(tomcat) branch main updated: Optimize state for contexts

2024-01-11 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new aa50220a06 Optimize state for contexts
aa50220a06 is described below

commit aa50220a06b4548b31ea185ffbd3289988adf4b2
Author: remm 
AuthorDate: Thu Jan 11 16:17:37 2024 +0100

Optimize state for contexts

This technique is likely not useful for the engine though. At best they
need holders and hassle for everything, and the map is still needed for
one callback.
---
 .../util/net/openssl/panama/OpenSSLContext.java| 55 +-
 webapps/docs/changelog.xml |  4 ++
 2 files changed, 26 insertions(+), 33 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index c79726fc76..2a3dfec8dd 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -36,7 +36,6 @@ import java.util.Arrays;
 import java.util.Base64;
 import java.util.Iterator;
 import java.util.List;
-import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Consumer;
 
 import javax.net.ssl.KeyManager;
@@ -128,17 +127,14 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 private final boolean alpn;
 private final int minTlsVersion;
 private final int maxTlsVersion;
+private final List negotiableProtocols;
 
 private OpenSSLSessionContext sessionContext;
 private String enabledProtocol;
 private boolean initialized = false;
 
 private boolean noOcspCheck = false;
-
-private static final ConcurrentHashMap states = new 
ConcurrentHashMap<>();
-private static ContextState getState(MemorySegment ctx) {
-return states.get(Long.valueOf(ctx.address()));
-}
+private X509TrustManager x509TrustManager;
 
 private final ContextState state;
 private final Arena contextArena;
@@ -292,7 +288,8 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 } catch(Exception e) {
 throw new SSLException(sm.getString("openssl.errorSSLCtxInit"), e);
 } finally {
-state = new ContextState(sslCtx, confCtx, 
negotiableProtocolsBytes);
+this.negotiableProtocols = negotiableProtocolsBytes;
+state = new ContextState(sslCtx, confCtx);
 /*
  * When an SSLHostConfig is replaced at runtime, it is not 
possible to
  * call destroy() on the associated OpenSSLContext since it is 
likely
@@ -546,15 +543,15 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 // Trust and certificate verification
 if (tms != null) {
 // Client certificate verification based on custom trust 
managers
-state.x509TrustManager = chooseTrustManager(tms);
+x509TrustManager = chooseTrustManager(tms);
 SSL_CTX_set_cert_verify_callback(state.sslCtx,
-SSL_CTX_set_cert_verify_callback$cb.allocate(new 
CertVerifyCallback(), contextArena), state.sslCtx);
+SSL_CTX_set_cert_verify_callback$cb.allocate(new 
CertVerifyCallback(x509TrustManager), contextArena), state.sslCtx);
 
 // Pass along the DER encoded certificates of the accepted 
client
 // certificate issuers, so that their subjects can be presented
 // by the server during the handshake to allow the client 
choosing
 // an acceptable certificate
-for (X509Certificate caCert : 
state.x509TrustManager.getAcceptedIssuers()) {
+for (X509Certificate caCert : 
x509TrustManager.getAcceptedIssuers()) {
 var rawCACertificate = 
localArena.allocateFrom(ValueLayout.JAVA_BYTE, caCert.getEncoded());
 var rawCACertificatePointer = 
localArena.allocateFrom(ValueLayout.ADDRESS, rawCACertificate);
 var x509CACert = d2i_X509(MemorySegment.NULL, 
rawCACertificatePointer, rawCACertificate.byteSize());
@@ -596,9 +593,9 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 }
 }
 
-if (state.negotiableProtocols != null && 
state.negotiableProtocols.size() > 0) {
+if (negotiableProtocols != null && negotiableProtocols.size() > 0) 
{
 SSL_CTX_set_alpn_select_cb(state.sslCtx,
-SSL_CTX_set_alpn_select_cb$cb.allocate(new 
ALPNSelectCallback(), contextArena), state.sslCtx);
+SSL_CTX_set_alpn_select_cb$cb.allocate(new 
ALPNSelectCallback(negotiableProtocols), contextArena), state.sslCtx);

[Bug 64848] WsSession objects in OUTPUT_CLOSED state are implicitly held by waitingProcessors and GC cannot purge them from the JVM heap

2024-01-11 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64848

--- Comment #18 from Matt M  ---
After a recent upgrade from 9.0.63 to 9.0.75 (with the 2 websocket fixes from
9.0.77 patched in) I am seeing some occurrences of the WsSession Object stuck
on the heap with state OUTPUT_CLOSED in WsHttpUpgradeHandler under
Http11Nio2Protocol.waitingProcessors.

We are in the process of identifying the steps to reproduce but these
occurrences have been rare so far.

Looking at the more recent reworking of WsSession isOpen / isClosed and
surrounding logic from BZ66574 I am wondering if it makes sense for
OUTPUT_CLOSED to also be checked in the isClosed call?   Without a reproducible
test case in place it is difficult to determine via static code analysis, but I
wanted to mention that we are seeing this after our recent upgrade and did not
see it in 9.0.63.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 67793] FORM authenticator does not remember original max inactive interval in all use-cases

2024-01-11 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=67793

channa  changed:

   What|Removed |Added

 Resolution|FIXED   |---
 Status|RESOLVED|REOPENED

--- Comment #9 from channa  ---
Hi Mark and Mircea,

Issue still occurring with Tomcat 9.0.83.
Could someone cross verify and confirm the fix please.

Thanks
Channa

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org