[Bug 67609] New: Incomplete OpenSSL error handling/reporting
https://bz.apache.org/bugzilla/show_bug.cgi?id=67609
Bug ID: 67609
Summary: Incomplete OpenSSL error handling/reporting
Product: Tomcat Native
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Library
Assignee: dev@tomcat.apache.org
Reporter: micha...@apache.org
Target Milestone: ---
Verified with
* Apache Tomcat Native library [1.2.40-dev] using APR version [1.7.4]
* [OpenSSL 1.1.1t 7 Feb 2023]
* Tomcat Apache Tomcat/9.0.81-dev
But also verified on Windows and FreeBSD, this is a purely client code issue of
ours.
Consider the following:
> osipovmi@deblndw024v:~/apache-tomcat-9.0.81-dev
> $ ll conf/certs-localhost/key.crt
> -- 1 osipovmi cad 3434 2023-09-29 23:05 conf/certs-localhost/key.crt
Note: the permissions have been removed for demonstration purposes, it is not
about the permissions, but about incomplete error reporting.
Now launch:
> $ openssl s_server -accept 0.0.0.0:2 -key conf/certs-localhost/key.crt
> -cert conf/certs-localhost/cert.crt -pass
> file:conf/certs-localhost/key-password
> Can't open conf/certs-localhost/key.crt for reading, Permission denied
> 1:error:0200100D:system library:fopen:Permission
> denied:crypto/bio/bss_file.c:69:fopen('conf/certs-localhost/key.crt','r')
> 1:error:2006D002:BIO routines:BIO_new_file:system
> lib:crypto/bio/bss_file.c:78:
> unable to load server certificate private key file
We can now see two OpenSSL errors: 0200100D and 2006D002:
> $ openssl errstr 2006D002
> error:2006D002:BIO routines:BIO_new_file:system lib
> $ openssl errstr 0200100D
> error:0200100D:system library:fopen:Permission denied
Now let's do this with Tomcat:
> maxThreads="150" SSLEnabled="true"
>maxParameterCount="1000">
>
> certificateFile="conf/certs-localhost/cert.crt"
> certificateChainFile="conf/cacerts.crt"
> type="RSA" />
>
>
Output:
> 05-Oct-2023 09:16:13.086 INFORMATION [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-openssl-apr-30001"]
> 05-Oct-2023 09:16:13.098 INFORMATION [main]
> org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers The certificate
> [conf/certs-localhost/cert.crt] or its private key
> [conf/certs-localhost/key.crt] could not be processed using a JSSE key
> manager and will be given directly to OpenSSL
> 05-Oct-2023 09:16:13.099 WARNUNG [main]
> org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL
> context
> java.lang.Exception: Unable to load certificate key
> /net/home/osipovmi/apache-tomcat-9.0.81-dev/conf/certs-localhost/key.crt
> (error:0200100D:system library:fopen:Berechtigung verweigert)
> at org.apache.tomcat.jni.SSLContext.setCertificate(Native
> Method)
> at
> org.apache.tomcat.util.net.openssl.OpenSSLContext.addCertificate(OpenSSLContext.java:467)
> at
> org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:336)
> at
> org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:268)
> at
> org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:467)
> at
> org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:433)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1326)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1339)
> at
> org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:654)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75)
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1009)
> ...
According to my humble OpenSSL doc understanding
(https://www.openssl.org/docs/man3.0/man3/ERR_get_error.html) OpenSSL maintains
an error queue per thread which we never consume in a while loop nor do we
clear the queue when not fully consumed.
>From a user's PoV this is unfortunate because he/she might miss important error
information here.
It might be worth looking at mod_ssl's ssl_log_ssl_error() to get all errors
from the queue.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67609] Incomplete OpenSSL error handling/reporting
https://bz.apache.org/bugzilla/show_bug.cgi?id=67609 Michael Osipov changed: What|Removed |Added CC||micha...@apache.org -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67609] Incomplete OpenSSL error handling/reporting
https://bz.apache.org/bugzilla/show_bug.cgi?id=67609 --- Comment #1 from Michael Osipov --- This has been discovered while working on Bug 66670. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67606] Malformed JSP compilation
https://bz.apache.org/bugzilla/show_bug.cgi?id=67606 Konstantin Kolinko changed: What|Removed |Added Version|8.5.x-trunk |8.5.93 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add missing strings
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 543fe2903b Add missing strings
543fe2903b is described below
commit 543fe2903b8b08230d45e9651433de0a4e79fc15
Author: remm
AuthorDate: Thu Oct 5 11:15:09 2023 +0200
Add missing strings
Also cleanups.
---
.../org/apache/catalina/authenticator/BasicAuthenticator.java | 6 +++---
.../org/apache/catalina/authenticator/LocalStrings.properties | 3 +++
java/org/apache/catalina/realm/JNDIRealm.java | 4 ++--
java/org/apache/catalina/realm/LocalStrings.properties| 1 +
.../org/apache/coyote/http11/filters/BufferedInputFilter.java | 8 +---
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java | 3 +--
java/org/apache/coyote/http11/filters/LocalStrings.properties | 3 +++
java/org/apache/jasper/runtime/PageContextImpl.java | 2 +-
java/org/apache/tomcat/util/buf/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/buf/UDecoder.java | 4 ++--
.../tomcat/util/net/openssl/ciphers/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/threads/LocalStrings.properties | 2 ++
java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java | 11 +--
java/org/apache/tomcat/websocket/DigestAuthenticator.java | 5 -
java/org/apache/tomcat/websocket/LocalStrings.properties | 2 ++
.../org/apache/tomcat/websocket/WsRemoteEndpointImplBase.java | 5 -
16 files changed, 36 insertions(+), 25 deletions(-)
diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index 7ec9c43862..168d7505f6 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -100,7 +100,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
}
} catch (IllegalArgumentException iae) {
if (log.isDebugEnabled()) {
-log.debug("Invalid Authorization" + iae.getMessage());
+
log.debug(sm.getString("basicAuthenticator.invalidAuthorization",
iae.getMessage()));
}
}
}
@@ -205,7 +205,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
base64blobLength = authorization.getLength() - METHOD.length();
} else {
// is this possible, or permitted?
-throw new IllegalArgumentException("Authorization header
method is not \"Basic\"");
+throw new
IllegalArgumentException(sm.getString("basicAuthenticator.notBasic"));
}
}
@@ -219,7 +219,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
// restore original offset
authorization.setOffset(initialOffset);
if (decoded == null) {
-throw new IllegalArgumentException("Basic Authorization
credentials are not Base64");
+throw new
IllegalArgumentException(sm.getString("basicAuthenticator.notBase64"));
}
return decoded;
}
diff --git a/java/org/apache/catalina/authenticator/LocalStrings.properties
b/java/org/apache/catalina/authenticator/LocalStrings.properties
index 4be5aff94f..d66d2f2492 100644
--- a/java/org/apache/catalina/authenticator/LocalStrings.properties
+++ b/java/org/apache/catalina/authenticator/LocalStrings.properties
@@ -32,7 +32,10 @@ authenticator.sessionExpired=The time allowed for the login
process has been exc
authenticator.tomcatPrincipalLogoutFail=Logout with TomcatPrincipal instance
has failed
authenticator.unauthorized=Cannot authenticate with the provided credentials
+basicAuthenticator.invalidAuthorization=Invalid Authorization: [{0}]
basicAuthenticator.invalidCharset=The only permitted values are null, the
empty string or UTF-8
+basicAuthenticator.notBase64=Basic Authorization credentials are not Base64
+basicAuthenticator.notBasic=Authorization header method is not ''Basic''
digestAuthenticator.cacheRemove=A valid entry has been removed from client
nonce cache to make room for new entries. A replay attack is now possible. To
prevent the possibility of replay attacks, reduce nonceValidity or increase
nonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
digestAuthenticator.invalidAlgorithm=Unable to configure DIGEST authentication
to use the algorithm [{0}] as it is not permitted by RFC 7616.
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index a251247c94..8f26b976b9 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -2892,11 +2892,11 @@ pub
[tomcat] branch 10.1.x updated: Add missing strings
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 917ce0b468 Add missing strings
917ce0b468 is described below
commit 917ce0b4688f16a36e3cb90fd7aadc2caa1b5af8
Author: remm
AuthorDate: Thu Oct 5 11:15:09 2023 +0200
Add missing strings
Also cleanups.
---
.../org/apache/catalina/authenticator/BasicAuthenticator.java | 6 +++---
.../org/apache/catalina/authenticator/LocalStrings.properties | 3 +++
java/org/apache/catalina/realm/JNDIRealm.java | 4 ++--
java/org/apache/catalina/realm/LocalStrings.properties| 1 +
.../org/apache/coyote/http11/filters/BufferedInputFilter.java | 8 +---
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java | 3 +--
java/org/apache/coyote/http11/filters/LocalStrings.properties | 3 +++
java/org/apache/jasper/runtime/PageContextImpl.java | 2 +-
java/org/apache/tomcat/util/buf/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/buf/UDecoder.java | 4 ++--
.../tomcat/util/net/openssl/ciphers/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/threads/LocalStrings.properties | 2 ++
java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java | 11 +--
java/org/apache/tomcat/websocket/DigestAuthenticator.java | 5 -
java/org/apache/tomcat/websocket/LocalStrings.properties | 2 ++
.../org/apache/tomcat/websocket/WsRemoteEndpointImplBase.java | 5 -
16 files changed, 36 insertions(+), 25 deletions(-)
diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index 27ab6ec60d..dd8e3c751f 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -100,7 +100,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
}
} catch (IllegalArgumentException iae) {
if (log.isDebugEnabled()) {
-log.debug("Invalid Authorization" + iae.getMessage());
+
log.debug(sm.getString("basicAuthenticator.invalidAuthorization",
iae.getMessage()));
}
}
}
@@ -205,7 +205,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
base64blobLength = authorization.getLength() - METHOD.length();
} else {
// is this possible, or permitted?
-throw new IllegalArgumentException("Authorization header
method is not \"Basic\"");
+throw new
IllegalArgumentException(sm.getString("basicAuthenticator.notBasic"));
}
}
@@ -219,7 +219,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
// restore original offset
authorization.setOffset(initialOffset);
if (decoded == null) {
-throw new IllegalArgumentException("Basic Authorization
credentials are not Base64");
+throw new
IllegalArgumentException(sm.getString("basicAuthenticator.notBase64"));
}
return decoded;
}
diff --git a/java/org/apache/catalina/authenticator/LocalStrings.properties
b/java/org/apache/catalina/authenticator/LocalStrings.properties
index 4be5aff94f..d66d2f2492 100644
--- a/java/org/apache/catalina/authenticator/LocalStrings.properties
+++ b/java/org/apache/catalina/authenticator/LocalStrings.properties
@@ -32,7 +32,10 @@ authenticator.sessionExpired=The time allowed for the login
process has been exc
authenticator.tomcatPrincipalLogoutFail=Logout with TomcatPrincipal instance
has failed
authenticator.unauthorized=Cannot authenticate with the provided credentials
+basicAuthenticator.invalidAuthorization=Invalid Authorization: [{0}]
basicAuthenticator.invalidCharset=The only permitted values are null, the
empty string or UTF-8
+basicAuthenticator.notBase64=Basic Authorization credentials are not Base64
+basicAuthenticator.notBasic=Authorization header method is not ''Basic''
digestAuthenticator.cacheRemove=A valid entry has been removed from client
nonce cache to make room for new entries. A replay attack is now possible. To
prevent the possibility of replay attacks, reduce nonceValidity or increase
nonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
digestAuthenticator.invalidAlgorithm=Unable to configure DIGEST authentication
to use the algorithm [{0}] as it is not permitted by RFC 7616.
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index 75869d3662..4d0786edd0 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -2895,11 +2895,11 @@
[tomcat] branch 9.0.x updated: Add missing strings
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 31fc7c3942 Add missing strings
31fc7c3942 is described below
commit 31fc7c3942f5d867dd17ccc3e3b7904eb3012f0d
Author: remm
AuthorDate: Thu Oct 5 11:15:09 2023 +0200
Add missing strings
Also cleanups.
---
.../org/apache/catalina/authenticator/BasicAuthenticator.java | 6 +++---
.../org/apache/catalina/authenticator/LocalStrings.properties | 3 +++
java/org/apache/catalina/realm/JNDIRealm.java | 4 ++--
java/org/apache/catalina/realm/LocalStrings.properties| 1 +
.../org/apache/coyote/http11/filters/BufferedInputFilter.java | 8 +---
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java | 3 +--
java/org/apache/coyote/http11/filters/LocalStrings.properties | 3 +++
java/org/apache/jasper/runtime/PageContextImpl.java | 2 +-
java/org/apache/tomcat/util/buf/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/buf/UDecoder.java | 4 ++--
.../tomcat/util/net/openssl/ciphers/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/threads/LocalStrings.properties | 2 ++
java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java | 11 +--
java/org/apache/tomcat/websocket/DigestAuthenticator.java | 5 -
java/org/apache/tomcat/websocket/LocalStrings.properties | 2 ++
.../org/apache/tomcat/websocket/WsRemoteEndpointImplBase.java | 5 -
16 files changed, 36 insertions(+), 25 deletions(-)
diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index eb9e4dbc20..acdf084051 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -100,7 +100,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
}
} catch (IllegalArgumentException iae) {
if (log.isDebugEnabled()) {
-log.debug("Invalid Authorization" + iae.getMessage());
+
log.debug(sm.getString("basicAuthenticator.invalidAuthorization",
iae.getMessage()));
}
}
}
@@ -221,7 +221,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
base64blobLength = authorization.getLength() - METHOD.length();
} else {
// is this possible, or permitted?
-throw new IllegalArgumentException("Authorization header
method is not \"Basic\"");
+throw new
IllegalArgumentException(sm.getString("basicAuthenticator.notBasic"));
}
}
@@ -235,7 +235,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
// restore original offset
authorization.setOffset(initialOffset);
if (decoded == null) {
-throw new IllegalArgumentException("Basic Authorization
credentials are not Base64");
+throw new
IllegalArgumentException(sm.getString("basicAuthenticator.notBase64"));
}
return decoded;
}
diff --git a/java/org/apache/catalina/authenticator/LocalStrings.properties
b/java/org/apache/catalina/authenticator/LocalStrings.properties
index 4be5aff94f..d66d2f2492 100644
--- a/java/org/apache/catalina/authenticator/LocalStrings.properties
+++ b/java/org/apache/catalina/authenticator/LocalStrings.properties
@@ -32,7 +32,10 @@ authenticator.sessionExpired=The time allowed for the login
process has been exc
authenticator.tomcatPrincipalLogoutFail=Logout with TomcatPrincipal instance
has failed
authenticator.unauthorized=Cannot authenticate with the provided credentials
+basicAuthenticator.invalidAuthorization=Invalid Authorization: [{0}]
basicAuthenticator.invalidCharset=The only permitted values are null, the
empty string or UTF-8
+basicAuthenticator.notBase64=Basic Authorization credentials are not Base64
+basicAuthenticator.notBasic=Authorization header method is not ''Basic''
digestAuthenticator.cacheRemove=A valid entry has been removed from client
nonce cache to make room for new entries. A replay attack is now possible. To
prevent the possibility of replay attacks, reduce nonceValidity or increase
nonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
digestAuthenticator.invalidAlgorithm=Unable to configure DIGEST authentication
to use the algorithm [{0}] as it is not permitted by RFC 7616.
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index 84073c9824..0cfc594b21 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -2927,11 +2927,11 @@ p
[tomcat] branch 8.5.x updated: Add missing strings
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 791da44a5c Add missing strings
791da44a5c is described below
commit 791da44a5c9ed642144bc224f8f591d543c5edf3
Author: remm
AuthorDate: Thu Oct 5 11:15:09 2023 +0200
Add missing strings
Also cleanups.
---
.../org/apache/catalina/authenticator/BasicAuthenticator.java | 6 +++---
.../org/apache/catalina/authenticator/LocalStrings.properties | 3 +++
java/org/apache/catalina/realm/JNDIRealm.java | 4 ++--
java/org/apache/catalina/realm/LocalStrings.properties| 1 +
.../org/apache/coyote/http11/filters/BufferedInputFilter.java | 8 +---
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java | 3 +--
java/org/apache/coyote/http11/filters/LocalStrings.properties | 3 +++
java/org/apache/jasper/runtime/PageContextImpl.java | 2 +-
java/org/apache/tomcat/util/buf/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/buf/UDecoder.java | 4 ++--
.../tomcat/util/net/openssl/ciphers/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/threads/LocalStrings.properties | 2 ++
java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java | 11 +--
java/org/apache/tomcat/websocket/DigestAuthenticator.java | 5 -
java/org/apache/tomcat/websocket/LocalStrings.properties | 2 ++
.../org/apache/tomcat/websocket/WsRemoteEndpointImplBase.java | 5 -
16 files changed, 36 insertions(+), 25 deletions(-)
diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index eb9e4dbc20..acdf084051 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -100,7 +100,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
}
} catch (IllegalArgumentException iae) {
if (log.isDebugEnabled()) {
-log.debug("Invalid Authorization" + iae.getMessage());
+
log.debug(sm.getString("basicAuthenticator.invalidAuthorization",
iae.getMessage()));
}
}
}
@@ -221,7 +221,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
base64blobLength = authorization.getLength() - METHOD.length();
} else {
// is this possible, or permitted?
-throw new IllegalArgumentException("Authorization header
method is not \"Basic\"");
+throw new
IllegalArgumentException(sm.getString("basicAuthenticator.notBasic"));
}
}
@@ -235,7 +235,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
// restore original offset
authorization.setOffset(initialOffset);
if (decoded == null) {
-throw new IllegalArgumentException("Basic Authorization
credentials are not Base64");
+throw new
IllegalArgumentException(sm.getString("basicAuthenticator.notBase64"));
}
return decoded;
}
diff --git a/java/org/apache/catalina/authenticator/LocalStrings.properties
b/java/org/apache/catalina/authenticator/LocalStrings.properties
index 4be5aff94f..d66d2f2492 100644
--- a/java/org/apache/catalina/authenticator/LocalStrings.properties
+++ b/java/org/apache/catalina/authenticator/LocalStrings.properties
@@ -32,7 +32,10 @@ authenticator.sessionExpired=The time allowed for the login
process has been exc
authenticator.tomcatPrincipalLogoutFail=Logout with TomcatPrincipal instance
has failed
authenticator.unauthorized=Cannot authenticate with the provided credentials
+basicAuthenticator.invalidAuthorization=Invalid Authorization: [{0}]
basicAuthenticator.invalidCharset=The only permitted values are null, the
empty string or UTF-8
+basicAuthenticator.notBase64=Basic Authorization credentials are not Base64
+basicAuthenticator.notBasic=Authorization header method is not ''Basic''
digestAuthenticator.cacheRemove=A valid entry has been removed from client
nonce cache to make room for new entries. A replay attack is now possible. To
prevent the possibility of replay attacks, reduce nonceValidity or increase
nonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
digestAuthenticator.invalidAlgorithm=Unable to configure DIGEST authentication
to use the algorithm [{0}] as it is not permitted by RFC 7616.
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index 52cb739c8b..4ac8bceace 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -2943,11 +2943,11 @@ p
build failure for 10.1.x
I am getting the build failure for the tomcat 10.1.x, as I dig in I find
the below is the root cause
[javac]
E:\apache-tomcat-10.1.12-src\apache-tomcat-10.1.12-src\webapps\examples\WEB-INF\classes\websocket\drawboard\DrawboardEndpoint.java:168:
error: cannot infer type arguments for Whole
[javac] new MessageHandler.Whole<>() {
[javac] ^
[javac] reason: cannot use '<>' with anonymous inner classes
[javac] where T is a type-variable:
[javac] T extends Object declared in interface Whole
[javac] 1 error
Please help how to overcome this error
class name
DrawboardEndpoint:
private final MessageHandler.Whole stringHandler =
new MessageHandler.Whole<>() {
[Bug 67609] Incomplete OpenSSL error handling/reporting
https://bz.apache.org/bugzilla/show_bug.cgi?id=67609 --- Comment #2 from Michael Osipov --- Here is truly context missing: > 05-Oct-2023 11:57:22.432 WARNUNG [main] > org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL > context >java.lang.Exception: Unable to load certificate key password file > /net/home/osipovmi/apache-tomcat-9.0.81-dev/conf/certs-localhost/key-perm-password > (error:2006D002:BIO routines:BIO_new_file:system lib) >at org.apache.tomcat.jni.SSLContext.setCertificate(Native > Method) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67609] Incomplete OpenSSL error handling/reporting
https://bz.apache.org/bugzilla/show_bug.cgi?id=67609 --- Comment #3 from Remy Maucherat --- I would say this probably will not happen. However the Panama equivalent is a much better place to have precise (where the error actually occurs), integrated (using the same logging as the rest of Tomcat) and detailed (having access to all necessary OpenSSL error details) error reporting. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-11.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/654 Blamelist: remm Build Text: build successful Status Detected: restored build Build Source Stamp: [branch main] 543fe2903b8b08230d45e9651433de0a4e79fc15 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67609] Incomplete OpenSSL error handling/reporting
https://bz.apache.org/bugzilla/show_bug.cgi?id=67609 --- Comment #4 from Michael Osipov --- (In reply to Remy Maucherat from comment #3) > I would say this probably will not happen. How? What makes you so sure? > However the Panama equivalent is a much better place to have precise (where > the error actually occurs), integrated (using the same logging as the rest > of Tomcat) and detailed (having access to all necessary OpenSSL error > details) error reporting. This is unfeasable for a lot of users. I would expect that this would also be solved in C along with the FFM API. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: build failure for 10.1.x
On 05/10/2023 10:32, koteswara Rao Gundapaneni wrote:
I am getting the build failure for the tomcat 10.1.x, as I dig in I find
the below is the root cause
[javac]
E:\apache-tomcat-10.1.12-src\apache-tomcat-10.1.12-src\webapps\examples\WEB-INF\classes\websocket\drawboard\DrawboardEndpoint.java:168:
error: cannot infer type arguments for Whole
[javac] new MessageHandler.Whole<>() {
[javac] ^
[javac] reason: cannot use '<>' with anonymous inner classes
[javac] where T is a type-variable:
[javac] T extends Object declared in interface Whole
[javac] 1 error
Please help how to overcome this error
How are you building Tomcat to get this error.
A clean build of 10.1.x works for me.
- Ant 1.10.13
- Java 11.0.20 (Temurin)
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: build failure for 10.1.x
Here is my Tomcat environment details
java version "1.8.0_202"
Apache Ant(TM) version 1.10.13
Windows 10 Pro
apache-tomcat-10.1.12-src
On Thu, Oct 5, 2023 at 3:10 AM Mark Thomas wrote:
> On 05/10/2023 10:32, koteswara Rao Gundapaneni wrote:
> > I am getting the build failure for the tomcat 10.1.x, as I dig in I find
> > the below is the root cause
> >
> > [javac]
> >
> E:\apache-tomcat-10.1.12-src\apache-tomcat-10.1.12-src\webapps\examples\WEB-INF\classes\websocket\drawboard\DrawboardEndpoint.java:168:
> > error: cannot infer type arguments for Whole
> > [javac] new MessageHandler.Whole<>() {
> > [javac] ^
> > [javac] reason: cannot use '<>' with anonymous inner classes
> > [javac] where T is a type-variable:
> > [javac] T extends Object declared in interface Whole
> > [javac] 1 error
> >
> >
> > Please help how to overcome this error
>
> How are you building Tomcat to get this error.
>
> A clean build of 10.1.x works for me.
> - Ant 1.10.13
> - Java 11.0.20 (Temurin)
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>
[Bug 66670] Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
https://bz.apache.org/bugzilla/show_bug.cgi?id=66670 --- Comment #14 from Christopher Schultz --- Is there a particular reason to add support directly to tcnative for this? Why not read the file in Java and pass the password to libtctative as usual? This would not require any changes to libtcnative, no additional release of libtcnative, no additional upgrade of libtcnative for users, etc.? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67609] Incomplete OpenSSL error handling/reporting
https://bz.apache.org/bugzilla/show_bug.cgi?id=67609 --- Comment #5 from Christopher Schultz --- It may just be a coincidence, but in this case (cannot load cert; file permission error), Tomcat detects the important error (permission error) and reports it to the client. Would it be enough to simply clear the error queue any time we consult it? Just... discard the remaining errors in the queue? Otherwise, we'd have to grab all the error codes (and strings?) and return what amounts to a compound exception to the caller. It's doable, of course, but ugly. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67609] Incomplete OpenSSL error handling/reporting
https://bz.apache.org/bugzilla/show_bug.cgi?id=67609 --- Comment #6 from Michael Osipov --- (In reply to Christopher Schultz from comment #5) > It may just be a coincidence, but in this case (cannot load cert; file > permission error), Tomcat detects the important error (permission error) and > reports it to the client. Well, it does not only apply to the cert loading issue, but to any OpenSSL function which might return with an error. > Would it be enough to simply clear the error queue any time we consult it? > Just... discard the remaining errors in the queue? Otherwise, we'd have to > grab all the error codes (and strings?) and return what amounts to a > compound exception to the caller. It's doable, of course, but ugly. As far as I understand the documentation you must clear the queue if you aren't going to consume it completely. Grabbing everything like in mod_ssl is, of course, the best option not to miss something. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66670] Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
https://bz.apache.org/bugzilla/show_bug.cgi?id=66670 --- Comment #15 from Michael Osipov --- (In reply to Christopher Schultz from comment #14) > Is there a particular reason to add support directly to tcnative for this? > Why not read the file in Java and pass the password to libtctative as usual? > This would not require any changes to libtcnative, no additional release of > libtcnative, no additional upgrade of libtcnative for users, etc.? While you are right, I am doing this for consistency with the rest. Consider that not only Tomcat might use libtcnative, they will benefit as well. Netty does use libtcnative as well. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: build failure for 10.1.x
On 05/10/2023 12:10, koteswara Rao Gundapaneni wrote:
Here is my Tomcat environment details
java version "1.8.0_202"
Apache Ant(TM) version 1.10.13
Windows 10 Pro
apache-tomcat-10.1.12-src
Tomcat 10.1.x requires a minimum of Java 11 to build.
Mark
On Thu, Oct 5, 2023 at 3:10 AM Mark Thomas wrote:
On 05/10/2023 10:32, koteswara Rao Gundapaneni wrote:
I am getting the build failure for the tomcat 10.1.x, as I dig in I find
the below is the root cause
[javac]
E:\apache-tomcat-10.1.12-src\apache-tomcat-10.1.12-src\webapps\examples\WEB-INF\classes\websocket\drawboard\DrawboardEndpoint.java:168:
error: cannot infer type arguments for Whole
[javac] new MessageHandler.Whole<>() {
[javac] ^
[javac] reason: cannot use '<>' with anonymous inner classes
[javac] where T is a type-variable:
[javac] T extends Object declared in interface Whole
[javac] 1 error
Please help how to overcome this error
How are you building Tomcat to get this error.
A clean build of 10.1.x works for me.
- Ant 1.10.13
- Java 11.0.20 (Temurin)
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Handling has changed from NPE to ISE
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 781453bd13 Handling has changed from NPE to ISE
781453bd13 is described below
commit 781453bd13cd7c0119f1c0f2c2901a00ee7f87ee
Author: Mark Thomas
AuthorDate: Thu Oct 5 13:25:19 2023 +0100
Handling has changed from NPE to ISE
---
test/org/apache/catalina/core/TestAsyncContextImpl.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/catalina/core/TestAsyncContextImpl.java
b/test/org/apache/catalina/core/TestAsyncContextImpl.java
index f2325d8da1..2cbbddc262 100644
--- a/test/org/apache/catalina/core/TestAsyncContextImpl.java
+++ b/test/org/apache/catalina/core/TestAsyncContextImpl.java
@@ -296,12 +296,12 @@ public class TestAsyncContextImpl extends TomcatBaseTest {
// may be recycled at any point. Normally
// there is enough time for this call to
// complete but not always. If this call
-// fails in Tomcat an NPE will result so
+// fails in Tomcat an ISE will result so
// handle this here with a hack. What we are
// really checking here is that it does not
// return true.
result.append(req.isAsyncStarted());
-} catch (NullPointerException npe) {
+} catch (IllegalStateException npe) {
result.append("false");
} catch (Throwable t) {
// Additional debugging for intermittent test
failure
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Handling has changed from NPE to ISE
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 4cb90b09b6 Handling has changed from NPE to ISE
4cb90b09b6 is described below
commit 4cb90b09b68b2a8a314b8471107f732eb7d0af26
Author: Mark Thomas
AuthorDate: Thu Oct 5 13:25:19 2023 +0100
Handling has changed from NPE to ISE
---
test/org/apache/catalina/core/TestAsyncContextImpl.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/catalina/core/TestAsyncContextImpl.java
b/test/org/apache/catalina/core/TestAsyncContextImpl.java
index 9688548818..b5e9614f46 100644
--- a/test/org/apache/catalina/core/TestAsyncContextImpl.java
+++ b/test/org/apache/catalina/core/TestAsyncContextImpl.java
@@ -296,12 +296,12 @@ public class TestAsyncContextImpl extends TomcatBaseTest {
// may be recycled at any point. Normally
// there is enough time for this call to
// complete but not always. If this call
-// fails in Tomcat an NPE will result so
+// fails in Tomcat an ISE will result so
// handle this here with a hack. What we are
// really checking here is that it does not
// return true.
result.append(req.isAsyncStarted());
-} catch (NullPointerException npe) {
+} catch (IllegalStateException npe) {
result.append("false");
} catch (Throwable t) {
// Additional debugging for intermittent test
failure
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Handling has changed from NPE to ISE
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new c0c30f9e0c Handling has changed from NPE to ISE
c0c30f9e0c is described below
commit c0c30f9e0ca40e8d84c906920db09f53bf781173
Author: Mark Thomas
AuthorDate: Thu Oct 5 13:25:19 2023 +0100
Handling has changed from NPE to ISE
---
test/org/apache/catalina/core/TestAsyncContextImpl.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/catalina/core/TestAsyncContextImpl.java
b/test/org/apache/catalina/core/TestAsyncContextImpl.java
index 59b0e2356f..02116c5939 100644
--- a/test/org/apache/catalina/core/TestAsyncContextImpl.java
+++ b/test/org/apache/catalina/core/TestAsyncContextImpl.java
@@ -296,12 +296,12 @@ public class TestAsyncContextImpl extends TomcatBaseTest {
// may be recycled at any point. Normally
// there is enough time for this call to
// complete but not always. If this call
-// fails in Tomcat an NPE will result so
+// fails in Tomcat an ISE will result so
// handle this here with a hack. What we are
// really checking here is that it does not
// return true.
result.append(req.isAsyncStarted());
-} catch (NullPointerException npe) {
+} catch (IllegalStateException npe) {
result.append("false");
} catch (Throwable t) {
// Additional debugging for intermittent test
failure
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Handling has changed from NPE to ISE
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 46698a3abb Handling has changed from NPE to ISE
46698a3abb is described below
commit 46698a3abb01ba807645fc416903f821b292efd3
Author: Mark Thomas
AuthorDate: Thu Oct 5 13:25:19 2023 +0100
Handling has changed from NPE to ISE
---
test/org/apache/catalina/core/TestAsyncContextImpl.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/catalina/core/TestAsyncContextImpl.java
b/test/org/apache/catalina/core/TestAsyncContextImpl.java
index 8a9355b474..e8e95994b0 100644
--- a/test/org/apache/catalina/core/TestAsyncContextImpl.java
+++ b/test/org/apache/catalina/core/TestAsyncContextImpl.java
@@ -296,12 +296,12 @@ public class TestAsyncContextImpl extends TomcatBaseTest {
// may be recycled at any point. Normally
// there is enough time for this call to
// complete but not always. If this call
-// fails in Tomcat an NPE will result so
+// fails in Tomcat an ISE will result so
// handle this here with a hack. What we are
// really checking here is that it does not
// return true.
result.append(req.isAsyncStarted());
-} catch (NullPointerException npe) {
+} catch (IllegalStateException npe) {
result.append("false");
} catch (Throwable t) {
// Additional debugging for intermittent test
failure
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: build failure for 10.1.x
On 2023/10/05 12:19:43 Mark Thomas wrote: > On 05/10/2023 12:10, koteswara Rao Gundapaneni wrote: > > Here is my Tomcat environment details > > > > java version "1.8.0_202" > > Apache Ant(TM) version 1.10.13 > > Windows 10 Pro > > apache-tomcat-10.1.12-src > > Tomcat 10.1.x requires a minimum of Java 11 to build. Time for Bug 67538... - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67609] Incomplete OpenSSL error handling/reporting
https://bz.apache.org/bugzilla/show_bug.cgi?id=67609 --- Comment #7 from Remy Maucherat --- (In reply to Michael Osipov from comment #4) > (In reply to Remy Maucherat from comment #3) > > I would say this probably will not happen. > > How? What makes you so sure? The pace of changes in tomcat-native ... > > However the Panama equivalent is a much better place to have precise (where > > the error actually occurs), integrated (using the same logging as the rest > > of Tomcat) and detailed (having access to all necessary OpenSSL error > > details) error reporting. > > This is unfeasable for a lot of users. I would expect that this would also > be solved in C along with the FFM API. Yes and no. In a few months time, you could debug/test this kind of startup issue with Java 22, before moving back to tomcat-native and a more reasonable Java version. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67611] New: BUILDING.txt contains broken link
https://bz.apache.org/bugzilla/show_bug.cgi?id=67611 Bug ID: 67611 Summary: BUILDING.txt contains broken link Product: Tomcat 10 Version: 10.1.13 Hardware: All OS: All Status: NEW Severity: minor Priority: P2 Component: Documentation Assignee: dev@tomcat.apache.org Reporter: micha...@apache.org Target Milestone: -- BUILDING.txt for 10.1.x contains https://tomcat.apache.org/download-100.cgi, but when I load it I see a broken page. I guess it should be https://tomcat.apache.org/download-10.cgi? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67611] BUILDING.txt contains broken link
https://bz.apache.org/bugzilla/show_bug.cgi?id=67611 Michael Osipov changed: What|Removed |Added CC||micha...@apache.org -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67606] Malformed JSP compilation
https://bz.apache.org/bugzilla/show_bug.cgi?id=67606 --- Comment #5 from E --- Awesome, thanks Mark! I'll fix/upgrade on my end. This issue can be closed. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67615] New: Windows binary for version 2 has incorrect version suffix compared to the GNU autoconf version
https://bz.apache.org/bugzilla/show_bug.cgi?id=67615 Bug ID: 67615 Summary: Windows binary for version 2 has incorrect version suffix compared to the GNU autoconf version Product: Tomcat Native Version: 2.0.6 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Library Assignee: dev@tomcat.apache.org Reporter: micha...@apache.org Target Milestone: --- When compiling from main on Windows I still get "C:\Entwicklung\Projekte\tomcat-native\native\WIN10_X64_DLL_RELEASE\tcnative-1.dll", but properties say 2.0.7. The problem is in NMAKEmakefile, variable PROJECT: !IF !DEFINED(APR_DECLARE_STATIC) || "$(APR_DECLARE_STATIC)" == "" PROJECT = libtcnative-1 !ELSE PROJECT = tcnative-1 !ENDIF Either the 1 is statically replaced with a 2 or a new variable is introduced. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67615] Windows binary for version 2 has incorrect version suffix compared to the GNU autoconf version
https://bz.apache.org/bugzilla/show_bug.cgi?id=67615 Michael Osipov changed: What|Removed |Added OS||All CC||micha...@apache.org -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67616] New: org/apache/tomcat/jni/SSL.java contains useless check for old OpenSSL version
https://bz.apache.org/bugzilla/show_bug.cgi?id=67616
Bug ID: 67616
Summary: org/apache/tomcat/jni/SSL.java contains useless check
for old OpenSSL version
Product: Tomcat Native
Version: 2.0.6
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Library
Assignee: dev@tomcat.apache.org
Reporter: micha...@apache.org
Target Milestone: ---
Tomcat Native 2.0 requires OpenSSL 3.0, but the class still contains useless
check:
> 75 static {
> 76 if (version() >= 0x1010100f) {
> 77 SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 | SSL_PROTOCOL_TLSV1_1
> | SSL_PROTOCOL_TLSV1_2 |
> 78 SSL_PROTOCOL_TLSV1_3);
> 79 } else {
> 80 SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 | SSL_PROTOCOL_TLSV1_1
> | SSL_PROTOCOL_TLSV1_2);
> 81 }
> 82 }
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67616] org/apache/tomcat/jni/SSL.java contains useless check for old OpenSSL version
https://bz.apache.org/bugzilla/show_bug.cgi?id=67616 Michael Osipov changed: What|Removed |Added CC||micha...@apache.org -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67611] BUILDING.txt contains broken link
https://bz.apache.org/bugzilla/show_bug.cgi?id=67611 --- Comment #1 from Han Li --- (In reply to Michael Osipov from comment #0) > BUILDING.txt for 10.1.x contains https://tomcat.apache.org/download-100.cgi, > but when I load it I see a broken page. I guess it should be > https://tomcat.apache.org/download-10.cgi? This link is spliced according to the @VERSION_MAJOR@0 rule, therefore `dowload-100` is right. But base on [1] commit, we can safely remove the ending 0. ;) [1] https://github.com/aooohan/tomcat/commit/b1202867f414ad41a0decfdf67f7f3ac3405d400 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Fix BZ 67611 - Correct the download link in BUILDING.txt
This is an automated email from the ASF dual-hosted git repository.
lihan pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new de99971200 Fix BZ 67611 - Correct the download link in BUILDING.txt
de99971200 is described below
commit de999712000741a42cf4bcd91a8cc43ea2a9a5d8
Author: lihan
AuthorDate: Fri Oct 6 12:24:44 2023 +0800
Fix BZ 67611 - Correct the download link in BUILDING.txt
https://bz.apache.org/bugzilla/show_bug.cgi?id=67611
---
BUILDING.txt | 2 +-
webapps/docs/changelog.xml | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 5eee8234cc..799b579ba8 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -104,7 +104,7 @@ package.
* Source packages can be downloaded from:
-https://tomcat.apache.org/download-@version_ma...@0.cgi
+https://tomcat.apache.org/download-@VERSION_MAJOR@.cgi
The location where the source has been placed will be further referred as
${tomcat.source}.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8ea4205594..4042c974bf 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -195,6 +195,9 @@
Update Commons Pool to 2.12.0. (markt)
+
+67611: Correct the download link in BUILDING.txt. (lihan)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix BZ 67611 - Correct the download link in BUILDING.txt
This is an automated email from the ASF dual-hosted git repository.
lihan pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a0605e86a8 Fix BZ 67611 - Correct the download link in BUILDING.txt
a0605e86a8 is described below
commit a0605e86a8ebcc39e0b72d82a2e2b1840855069c
Author: lihan
AuthorDate: Fri Oct 6 12:24:44 2023 +0800
Fix BZ 67611 - Correct the download link in BUILDING.txt
https://bz.apache.org/bugzilla/show_bug.cgi?id=67611
---
BUILDING.txt | 2 +-
webapps/docs/changelog.xml | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 5eee8234cc..799b579ba8 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -104,7 +104,7 @@ package.
* Source packages can be downloaded from:
-https://tomcat.apache.org/download-@version_ma...@0.cgi
+https://tomcat.apache.org/download-@VERSION_MAJOR@.cgi
The location where the source has been placed will be further referred as
${tomcat.source}.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index de2e082745..0a8fd38b2b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -208,6 +208,9 @@
Update Commons Pool to 2.12.0. (markt)
+
+67611: Correct the download link in BUILDING.txt. (lihan)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67611] BUILDING.txt contains broken link
https://bz.apache.org/bugzilla/show_bug.cgi?id=67611 Han Li changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from Han Li --- Fixed in: - 11.0.x for 11.0.0-M12 onwards - 10.1.x for 10.1.14 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
