Author: remm Date: Fri Jul 17 14:03:15 2015 New Revision: 1691565 URL: http://svn.apache.org/r1691565 Log: Find the new better API for ALPN. Add back NPN for now since it looks easy.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1691565&r1=1691564&r2=1691565&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Fri Jul 17 14:03:15 2015 @@ -17,7 +17,6 @@ package org.apache.tomcat.util.net.openssl; import java.io.IOException; -import java.nio.charset.StandardCharsets; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -179,38 +178,6 @@ public class OpenSSLContext implements o } } - private byte[] buildAlpnConfig(List<String> protocols) { - /* - * The expected format is zero or more of the following: - * - Single byte for size - * - Sequence of size bytes for the identifier - */ - byte[][] protocolsBytes = new byte[protocols.size()][]; - int i = 0; - int size = 0; - for (String protocol : protocols) { - protocolsBytes[i] = protocol.getBytes(StandardCharsets.UTF_8); - size += protocolsBytes[i].length; - // And one byte to store the size - size++; - i++; - } - - size += ALPN_DEFAULT.length; - - byte[] result = new byte[size]; - int pos = 0; - for (byte[] protocolBytes : protocolsBytes) { - result[pos++] = (byte) (0xff & protocolBytes.length); - System.arraycopy(protocolBytes, 0, result, pos, protocolBytes.length); - pos += protocolBytes.length; - } - - System.arraycopy(ALPN_DEFAULT, 0, result, pos, ALPN_DEFAULT.length); - - return result; - } - private void destroyPools() { // Guard against multiple destroyPools() calls triggered by construction exception and finalize() later if (aprPool != 0 && DESTROY_UPDATER.compareAndSet(this, 0, 1)) { @@ -398,10 +365,12 @@ public class OpenSSLContext implements o } if (negotiableProtocols != null && negotiableProtocols.size() > 0) { - byte[] protocols = buildAlpnConfig(negotiableProtocols); - if (SSLContext.setALPN(ctx, protocols, protocols.length) != 0) { - log.warn(netSm.getString("endpoint.alpn.fail", negotiableProtocols)); - } + ArrayList<String> protocols = new ArrayList<>(); + protocols.addAll(negotiableProtocols); + protocols.add("http/1.1"); + String[] protocolsArray = protocols.toArray(new String[0]); + SSLContext.setAlpnProtos(ctx, protocolsArray, SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE); + SSLContext.setNpnProtos(ctx, protocolsArray, SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE); } sessionContext = new OpenSSLServerSessionContext(ctx); Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1691565&r1=1691564&r2=1691565&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Fri Jul 17 14:03:15 2015 @@ -1164,6 +1164,9 @@ public final class OpenSSLEngine extends } else { if (alpn) { selectedProtocol = SSL.getAlpnSelected(ssl); + if (selectedProtocol == null) { + selectedProtocol = SSL.getNextProtoNegotiated(ssl); + } } // if SSL_do_handshake returns > 0 it means the handshake was finished. This means we can update // handshakeFinished directly and so eliminate unnecessary calls to SSL.isInInit(...) @@ -1197,6 +1200,9 @@ public final class OpenSSLEngine extends if (SSL.isInInit(ssl) == 0) { if (alpn) { selectedProtocol = SSL.getAlpnSelected(ssl); + if (selectedProtocol == null) { + selectedProtocol = SSL.getNextProtoNegotiated(ssl); + } } handshakeFinished = true; return SSLEngineResult.HandshakeStatus.FINISHED; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org