works for Linux)
  * XXX: with AP_ENABLE_V4_MAPPED it is going to work otherwise it won't.
diff --git a/native/src/info.c b/native/src/info.c
index 4734e542b..01d1ae4c2 100644
--- a/native/src/info.c
+++ b/native/src/info.c
@@ -140,7 +140,7 @@ apr_status_t tcn_load_finfo_class(JNIEnv *e, jclass finfo)
 GET_FINFO_S(fname);
 GET_FINFO_S(name);
 GET_FINFO_J(filehand);
-
+
 finfo_class_init = (*e)->GetMethodID(e, finfo,
   "", "()V");
 if (finfo_class_init == NULL)
diff --git a/native/src/poll.c b/native/src/poll.c
index 4414ec821..f5f2992c9 100644
--- a/native/src/poll.c
+++ b/native/src/poll.c
@@ -403,7 +403,7 @@ TCN_IMPLEMENT_CALL(jint, Poll, poll)(TCN_STDARGS, jlong 
pollset,
array or as multiple pairs depending on implementation. On OSX 
at
least, multiple pairs have been observed. In this case do not 
try
and remove socket from the pollset for a second time else a 
crash
-   will result. */ 
+   will result. */
 if (remove) {
 if (s->pe) {
 apr_pollset_remove(p->pollset, fd);
diff --git a/native/src/sslconf.c b/native/src/sslconf.c
index e2ece6fe5..6ff028b66 100644
--- a/native/src/sslconf.c
+++ b/native/src/sslconf.c
@@ -265,7 +265,7 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong 
cctx,
 c->no_ocsp_check = 1;
 TCN_FREE_CSTRING(cmd);
 TCN_FREE_CSTRING(value);
-return 1; 
+return 1;
 }
 SSL_ERR_clear();
 rc = SSL_CONF_cmd(c->cctx, J2S(cmd), buf != NULL ? buf : J2S(value));
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index c0541bd72..afec601c8 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -142,7 +142,7 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg)
 const unsigned char *pos;
 size_t len, remaining;
 tcn_ssl_ctxt_t *c = (tcn_ssl_ctxt_t *) arg;
- 
+
 (*javavm)->AttachCurrentThread(javavm, (void **)&env, NULL);
 // Continue only if the static method exists
 if (sni_java_callback == NULL) {
@@ -162,7 +162,7 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg)
  */
 if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &pos,
&remaining)
-|| remaining <= 2) 
+|| remaining <= 2)
 goto give_up;
 
 /* Extract the length of the supplied list of names. */
@@ -222,7 +222,7 @@ give_up:
 SSL_set_session_id_context(ssl,  &(c->context_id[0]), sizeof 
c->context_id);
 }
 }
- 
+
 }
 return SSL_CLIENT_HELLO_SUCCESS;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat-native] branch main updated: Align default pass phrase prompt with HTTPd

[michaelo]

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/main by this push:
 new cea4e7e87 Align default pass phrase prompt with HTTPd
cea4e7e87 is described below

commit cea4e7e87749613ae639a9236d0e531d190ee8d7
Author: Michael Osipov 
AuthorDate: Mon Jun 26 18:05:40 2023 +0200

Align default pass phrase prompt with HTTPd
---
 native/include/ssl_private.h  | 6 +++---
 xdocs/miscellaneous/changelog.xml | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index be2397053..242ab4dd4 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -171,9 +171,9 @@ extern ENGINE *tcn_ssl_engine;
 || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
 || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
 
-#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted 
for security reasons.\n"  \
-"In order to read them you have to provide the 
pass phrases.\n" \
-"Enter password :"
+#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted 
for security reasons.\n" \
+"In order to read them you have to provide the 
pass phrases.\n"\
+"Enter pass phrase:"
 
 #define SSL_CIPHERS_ALWAYS_DISABLED ("!aNULL:!eNULL:!EXP:")
 
diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
index 918615532..76d06de91 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -33,6 +33,9 @@
 
 
   
+
+  Align default pass phrase prompt with HTTPd. (michaelo)
+
 
   Rename configure.in to modern autotools style configure.ac. (rjung)
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat-native] branch 1.2.x updated: Align default pass phrase prompt with HTTPd

[michaelo]

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 1.2.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.2.x by this push:
 new 8049561c8 Align default pass phrase prompt with HTTPd
8049561c8 is described below

commit 8049561c86c3270b86dfd484fd07f1e8627d6b41
Author: Michael Osipov 
AuthorDate: Mon Jun 26 18:05:40 2023 +0200

Align default pass phrase prompt with HTTPd
---
 native/include/ssl_private.h  | 6 +++---
 xdocs/miscellaneous/changelog.xml | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index b48f7ca84..d90bc1f4b 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -171,9 +171,9 @@ extern ENGINE *tcn_ssl_engine;
 || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
 || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
 
-#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted 
for security reasons.\n"  \
-"In order to read them you have to provide the 
pass phrases.\n" \
-"Enter password :"
+#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted 
for security reasons.\n" \
+"In order to read them you have to provide the 
pass phrases.\n"\
+"Enter pass phrase:"
 
 #define SSL_CIPHERS_ALWAYS_DISABLED ("!aNULL:!eNULL:!EXP:")
 
diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
index 2f6d3d9a8..c4dd3694b 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -32,6 +32,9 @@
 
 
   
+
+  Align default pass phrase prompt with HTTPd. (michaelo)
+
   
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 66670] Add SSLHostConfig#certificateKeyPasswordFile

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=66670

Christopher Schultz  changed:

   What|Removed |Added

 Status|NEW |NEEDINFO

--- Comment #1 from Christopher Schultz  ---
Why not just use an XML entity?


]>
...
...







Or, if you really want to use a separate file:


]>

?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat-native] branch 1.2.x updated: Align default pass phrase prompt with HTTPd

[Christopher Schultz]

Michael,
On 6/26/23 13:11, micha...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 1.2.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.2.x by this push:
  new 8049561c8 Align default pass phrase prompt with HTTPd
8049561c8 is described below

commit 8049561c86c3270b86dfd484fd07f1e8627d6b41
Author: Michael Osipov 
AuthorDate: Mon Jun 26 18:05:40 2023 +0200

 Align default pass phrase prompt with HTTPd


I'm close to a -1 on this, ant it entirely comes down to something 
stupid that people should definitely NOT do, but they probably actually 
do: script the injection of a password into the startup process because 
#securityReasons and their startup process looks specifically for the 
text "Enter password".


Think expect(1) or similar being used to enter a password automatically 
when, really, the password should not be required for an automated process.


I think I'm okay with changing this for 2.x but 1.x is just too set in 
its ways at this point.


-chris


---
  native/include/ssl_private.h  | 6 +++---
  xdocs/miscellaneous/changelog.xml | 3 +++
  2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index b48f7ca84..d90bc1f4b 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -171,9 +171,9 @@ extern ENGINE *tcn_ssl_engine;
  || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
  || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
  
-#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for security reasons.\n"  \

-"In order to read them you have to provide the pass 
phrases.\n" \
-"Enter password :"
+#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for 
security reasons.\n" \
+"In order to read them you have to provide the pass 
phrases.\n"\
+"Enter pass phrase:"
  
  #define SSL_CIPHERS_ALWAYS_DISABLED ("!aNULL:!eNULL:!EXP:")
  
diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml

index 2f6d3d9a8..c4dd3694b 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -32,6 +32,9 @@
  
  

+
+  Align default pass phrase prompt with HTTPd. (michaelo)
+

  
  


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 66670] Add SSLHostConfig#certificateKeyPasswordFile

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=66670

--- Comment #2 from Michael Osipov  ---
(In reply to Christopher Schultz from comment #1)
> Why not just use an XML entity?
> 
>  
> ]>
> ...
> ...
>  ...>
>  ...>
>  ...>
>  ...>
>  ...>
>  ...>
> 
> Or, if you really want to use a separate file:
> 
>  
> ]>
> 
> ?

I haven't even thought about this. I see some logical problems to it:
* From code, this will not work, XML only
* Most people don't even know system identifiers or DTDs at all
* What will happen if the file contains a line separator? Will it be stripped
automatically?

WDYT?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org