This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push: new edf9655b34 Use OpenSSL automatically when the OpenSSLListener is in use edf9655b34 is described below commit edf9655b34b6cc83301699b8db27a4de0f91c654 Author: remm <r...@apache.org> AuthorDate: Fri Jun 28 15:05:35 2024 +0200 Use OpenSSL automatically when the OpenSSLListener is in use Port the behavior from main since FFM works well enough. --- java/org/apache/catalina/connector/Connector.java | 18 ++++++++++++++++-- webapps/docs/changelog.xml | 4 ++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/connector/Connector.java b/java/org/apache/catalina/connector/Connector.java index fd36f49d73..7685a4b5f9 100644 --- a/java/org/apache/catalina/connector/Connector.java +++ b/java/org/apache/catalina/connector/Connector.java @@ -36,6 +36,7 @@ import org.apache.coyote.Adapter; import org.apache.coyote.ProtocolHandler; import org.apache.coyote.UpgradeProtocol; import org.apache.coyote.http11.AbstractHttp11JsseProtocol; +import org.apache.coyote.http11.AbstractHttp11Protocol; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.util.IntrospectionUtils; @@ -43,8 +44,10 @@ import org.apache.tomcat.util.buf.B2CConverter; import org.apache.tomcat.util.buf.CharsetUtil; import org.apache.tomcat.util.buf.EncodedSolidusHandling; import org.apache.tomcat.util.buf.StringUtils; +import org.apache.tomcat.util.compat.JreCompat; import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.openssl.OpenSSLImplementation; +import org.apache.tomcat.util.net.openssl.OpenSSLStatus; import org.apache.tomcat.util.res.StringManager; @@ -1001,14 +1004,25 @@ public class Connector extends LifecycleMBeanBase { setParseBodyMethods(getParseBodyMethods()); } - if (AprStatus.isAprAvailable() && AprStatus.getUseOpenSSL() && - protocolHandler instanceof AbstractHttp11JsseProtocol) { + if (JreCompat.isJre22Available() && OpenSSLStatus.getUseOpenSSL() && OpenSSLStatus.isAvailable() && + protocolHandler instanceof AbstractHttp11Protocol) { + // Use FFM and OpenSSL if available + AbstractHttp11JsseProtocol<?> jsseProtocolHandler = (AbstractHttp11JsseProtocol<?>) protocolHandler; + if (jsseProtocolHandler.isSSLEnabled() && jsseProtocolHandler.getSslImplementationName() == null) { + // OpenSSL is compatible with the JSSE configuration, so use it if it is available + jsseProtocolHandler + .setSslImplementationName("org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation"); + } + } else if (AprStatus.isAprAvailable() && AprStatus.getUseOpenSSL() && + protocolHandler instanceof AbstractHttp11Protocol) { + // Use tomcat-native and OpenSSL otherwise, if available AbstractHttp11JsseProtocol<?> jsseProtocolHandler = (AbstractHttp11JsseProtocol<?>) protocolHandler; if (jsseProtocolHandler.isSSLEnabled() && jsseProtocolHandler.getSslImplementationName() == null) { // OpenSSL is compatible with the JSSE configuration, so use it if APR is available jsseProtocolHandler.setSslImplementationName(OpenSSLImplementation.class.getName()); } } + // Otherwise the default JSSE will be used try { protocolHandler.init(); diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 15b003117e..657a562d60 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -126,6 +126,10 @@ for the CORS filter, rather than only applying if the CORS filter is mapped to <code>/*</code>. (markt) </fix> + <fix> + Using the <code>OpenSSLListener</code> will now cause the connector to + use OpenSSL if available. (remm) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org