On 23/11/2016 12:23, [email protected] wrote: > Author: markt > Date: Wed Nov 23 12:23:37 2016 > New Revision: 1770952 > > URL: http://svn.apache.org/viewvc?rev=1770952&view=rev > Log: > Ensure that the availability of configured upgrade protocols that require > ALPN is correctly reported during Tomcat start.
This needs a re-think as it breaks h2 due to the change in init ordering. Mark > > Modified: > tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java > tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties > tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java > tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java > tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java > tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java > tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java > > tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java > tomcat/trunk/webapps/docs/changelog.xml > > Modified: > tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1770952&r1=1770951&r2=1770952&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java > (original) > +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java > Wed Nov 23 12:23:37 2016 > @@ -58,11 +58,11 @@ public abstract class AbstractHttp11Prot > > @Override > public void init() throws Exception { > + super.init(); > + > for (UpgradeProtocol upgradeProtocol : upgradeProtocols) { > configureUpgradeProtocol(upgradeProtocol); > } > - > - super.init(); > } > > > @@ -322,9 +322,8 @@ public abstract class AbstractHttp11Prot > */ > private final Map<String,UpgradeProtocol> negotiatedProtocols = new > HashMap<>(); > private void configureUpgradeProtocol(UpgradeProtocol upgradeProtocol) { > - boolean isSSLEnabled = getEndpoint().isSSLEnabled(); > // HTTP Upgrade > - String httpUpgradeName = > upgradeProtocol.getHttpUpgradeName(isSSLEnabled); > + String httpUpgradeName = > upgradeProtocol.getHttpUpgradeName(getEndpoint().isSSLEnabled()); > boolean httpUpgradeConfigured = false; > if (httpUpgradeName != null && httpUpgradeName.length() > 0) { > httpUpgradeProtocols.put(httpUpgradeName, upgradeProtocol); > @@ -333,21 +332,22 @@ public abstract class AbstractHttp11Prot > getName(), httpUpgradeName)); > } > > + > // ALPN > String alpnName = upgradeProtocol.getAlpnName(); > if (alpnName != null && alpnName.length() > 0) { > - // ALPN requires SSL > - if (isSSLEnabled) { > + if (getEndpoint().isAlpnSupported()) { > negotiatedProtocols.put(alpnName, upgradeProtocol); > getEndpoint().addNegotiatedProtocol(alpnName); > > getLog().info(sm.getString("abstractHttp11Protocol.alpnConfigured", > getName(), alpnName)); > } else { > if (!httpUpgradeConfigured) { > - // HTTP Upgrade is not available for this protocol so it > - // requires ALPN. It has been configured on a non-secure > - // connector where ALPN is not available. > - > getLog().error(sm.getString("abstractHttp11Protocol.alpnWithNoTls", > + // ALPN is not supported by this connector and the > upgrade > + // protocol implementation does not support standard HTTP > + // upgrade so there is no way available to enable support > + // for this protocol. > + > getLog().error(sm.getString("abstractHttp11Protocol.alpnWithNoAlpn", > upgradeProtocol.getClass().getName(), alpnName, > getName())); > } > } > > Modified: tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties?rev=1770952&r1=1770951&r2=1770952&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties > (original) > +++ tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties Wed > Nov 23 12:23:37 2016 > @@ -14,7 +14,7 @@ > # limitations under the License. > > abstractHttp11Protocol.alpnConfigured=The [{0}] connector has been > configured to support negotiation to [{1}] via ALPN > -abstractHttp11Protocol.alpnWithNoTls=The upgrade handler [{0}] for [{1}] > only supports upgrade via ALPN but has been configured for the [{2}] > connector that is not enabled for TLS. > +abstractHttp11Protocol.alpnWithNoAlpn=The upgrade handler [{0}] for [{1}] > only supports upgrade via ALPN but has been configured for the [{2}] > connector that does not support ALPN. > abstractHttp11Protocol.httpUpgradeConfigured=The [{0}] connector has been > configured to support HTTP upgrade to [{1}] > > http11processor.fallToDebug=\n Note: further occurrences of HTTP header > parsing errors will be logged at DEBUG level. > > Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1770952&r1=1770951&r2=1770952&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java > (original) > +++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Wed > Nov 23 12:23:37 2016 > @@ -459,6 +459,15 @@ public abstract class AbstractEndpoint<S > public boolean isSSLEnabled() { return SSLEnabled; } > public void setSSLEnabled(boolean SSLEnabled) { this.SSLEnabled = > SSLEnabled; } > > + /** > + * Identifies if the endpoint supports ALPN. Note that a return value of > + * <code>true</code> implies that {@link #isSSLEnabled()} will also > return > + * <code>true</code>. > + * > + * @return <code>true</true> if the endpoint supports ALPN in its current > + * configuration, otherwise <code>false</code>. > + */ > + public abstract boolean isAlpnSupported(); > > private int minSpareThreads = 10; > public void setMinSpareThreads(int minSpareThreads) { > > Modified: > tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1770952&r1=1770951&r2=1770952&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java > (original) > +++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java > Wed Nov 23 12:23:37 2016 > @@ -206,6 +206,20 @@ public abstract class AbstractJsseEndpoi > } > > > + > + @Override > + public boolean isAlpnSupported() { > + // ALPN requires TLS so if there is no SSLImplementation, or if TLS > is > + // not enabled, ALPN cannot be supported > + if (sslImplementation == null || !isSSLEnabled()) { > + return false; > + } > + > + // Depends on the SSLImplementation > + return sslImplementation.isAlpnSupported(); > + } > + > + > @Override > public void unbind() throws Exception { > for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) { > > Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1770952&r1=1770951&r2=1770952&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original) > +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Wed Nov 23 > 12:23:37 2016 > @@ -539,6 +539,16 @@ public class AprEndpoint extends Abstrac > } > > > + > + @Override > + public boolean isAlpnSupported() { > + // The APR/native connector always supports ALPN if TLS is in use > + // because OpenSSL supports ALPN. Therefore, this is equivalent to > + // testing of SSL is enabled. > + return isSSLEnabled(); > + } > + > + > /** > * Start the APR endpoint, creating acceptor, poller and sendfile > threads. > */ > > Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java?rev=1770952&r1=1770951&r2=1770952&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java > (original) > +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java Wed > Nov 23 12:23:37 2016 > @@ -67,4 +67,6 @@ public abstract class SSLImplementation > public abstract SSLSupport getSSLSupport(SSLSession session); > > public abstract SSLUtil getSSLUtil(SSLHostConfigCertificate certificate); > + > + public abstract boolean isAlpnSupported(); > } > > Modified: > tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java?rev=1770952&r1=1770951&r2=1770952&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java > (original) > +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java > Wed Nov 23 12:23:37 2016 > @@ -48,4 +48,10 @@ public class JSSEImplementation extends > public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) { > return new JSSEUtil(certificate); > } > + > + @Override > + public boolean isAlpnSupported() { > + // JSSE does not (yet) support ALPN > + return false; > + } > } > > Modified: > tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java?rev=1770952&r1=1770951&r2=1770952&view=diff > ============================================================================== > --- > tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java > (original) > +++ > tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java > Wed Nov 23 12:23:37 2016 > @@ -36,4 +36,9 @@ public class OpenSSLImplementation exten > return new OpenSSLUtil(certificate); > } > > + @Override > + public boolean isAlpnSupported() { > + // OpenSSL supportd ALPN > + return true; > + } > } > > Modified: tomcat/trunk/webapps/docs/changelog.xml > URL: > http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1770952&r1=1770951&r2=1770952&view=diff > ============================================================================== > --- tomcat/trunk/webapps/docs/changelog.xml (original) > +++ tomcat/trunk/webapps/docs/changelog.xml Wed Nov 23 12:23:37 2016 > @@ -103,6 +103,10 @@ > the capacity of this buffer when IOException occurs while writing the > headers to the socket. (violetagg) > </fix> > + <fix> > + Ensure that the availability of configured upgrade protocols that > + require ALPN is correctly reported during Tomcat start. (markt) > + </fix> > </changelog> > </subsection> > <subsection name="Web applications"> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
