openssl: OpenSSLContext.java OpenSSLEngine.java

remm Fri, 17 Jul 2015 07:03:33 -0700

Author: remm
Date: Fri Jul 17 14:03:15 2015
New Revision: 1691565

URL: http://svn.apache.org/r1691565
Log:
Find the new better API for ALPN.
Add back NPN for now since it looks easy.


Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1691565&r1=1691564&r2=1691565&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
Fri Jul 17 14:03:15 2015
@@ -17,7 +17,6 @@
 package org.apache.tomcat.util.net.openssl;
 
 import java.io.IOException;
-import java.nio.charset.StandardCharsets;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
@@ -179,38 +178,6 @@ public class OpenSSLContext implements o
         }
     }
 
-    private byte[] buildAlpnConfig(List<String> protocols) {
-        /*
-         * The expected format is zero or more of the following:
-         * - Single byte for size
-         * - Sequence of size bytes for the identifier
-         */
-        byte[][] protocolsBytes = new byte[protocols.size()][];
-        int i = 0;
-        int size = 0;
-        for (String protocol : protocols) {
-            protocolsBytes[i] = protocol.getBytes(StandardCharsets.UTF_8);
-            size += protocolsBytes[i].length;
-            // And one byte to store the size
-            size++;
-            i++;
-        }
-
-        size += ALPN_DEFAULT.length;
-
-        byte[] result = new byte[size];
-        int pos = 0;
-        for (byte[] protocolBytes : protocolsBytes) {
-            result[pos++] = (byte) (0xff & protocolBytes.length);
-            System.arraycopy(protocolBytes, 0, result, pos, 
protocolBytes.length);
-            pos += protocolBytes.length;
-        }
-
-        System.arraycopy(ALPN_DEFAULT, 0, result, pos, ALPN_DEFAULT.length);
-
-        return result;
-    }
-
     private void destroyPools() {
         // Guard against multiple destroyPools() calls triggered by 
construction exception and finalize() later
         if (aprPool != 0 && DESTROY_UPDATER.compareAndSet(this, 0, 1)) {
@@ -398,10 +365,12 @@ public class OpenSSLContext implements o
             }
 
             if (negotiableProtocols != null && negotiableProtocols.size() > 0) 
{
-                byte[] protocols = buildAlpnConfig(negotiableProtocols);
-                if (SSLContext.setALPN(ctx, protocols, protocols.length) != 0) 
{
-                    log.warn(netSm.getString("endpoint.alpn.fail", 
negotiableProtocols));
-                }
+                ArrayList<String> protocols = new ArrayList<>();
+                protocols.addAll(negotiableProtocols);
+                protocols.add("http/1.1");
+                String[] protocolsArray = protocols.toArray(new String[0]);
+                SSLContext.setAlpnProtos(ctx, protocolsArray, 
SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
+                SSLContext.setNpnProtos(ctx, protocolsArray, 
SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
             }
 
             sessionContext = new OpenSSLServerSessionContext(ctx);

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1691565&r1=1691564&r2=1691565&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Fri 
Jul 17 14:03:15 2015
@@ -1164,6 +1164,9 @@ public final class OpenSSLEngine extends
         } else {
             if (alpn) {
                 selectedProtocol = SSL.getAlpnSelected(ssl);
+                if (selectedProtocol == null) {
+                    selectedProtocol = SSL.getNextProtoNegotiated(ssl);
+                }
             }
             // if SSL_do_handshake returns > 0 it means the handshake was 
finished. This means we can update
             // handshakeFinished directly and so eliminate unnecessary calls 
to SSL.isInInit(...)
@@ -1197,6 +1200,9 @@ public final class OpenSSLEngine extends
             if (SSL.isInInit(ssl) == 0) {
                 if (alpn) {
                     selectedProtocol = SSL.getAlpnSelected(ssl);
+                    if (selectedProtocol == null) {
+                        selectedProtocol = SSL.getNextProtoNegotiated(ssl);
+                    }
                 }
                 handshakeFinished = true;
                 return SSLEngineResult.HandshakeStatus.FINISHED;



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1691565 - in /tomcat/trunk/java/org/apache/tomcat/util/net/openssl: OpenSSLContext.java OpenSSLEngine.java

Reply via email to