This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 6ea78a60b2 Fix cause of crashes with Native + NIO2 + OpenSSL
6ea78a60b2 is described below
commit 6ea78a60b2f3e79d5b3563563a716a7c7d6b88ab
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jan 20 23:58:27 2026 +0000
Fix cause of crashes with Native + NIO2 + OpenSSL
Prevent concurrent release of <code>OpenSSLEngine</code> resources and
the termination of the Tomcat Native library as it can cause crashes
during Tomcat shutdown.clear
---
.../tomcat/util/net/openssl/OpenSSLEngine.java | 22 +++++++++++++++-------
webapps/docs/changelog.xml | 5 +++++
2 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 8a575ab86f..140e0e4a0d 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -41,6 +41,7 @@ import javax.net.ssl.SSLSessionContext;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.jni.Buffer;
+import org.apache.tomcat.jni.Library;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;
@@ -134,6 +135,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// OpenSSL state
private final long ssl;
private final long networkBIO;
+ private final long aprGeneration;
private enum Accepted {
NOT,
@@ -195,6 +197,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
if (sslCtx == 0) {
throw new
IllegalArgumentException(sm.getString("engine.noSSLContext"));
}
+ aprGeneration = Library.getGeneration();
session = new OpenSSLSession();
ssl = SSL.newSSL(sslCtx, !clientMode);
networkBIO = SSL.makeNetworkBIO(ssl);
@@ -218,14 +221,20 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
public synchronized void shutdown() {
if (!destroyed) {
destroyed = true;
- if (networkBIO != 0) {
- SSL.freeBIO(networkBIO);
- }
- if (ssl != 0) {
- SSL.freeSSL(ssl);
- }
// internal errors can cause shutdown without marking the engine
closed
isInboundDone = isOutboundDone = engineClosed = true;
+ if (Library.tryCleanUpLock(aprGeneration)) {
+ try {
+ if (networkBIO != 0) {
+ SSL.freeBIO(networkBIO);
+ }
+ if (ssl != 0) {
+ SSL.freeSSL(ssl);
+ }
+ } finally {
+ Library.returnCleanUpLock();
+ }
+ }
}
}
@@ -1442,5 +1451,4 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
}
-
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 82a7335d53..30ae69255a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -206,6 +206,11 @@
Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5.
(remm)
</fix>
+ <fix>
+ Prevent concurrent release of <code>OpenSSLEngine</code> resources and
+ the termination of the Tomcat Native library as it can cause crashes
+ during Tomcat shutdown. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
