This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new edf9655b34 Use OpenSSL automatically when the OpenSSLListener is in use
edf9655b34 is described below
commit edf9655b34b6cc83301699b8db27a4de0f91c654
Author: remm <[email protected]>
AuthorDate: Fri Jun 28 15:05:35 2024 +0200
Use OpenSSL automatically when the OpenSSLListener is in use
Port the behavior from main since FFM works well enough.
---
java/org/apache/catalina/connector/Connector.java | 18 ++++++++++++++++--
webapps/docs/changelog.xml | 4 ++++
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/connector/Connector.java
b/java/org/apache/catalina/connector/Connector.java
index fd36f49d73..7685a4b5f9 100644
--- a/java/org/apache/catalina/connector/Connector.java
+++ b/java/org/apache/catalina/connector/Connector.java
@@ -36,6 +36,7 @@ import org.apache.coyote.Adapter;
import org.apache.coyote.ProtocolHandler;
import org.apache.coyote.UpgradeProtocol;
import org.apache.coyote.http11.AbstractHttp11JsseProtocol;
+import org.apache.coyote.http11.AbstractHttp11Protocol;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.IntrospectionUtils;
@@ -43,8 +44,10 @@ import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.CharsetUtil;
import org.apache.tomcat.util.buf.EncodedSolidusHandling;
import org.apache.tomcat.util.buf.StringUtils;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
import org.apache.tomcat.util.res.StringManager;
@@ -1001,14 +1004,25 @@ public class Connector extends LifecycleMBeanBase {
setParseBodyMethods(getParseBodyMethods());
}
- if (AprStatus.isAprAvailable() && AprStatus.getUseOpenSSL() &&
- protocolHandler instanceof AbstractHttp11JsseProtocol) {
+ if (JreCompat.isJre22Available() && OpenSSLStatus.getUseOpenSSL() &&
OpenSSLStatus.isAvailable() &&
+ protocolHandler instanceof AbstractHttp11Protocol) {
+ // Use FFM and OpenSSL if available
+ AbstractHttp11JsseProtocol<?> jsseProtocolHandler =
(AbstractHttp11JsseProtocol<?>) protocolHandler;
+ if (jsseProtocolHandler.isSSLEnabled() &&
jsseProtocolHandler.getSslImplementationName() == null) {
+ // OpenSSL is compatible with the JSSE configuration, so use
it if it is available
+ jsseProtocolHandler
+
.setSslImplementationName("org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation");
+ }
+ } else if (AprStatus.isAprAvailable() && AprStatus.getUseOpenSSL() &&
+ protocolHandler instanceof AbstractHttp11Protocol) {
+ // Use tomcat-native and OpenSSL otherwise, if available
AbstractHttp11JsseProtocol<?> jsseProtocolHandler =
(AbstractHttp11JsseProtocol<?>) protocolHandler;
if (jsseProtocolHandler.isSSLEnabled() &&
jsseProtocolHandler.getSslImplementationName() == null) {
// OpenSSL is compatible with the JSSE configuration, so use
it if APR is available
jsseProtocolHandler.setSslImplementationName(OpenSSLImplementation.class.getName());
}
}
+ // Otherwise the default JSSE will be used
try {
protocolHandler.init();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 15b003117e..657a562d60 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,6 +126,10 @@
for the CORS filter, rather than only applying if the CORS filter is
mapped to <code>/*</code>. (markt)
</fix>
+ <fix>
+ Using the <code>OpenSSLListener</code> will now cause the connector to
+ use OpenSSL if available. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
