This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 851e647a96 Fix cause of crashes with Native + NIO2 + OpenSSL
851e647a96 is described below
commit 851e647a962bef5f3bcd7cf20c6c924d56915e3d
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jan 20 23:58:27 2026 +0000
Fix cause of crashes with Native + NIO2 + OpenSSL
Prevent concurrent release of <code>OpenSSLEngine</code> resources and
the termination of the Tomcat Native library as it can cause crashes
during Tomcat shutdown.
---
.../tomcat/util/net/openssl/OpenSSLEngine.java | 22 ++++++++++++++++------
webapps/docs/changelog.xml | 5 +++++
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index b6add157f7..27d1c67a41 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -30,6 +30,7 @@ import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.concurrent.locks.Lock;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
@@ -42,6 +43,7 @@ import javax.net.ssl.SSLSessionContext;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.jni.AprStatus;
import org.apache.tomcat.jni.Buffer;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
@@ -224,9 +226,9 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
public synchronized void shutdown() {
if (!destroyed) {
destroyed = true;
- cleanable.clean();
// internal errors can cause shutdown without marking the engine
closed
isInboundDone = isOutboundDone = engineClosed = true;
+ cleanable.clean();
}
}
@@ -1452,11 +1454,19 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
@Override
public void run() {
- if (networkBIO != 0) {
- SSL.freeBIO(networkBIO);
- }
- if (ssl != 0) {
- SSL.freeSSL(ssl);
+ Lock readLock = AprStatus.getStatusLock().readLock();
+ readLock.lock();
+ try {
+ if (!AprStatus.isAprInitialized()) {
+ if (networkBIO != 0) {
+ SSL.freeBIO(networkBIO);
+ }
+ if (ssl != 0) {
+ SSL.freeSSL(ssl);
+ }
+ }
+ } finally {
+ readLock.unlock();
}
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 63e7cea834..3e6eaeda63 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -202,6 +202,11 @@
Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5.
(remm)
</fix>
+ <fix>
+ Prevent concurrent release of <code>OpenSSLEngine</code> resources and
+ the termination of the Tomcat Native library as it can cause crashes
+ during Tomcat shutdown. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
