RE: Better support for OpenJSSE?
Since I was the one that brought up a question about OpenJSSE on the User Mailing List several weeks ago, just wanted to bring up to your attention that there are quirks of OpenJSSE that people are discovering. I was able to get TC85 to run with OpenJSSE but admitting haven’t done extensive testing. For example this thread [1]. There are also other projects (such as OkHttp http client) that have ran into specificities on running with OpenJSSE. [1] https://github.com/openjsse/openjsse/issues/10#issuecomment-533318077 (sorry for top posting, Outlook doesn’t make it easy) From: Rémy Maucherat Sent: Thursday, September 19, 2019 5:02 AM To: Tomcat Developers List Subject: Re: Better support for OpenJSSE? On Thu, Sep 19, 2019 at 12:01 PM Mark Thomas mailto:ma...@apache.org>> wrote: On 19/09/2019 09:27, Rainer Jung wrote: > I made a patch to detect ALPN support at runtime using reflection. > Please have a look. Feedback welcome, whether we want to include that or > whether we want to stick with the simpler approach we currently use. Past experience suggests a lot of users will be on Java 8 for quite some time. I think it makes sense to support this. > Of > course the windows for Java 8 plus OpenJSSE is getting smaller over > time, and users could also use tcnative to get TLS 1.3 and HTTP/2. On > the other hand integration of OpenJSSE is pretty simple and some users > don't like native code in their JVM (and its maintenance). IMHO support > for OpenJSSE (including HTTP/2) would be a nice addition. > > My TC 9 patch is available under: > > http://home.apache.org/~rjung/patches/tc9-openjsse.patch > > It moves the ALPN detection from classes Jre(9)Compat to class TLS in > the same package and uses the same approach that we use for other > runtime detection. It needs to make one method accessible, because under > Java 9+ the implementation class SSLEngineImpl is no longer a public > class. Since it is accessed normally via SSLEngine, direct method calls > still work, but reflective calls no longer. Currently TLS.java is only used by the unit tests. We only need to use reflection on Java 8 since we know ALPN is available on Java 9 onwards. The module system adds additional restrictions to calling setAccessible() that might cause problems in the future. I was a bit worried about that too. I wonder if a cleaner solution might be: - Move isTlsv13Available to TesterSupport and deprecate TLS.java - Add isAlpnAvailable() to JreCompat where: - Java 7 (for 8.5.x) hard codes to false - Java 8 uses reflection - Java 9 hard codes to true +1 Personally I wouldn't use OpenJSSE over tomcat-native (performance ? long term support ?), but since it's only about making the Tomcat code a bit more flexible that works for me. Rémy
buildbot success in on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/4621 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 6a173978c5865421192578da21ec8f418e5a3da4 Blamelist: Mark Thomas Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Nexus: Promotion Completed
Message from: https://repository.apache.orgDeployer properties:"userAgent" = "maven-artifact/2.2.1 (Java 1.7.0_80; Windows 7 6.1)""userId" = "markt""ip" = "86.144.250.12"Details:The following artifacts have been promoted to the "Releases" [id=releases] repository/org/apache/tomcat/tomcat-i18n-de/8.5.46/tomcat-i18n-de-8.5.46.pom(SHA1: d23bee92359009bb3ac3485fe5b9764eca832fd7)/org/apache/tomcat/tomcat-i18n-de/8.5.46/tomcat-i18n-de-8.5.46.jar(SHA1: d2f3003fbaa0ee99340dda041afd9148655e248c)/org/apache/tomcat/tomcat-i18n-de/8.5.46/tomcat-i18n-de-8.5.46.jar.asc(SHA1: cdfff2d664b52bddc04996fb3100562e0137b766)/org/apache/tomcat/tomcat-i18n-de/8.5.46/tomcat-i18n-de-8.5.46.pom.asc(SHA1: 4cb627ba89ddbfc146b035b434c8bf7733382f3c)/org/apache/tomcat/tomcat-jni/8.5.46/tomcat-jni-8.5.46.jar.asc(SHA1: 91ebfae01fb30ddce644ee1dcaa22b375dfcdd3d)/org/apache/tomcat/tomcat-jni/8.5.46/tomcat-jni-8.5.46.pom(SHA1: a94ba0d3c7c2567d4494b016e0ee8139c6cd5313)/org/apache/tomcat/tomcat-jni/8.5.46/tomcat-jni-8.5.46.jar(SHA1: 1f089f96ec103f9eb1356859a610df9545058805)/org/apache/tomcat/tomcat-jni/8.5.46/tomcat-jni-8.5.46-sources.jar.asc(SHA1: c405a25ae428a0bee71a431c3836b913ae808df0)/org/apache/tomcat/tomcat-jni/8.5.46/tomcat-jni-8.5.46.pom.asc(SHA1: 9031ca041ea303220792cfc8319ae53b1328b22e)/org/apache/tomcat/tomcat-jni/8.5.46/tomcat-jni-8.5.46-sources.jar(SHA1: 971c2db9b418039541f6d6b473efb0538c54a850)/org/apache/tomcat/tomcat-juli/8.5.46/tomcat-juli-8.5.46.pom.asc(SHA1: 8380a40384e9c70bcb29731ec65d7fdb7969caaa)/org/apache/tomcat/tomcat-juli/8.5.46/tomcat-juli-8.5.46.pom(SHA1: 4f1ff658dcbcf3663afd218e870f8090519edc41)/org/apache/tomcat/tomcat-juli/8.5.46/tomcat-juli-8.5.46-sources.jar(SHA1: 95aedae892cd036f2a7cfb034e0940406cd3b430)/org/apache/tomcat/tomcat-juli/8.5.46/tomcat-juli-8.5.46-sources.jar.asc(SHA1: 98c7a55297ff99e1559871abe54f502b7763ba18)/org/apache/tomcat/tomcat-juli/8.5.46/tomcat-juli-8.5.46.jar.asc(SHA1: 9a720ee91cecb312afdc9bab0080204276bad58a)/org/apache/tomcat/tomcat-juli/8.5.46/tomcat-juli-8.5.46.jar(SHA1: d5053263d572a1d4737a3efa17ecd1a9816c5aa3)/org/apache/tomcat/tomcat-util/8.5.46/tomcat-util-8.5.46-sources.jar(SHA1: bb552d09c9934c75a11ac638d4cce41cc403e76e)/org/apache/tomcat/tomcat-util/8.5.46/tomcat-util-8.5.46.jar.asc(SHA1: ed2e8b0a345d6451735fe89c4009d1648c1f5694)/org/apache/tomcat/tomcat-util/8.5.46/tomcat-util-8.5.46.pom(SHA1: df5dec4ac74f5f4a32c9bf1e2411ac702fc0c0f0)/org/apache/tomcat/tomcat-util/8.5.46/tomcat-util-8.5.46.pom.asc(SHA1: 77ac836af55d8838fe2b1c0b940efdd657e474eb)/org/apache/tomcat/tomcat-util/8.5.46/tomcat-util-8.5.46.jar(SHA1: 89bda6bccc2c92e9f4106e6ecfeadbb448ce2173)/org/apache/tomcat/tomcat-util/8.5.46/tomcat-util-8.5.46-sources.jar.asc(SHA1: 1a5cdfd74f33eb379b2e3d4173f7bf4ce042d904)/org/apache/tomcat/tomcat-catalina/8.5.46/tomcat-catalina-8.5.46.pom.asc(SHA1: b7d886fe0ce99d160c67dc7b2b4829cd436dddee)/org/apache/tomcat/tomcat-catalina/8.5.46/tomcat-catalina-8.5.46-sources.jar.asc(SHA1: 6fd96ef7dd38fe5e69afb4a6dc894c52e3300e10)/org/apache/tomcat/tomcat-catalina/8.5.46/tomcat-catalina-8.5.46.pom(SHA1: f5a970ce0b17af738c29e61fdc0e4e3bc438b2ec)/org/apache/tomcat/tomcat-catalina/8.5.46/tomcat-catalina-8.5.46.jar.asc(SHA1: f05cf5a12875f76b962cd52b65af07651c807eca)/org/apache/tomcat/tomcat-catalina/8.5.46/tomcat-catalina-8.5.46-sources.jar(SHA1: 3b11ce14899fe2e82986994b646a1ef478fc15d8)/org/apache/tomcat/tomcat-catalina/8.5.46/tomcat-catalina-8.5.46.jar(SHA1: 679f8e9adf311e2af78480b5e4ba4f2c1d8a616c)/org/apache/tomcat/tomcat-catalina-ws/8.5.46/tomcat-catalina-ws-8.5.46-sources.jar.asc(SHA1: 4b37178dfd1a93aa00d421372180b7d39e93aba7)/org/apache/tomcat/tomcat-catalina-ws/8.5.46/tomcat-catalina-ws-8.5.46.pom.asc(SHA1: 35f4ad663b037b97c1df57648bde96ced6a85d56)/org/apache/tomcat/tomcat-catalina-ws/8.5.46/tomcat-catalina-ws-8.5.46.pom(SHA1: c998e0415fdd11c6383e0ec3f88072578f511e99)/org/apache/tomcat/tomcat-catalina-ws/8.5.46/tomcat-catalina-ws-8.5.46.jar(SHA1: 06528eef915b939318161fa47bd8d5753c2d34f1)/org/apache/tomcat/tomcat-catalina-ws/8.5.46/tomcat-catalina-ws-8.5.46-sources.jar(SHA1: 56c63c2337598ced57650747b4d11533dc0738d8)/org/apache/tomcat/tomcat-catalina-ws/8.5.46/tomcat-catalina-ws-8.5.46.jar.asc(SHA1: 2593cdf949a2bd5c9f3d7b03272ccd3ce4db051a)/org/apache/tomcat/tomcat-i18n-fr/8.5.46/tomcat-i18n-fr-8.5.46.jar.asc(SHA1: 725181ff2528b9d528409379d4239381a828a9b6)/org/apache/tomcat/tomcat-i18n-fr/8.5.46/tomcat-i18n-fr-8.5.46.jar(SHA1: 22b1cadf7afb58da9f313decb3355a59da3fc0e9)/org/apache/tomcat/tomcat-i18n-fr/8.5.46/tomcat-i18n-fr-8.5.46.pom(SHA1: ac12d5c8a439b77c05f6c3b6eb7f2d4f04f45522)/org/apache/tomcat/tomcat-i18n-fr/8.5.46/tomcat-i18n-fr-8.5.46.pom.asc(SHA1: 9274b9f445a5b9ed0efe17beb9d8481a84845f2a)/org/apache/tomcat/tomcat-jdbc/8.5.46/tomcat-jdbc-8.5.46-sources.jar(SHA1: c7608d8fc870f46cbb1f4505ab3b0d5678298de1)/org/apache/tomcat/tomcat-jdbc/8.5.46/tomcat-jdbc-8.5.46-sources.jar.asc(SHA1: aaf89c8997a5f4961b13b347a7a8d8506da09c92)/org/apache/tomcat/tomcat-jdbc/8.5.46/tomcat-jdbc-8.5.46.jar(SHA1: 73dd6
[tomcat] branch 8.5.x updated: Add release date for 8.5.46
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new b7ae3eb Add release date for 8.5.46 b7ae3eb is described below commit b7ae3ebabb7cc3cccba061e8570f968b80378f78 Author: Mark Thomas AuthorDate: Thu Sep 19 20:59:31 2019 +0100 Add release date for 8.5.46 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 34cf200..1f9471f 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -74,7 +74,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r35936 - /dev/tomcat/tomcat-8/v8.5.46/ /release/tomcat/tomcat-8/v8.5.46/
Author: markt Date: Thu Sep 19 19:58:49 2019 New Revision: 35936 Log: Release Apache Tomcat 8.5.46 Added: release/tomcat/tomcat-8/v8.5.46/ - copied from r35935, dev/tomcat/tomcat-8/v8.5.46/ Removed: dev/tomcat/tomcat-8/v8.5.46/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE][RESULT] Release Apache Tomcat 8.5.46
The following votes were cast: Binding: +1: michaelo, remm, isapir, fschumacher, markt No other votes were cast. The vote therefore passes. Thanks to everyone who contributed towards this release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.46
On 16/09/2019 19:46, Mark Thomas wrote: > The proposed 8.5.46 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.46 Unit tests passed for NIO, NIO2 and APR with Tomcat Native 1.2.23 on Linux, Windows and MacOS. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Nexus: Promotion Completed
Message from: https://repository.apache.orgDeployer properties:"userAgent" = "maven-artifact/2.2.1 (Java 1.8.0_222; Windows 7 6.1)""userId" = "markt""ip" = "86.144.250.12"Details:The following artifacts have been promoted to the "Releases" [id=releases] repository/org/apache/tomcat/tomcat-i18n-de/9.0.26/tomcat-i18n-de-9.0.26.pom.asc(SHA1: 167a14f0b6746cfc38da590352a15b5003db7783)/org/apache/tomcat/tomcat-i18n-de/9.0.26/tomcat-i18n-de-9.0.26.pom(SHA1: b88cc9f87fcd71f2c97f39ad09aa56fb4b300c1f)/org/apache/tomcat/tomcat-i18n-de/9.0.26/tomcat-i18n-de-9.0.26.jar.asc(SHA1: 311a16b79563fe00a6d6422caa1bde27ce5e460c)/org/apache/tomcat/tomcat-i18n-de/9.0.26/tomcat-i18n-de-9.0.26.jar(SHA1: 440d05312853e7f607b335b93b53cb2d25a0a99f)/org/apache/tomcat/tomcat-jni/9.0.26/tomcat-jni-9.0.26.jar(SHA1: c5c6db37ad14ac8a6fe9b776ec96d2a13246b8eb)/org/apache/tomcat/tomcat-jni/9.0.26/tomcat-jni-9.0.26.jar.asc(SHA1: 81ec0dca72b2eeb4ccac4ff80ecee7fbd93d924b)/org/apache/tomcat/tomcat-jni/9.0.26/tomcat-jni-9.0.26-sources.jar(SHA1: 78fb8e6b7c71c90a6e5239459f01184c57b79f2c)/org/apache/tomcat/tomcat-jni/9.0.26/tomcat-jni-9.0.26.pom(SHA1: 8de698ba317262fb50d7abd62ed589759e5d86ab)/org/apache/tomcat/tomcat-jni/9.0.26/tomcat-jni-9.0.26.pom.asc(SHA1: 6587b57532d97089827da14f1bacf14909791aec)/org/apache/tomcat/tomcat-jni/9.0.26/tomcat-jni-9.0.26-sources.jar.asc(SHA1: 36c06ff9ba0fb8e804c51415be1725f9df66fa78)/org/apache/tomcat/tomcat-juli/9.0.26/tomcat-juli-9.0.26.jar(SHA1: 82b41dbb296f72dad5ec12e58d02b13ef9ee08ba)/org/apache/tomcat/tomcat-juli/9.0.26/tomcat-juli-9.0.26-sources.jar(SHA1: 0f0fbb8b8c7ee7e3e5e8dc9d59fc0a3404263efc)/org/apache/tomcat/tomcat-juli/9.0.26/tomcat-juli-9.0.26-sources.jar.asc(SHA1: ab45432f5f60f2f56786503f9a9f564d925977be)/org/apache/tomcat/tomcat-juli/9.0.26/tomcat-juli-9.0.26.pom.asc(SHA1: 475cd384f5f7397f0aacf370e47413217e64d3ea)/org/apache/tomcat/tomcat-juli/9.0.26/tomcat-juli-9.0.26.pom(SHA1: 1c7fddf8a251746748a2baaf3f12602b98be3fc3)/org/apache/tomcat/tomcat-juli/9.0.26/tomcat-juli-9.0.26.jar.asc(SHA1: 97c425397fe12f79fc27fb8bc99d296de685d710)/org/apache/tomcat/tomcat-util/9.0.26/tomcat-util-9.0.26.pom(SHA1: 6f7d1d3c390a4f62a4d809b74336ea1b223f2db1)/org/apache/tomcat/tomcat-util/9.0.26/tomcat-util-9.0.26-sources.jar.asc(SHA1: f49c62d2719da6f46eb72f2fb0f9baae32ee8c23)/org/apache/tomcat/tomcat-util/9.0.26/tomcat-util-9.0.26.jar(SHA1: 4c2e446b15d00c33cb98dd10f7ddeb069288d0d6)/org/apache/tomcat/tomcat-util/9.0.26/tomcat-util-9.0.26-sources.jar(SHA1: a66eb85a3b6dd6073cc46c97a2fe1b9824d63f28)/org/apache/tomcat/tomcat-util/9.0.26/tomcat-util-9.0.26.pom.asc(SHA1: ae3cae537fb8adb32f9fc841a5b92f7715d19b7f)/org/apache/tomcat/tomcat-util/9.0.26/tomcat-util-9.0.26.jar.asc(SHA1: e5e42761f0eb7fd097e98adda03736ed956a6570)/org/apache/tomcat/tomcat-catalina/9.0.26/tomcat-catalina-9.0.26.jar.asc(SHA1: 22ffe73e32185b6cff4d040244027cc8bff789cb)/org/apache/tomcat/tomcat-catalina/9.0.26/tomcat-catalina-9.0.26-sources.jar.asc(SHA1: 17b2a689833b24a09cf3d3e349a9b8d7aa5bb9e6)/org/apache/tomcat/tomcat-catalina/9.0.26/tomcat-catalina-9.0.26.pom(SHA1: e291461163470c8f4664e0bcbc293fc3a5754ab3)/org/apache/tomcat/tomcat-catalina/9.0.26/tomcat-catalina-9.0.26.pom.asc(SHA1: 6e66da0fcb0a5b735a0f180c6eeb6c0c9a7b8251)/org/apache/tomcat/tomcat-catalina/9.0.26/tomcat-catalina-9.0.26-sources.jar(SHA1: a1d2d2971e6c80790bbfbab9d48692440db0f098)/org/apache/tomcat/tomcat-catalina/9.0.26/tomcat-catalina-9.0.26.jar(SHA1: ec3bb83f316592b7c9edf6abcfc79d2425e40e52)/org/apache/tomcat/tomcat-i18n-fr/9.0.26/tomcat-i18n-fr-9.0.26.pom.asc(SHA1: 46a1d2af299a9c1ddb26fc54921e8625ed1c81fb)/org/apache/tomcat/tomcat-i18n-fr/9.0.26/tomcat-i18n-fr-9.0.26.jar(SHA1: f2777d1684d209f941675bf50ea492661325e0e6)/org/apache/tomcat/tomcat-i18n-fr/9.0.26/tomcat-i18n-fr-9.0.26.jar.asc(SHA1: 0b6c8be22423b760b1b956733ea7e7c5abf36594)/org/apache/tomcat/tomcat-i18n-fr/9.0.26/tomcat-i18n-fr-9.0.26.pom(SHA1: 82298582f03b35ee7e0c6a7dfdde72773b60118d)/org/apache/tomcat/tomcat-i18n-cs/9.0.26/tomcat-i18n-cs-9.0.26.pom(SHA1: cc89427aecdac8ef6f341151ee1aaf7c80da9e35)/org/apache/tomcat/tomcat-i18n-cs/9.0.26/tomcat-i18n-cs-9.0.26.pom.asc(SHA1: 1c48cc1f89e206a15d8a8f7944450a69f38a0bfb)/org/apache/tomcat/tomcat-i18n-cs/9.0.26/tomcat-i18n-cs-9.0.26.jar.asc(SHA1: b39d19567d036b026d84d3b6fae3a2134995486c)/org/apache/tomcat/tomcat-i18n-cs/9.0.26/tomcat-i18n-cs-9.0.26.jar(SHA1: 45f2537ea3d9f2ff14c36d91e0edf67c7a37626d)/org/apache/tomcat/tomcat-jdbc/9.0.26/tomcat-jdbc-9.0.26.pom(SHA1: a122487e1d3caaa174545655a004c471a1242c42)/org/apache/tomcat/tomcat-jdbc/9.0.26/tomcat-jdbc-9.0.26.jar(SHA1: bbdb8eb7c1fb3eca499cff36443e9c36b8842d5a)/org/apache/tomcat/tomcat-jdbc/9.0.26/tomcat-jdbc-9.0.26-sources.jar.asc(SHA1: ed5690d0ea4dfa83f02962efc772dad04b2a7ae6)/org/apache/tomcat/tomcat-jdbc/9.0.26/tomcat-jdbc-9.0.26-sources.jar(SHA1: bd7c683f81a7b736ea9c005ab67890584ddb525f)/org/apache/tomcat/tomcat-jdbc/9.0.26/tomcat-jdbc-9.0.26.jar.asc(SHA1: efa03048ee8841a4dfe5468ddefe8c3fe64b2578)/org/apache/tomcat/tomcat-jdbc/9.0.26/t
svn commit: r35935 - /dev/tomcat/tomcat-9/v9.0.26/ /release/tomcat/tomcat-9/v9.0.26/
Author: markt Date: Thu Sep 19 19:55:02 2019 New Revision: 35935 Log: Release Apache Tomcat 9.0.26 Added: release/tomcat/tomcat-9/v9.0.26/ - copied from r35934, dev/tomcat/tomcat-9/v9.0.26/ Removed: dev/tomcat/tomcat-9/v9.0.26/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Add release date for 9.0.26
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 6a17397 Add release date for 9.0.26 6a17397 is described below commit 6a173978c5865421192578da21ec8f418e5a3da4 Author: Mark Thomas AuthorDate: Thu Sep 19 20:53:01 2019 +0100 Add release date for 9.0.26 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 24bf3c6..99a7fb8 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -81,7 +81,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE][RESULT] Release Apache Tomcat 9.0.26
The following votes were cast: Binding: +1: ebourg, isapir, remm, fschumacher, markt No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.26
On 16/09/2019 17:15, Mark Thomas wrote: > The proposed 9.0.26 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 9.0.26 Unit tests pass on Linux, MacOS and Windows with Tomcat Native 1.2.23 for NIO, NIO2 and APR. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch master updated: Fix test failures caused by APR crash during shutdown
On 19/09/2019 19:57, ma...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
> new 9825246 Fix test failures caused by APR crash during shutdown
> 9825246 is described below
>
> commit 9825246d0ce833552a3745ac3b02a44551789caa
> Author: Mark Thomas
> AuthorDate: Thu Sep 19 19:56:23 2019 +0100
>
> Fix test failures caused by APR crash during shutdown
>
> When a request thread was still trying to read/write from/to the socket,
> the socket wrapper was not marked as closed so the thread tried to use
> an APR socket that the POller then closed. Trying to read/write from a
> closed APR socket will nearly always trigger a crash.
Hmm. Maybe not as successful as I had hoped. The chances of a crash
appear to have reduced but crashes do still occur. It looks like one
root cause has been fixed but that there is still at least one more root
cause to track down. I'll take another look.
Mark
> ---
> java/org/apache/tomcat/util/net/AprEndpoint.java | 5 -
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
> b/java/org/apache/tomcat/util/net/AprEndpoint.java
> index 46c7047..6dde69c 100644
> --- a/java/org/apache/tomcat/util/net/AprEndpoint.java
> +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
> @@ -1126,8 +1126,11 @@ public class AprEndpoint extends
> AbstractEndpoint implements SNICallB
> // Close all sockets in the add queue
> info = addList.get();
> while (info != null) {
> -// Make sure the socket isn't in the poller before we close
> it
> +// Make sure the socket isn't in the poller before we close
> it
> removeFromPoller(info.socket);
> +// Close the SocketWrapper to prevent any still running
> application
> +// threads from trying to use the socket
> +connections.get(Long.valueOf(info.socket)).close();
> // Poller isn't running at this point so use destroySocket()
> // directly
> destroySocket(info.socket);
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix test failures caused by APR crash during shutdown
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 07f3c37 Fix test failures caused by APR crash during shutdown
07f3c37 is described below
commit 07f3c37377459615a53293ca52be43de7a44970d
Author: Mark Thomas
AuthorDate: Thu Sep 19 19:56:23 2019 +0100
Fix test failures caused by APR crash during shutdown
When a request thread was still trying to read/write from/to the socket,
the socket wrapper was not marked as closed so the thread tried to use
an APR socket that the POller then closed. Trying to read/write from a
closed APR socket will nearly always trigger a crash.
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 4c1ca49..3d1d891 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -1248,8 +1248,11 @@ public class AprEndpoint extends AbstractEndpoint
implements SNICallBack {
// Close all sockets in the add queue
info = addList.get();
while (info != null) {
-// Make sure the socket isn't in the poller before we close it
+// Make sure the socket isn't in the poller before we close it
removeFromPoller(info.socket);
+// Close the SocketWrapper to prevent any still running
application
+// threads from trying to use the socket
+connections.get(Long.valueOf(info.socket)).close();
// Poller isn't running at this point so use destroySocket()
// directly
destroySocket(info.socket);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix test failures caused by APR crash during shutdown
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 9825246 Fix test failures caused by APR crash during shutdown
9825246 is described below
commit 9825246d0ce833552a3745ac3b02a44551789caa
Author: Mark Thomas
AuthorDate: Thu Sep 19 19:56:23 2019 +0100
Fix test failures caused by APR crash during shutdown
When a request thread was still trying to read/write from/to the socket,
the socket wrapper was not marked as closed so the thread tried to use
an APR socket that the POller then closed. Trying to read/write from a
closed APR socket will nearly always trigger a crash.
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 46c7047..6dde69c 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -1126,8 +1126,11 @@ public class AprEndpoint extends
AbstractEndpoint implements SNICallB
// Close all sockets in the add queue
info = addList.get();
while (info != null) {
-// Make sure the socket isn't in the poller before we close it
+// Make sure the socket isn't in the poller before we close it
removeFromPoller(info.socket);
+// Close the SocketWrapper to prevent any still running
application
+// threads from trying to use the socket
+connections.get(Long.valueOf(info.socket)).close();
// Poller isn't running at this point so use destroySocket()
// directly
destroySocket(info.socket);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/4619 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 6bddb9012d61e243e0136ee9187c71236c382e0a Blamelist: Mark Thomas BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63753] unnecessary websocket request host header port number checking
https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Mark Thomas --- The original purpose of the code was to include the port in the HTTP host header if a non-standard port was used. That requirement still exists but the refactoring to support proxing broke the previous implementation. I have now fixed this. Thanks for reporting this issue. Fixed in: - master for 9.0.27 onwards - 8.5.x for 8.5.47 onwards - 7.0.x for 7.0.97 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS host header
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 1422945 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS
host header
1422945 is described below
commit 1422945fd45a5f88d5d21ddd1b121f9cf0d8602f
Author: Mark Thomas
AuthorDate: Thu Sep 19 14:46:09 2019 +0100
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS host header
Ensure that the Host header in a Web Socket HTTP upgrade request only
contains a port if a non-default port is being used.
---
java/org/apache/tomcat/websocket/WsWebSocketContainer.java | 7 ---
webapps/docs/changelog.xml | 9 +
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
b/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
index e779d12..d23ba3c 100644
--- a/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
+++ b/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
@@ -307,7 +307,7 @@ public class WsWebSocketContainer
}
// Create the initial HTTP request to open the WebSocket connection
-Map> reqHeaders = createRequestHeaders(host, port,
+Map> reqHeaders = createRequestHeaders(host,
port, secure,
clientEndpointConfiguration);
clientEndpointConfiguration.getConfigurator().beforeRequest(reqHeaders);
if (Constants.DEFAULT_ORIGIN_HEADER_VALUE != null
@@ -689,7 +689,7 @@ public class WsWebSocketContainer
}
private static Map> createRequestHeaders(String host,
int port,
-ClientEndpointConfig clientEndpointConfiguration) {
+boolean secure, ClientEndpointConfig clientEndpointConfiguration) {
Map> headers = new HashMap>();
List extensions =
clientEndpointConfiguration.getExtensions();
@@ -704,7 +704,8 @@ public class WsWebSocketContainer
// Host header
List hostValues = new ArrayList(1);
-if (port == -1) {
+if (port == 80 && !secure || port == 443 && secure) {
+// Default ports. Do not include port in host header
hostValues.add(host);
} else {
hostValues.add(host + ':' + port);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 30d1aaa..ba887d9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -133,6 +133,15 @@
+
+
+
+63753: Ensure that the Host header in a Web
+Socket HTTP upgrade request only contains a port if a non-default port
+is being used. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS host header
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 831c6e1 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS
host header
831c6e1 is described below
commit 831c6e16d4378e5523bbd238087cd5eb089b23bf
Author: Mark Thomas
AuthorDate: Thu Sep 19 14:46:09 2019 +0100
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS host header
Ensure that the Host header in a Web Socket HTTP upgrade request only
contains a port if a non-default port is being used.
---
java/org/apache/tomcat/websocket/WsWebSocketContainer.java | 7 ---
webapps/docs/changelog.xml | 9 +
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
b/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
index f19c1b2..9275e15 100644
--- a/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
+++ b/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
@@ -265,7 +265,7 @@ public class WsWebSocketContainer implements
WebSocketContainer, BackgroundProce
}
// Create the initial HTTP request to open the WebSocket connection
-Map> reqHeaders = createRequestHeaders(host, port,
+Map> reqHeaders = createRequestHeaders(host,
port, secure,
clientEndpointConfiguration);
clientEndpointConfiguration.getConfigurator().beforeRequest(reqHeaders);
if (Constants.DEFAULT_ORIGIN_HEADER_VALUE != null
@@ -631,7 +631,7 @@ public class WsWebSocketContainer implements
WebSocketContainer, BackgroundProce
}
private static Map> createRequestHeaders(String host,
int port,
-ClientEndpointConfig clientEndpointConfiguration) {
+boolean secure, ClientEndpointConfig clientEndpointConfiguration) {
Map> headers = new HashMap<>();
List extensions =
clientEndpointConfiguration.getExtensions();
@@ -646,7 +646,8 @@ public class WsWebSocketContainer implements
WebSocketContainer, BackgroundProce
// Host header
List hostValues = new ArrayList<>(1);
-if (port == -1) {
+if (port == 80 && !secure || port == 443 && secure) {
+// Default ports. Do not include port in host header
hostValues.add(host);
} else {
hostValues.add(host + ':' + port);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0b02f95..34cf200 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -54,6 +54,15 @@
+
+
+
+63753: Ensure that the Host header in a Web
+Socket HTTP upgrade request only contains a port if a non-default port
+is being used. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS host header
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 6bddb90 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS
host header
6bddb90 is described below
commit 6bddb9012d61e243e0136ee9187c71236c382e0a
Author: Mark Thomas
AuthorDate: Thu Sep 19 14:46:09 2019 +0100
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS host header
Ensure that the Host header in a Web Socket HTTP upgrade request only
contains a port if a non-default port is being used.
---
java/org/apache/tomcat/websocket/WsWebSocketContainer.java | 7 ---
webapps/docs/changelog.xml | 9 +
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
b/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
index 1754538..4ea31fc 100644
--- a/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
+++ b/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
@@ -265,7 +265,7 @@ public class WsWebSocketContainer implements
WebSocketContainer, BackgroundProce
}
// Create the initial HTTP request to open the WebSocket connection
-Map> reqHeaders = createRequestHeaders(host, port,
+Map> reqHeaders = createRequestHeaders(host,
port, secure,
clientEndpointConfiguration);
clientEndpointConfiguration.getConfigurator().beforeRequest(reqHeaders);
if (Constants.DEFAULT_ORIGIN_HEADER_VALUE != null
@@ -631,7 +631,7 @@ public class WsWebSocketContainer implements
WebSocketContainer, BackgroundProce
}
private static Map> createRequestHeaders(String host,
int port,
-ClientEndpointConfig clientEndpointConfiguration) {
+boolean secure, ClientEndpointConfig clientEndpointConfiguration) {
Map> headers = new HashMap<>();
List extensions =
clientEndpointConfiguration.getExtensions();
@@ -646,7 +646,8 @@ public class WsWebSocketContainer implements
WebSocketContainer, BackgroundProce
// Host header
List hostValues = new ArrayList<>(1);
-if (port == -1) {
+if (port == 80 && !secure || port == 443 && secure) {
+// Default ports. Do not include port in host header
hostValues.add(host);
} else {
hostValues.add(host + ':' + port);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 58a0809..24bf3c6 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -54,6 +54,15 @@
+
+
+
+63753: Ensure that the Host header in a Web
+Socket HTTP upgrade request only contains a port if a non-default port
+is being used. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-85-trunk
The Buildbot has detected a restored build on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/1944 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] 5c1699aa22dff14865c42780ef79acece430d0c2 Blamelist: Rainer Jung Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/4618 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] f154fbe32d0b52effc3f9591b8cae65ca6724bef Blamelist: Rainer Jung Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Deprecate org.apache.tomcat.util.compat.TLS and move its functionality to its only using lass org.apache.tomcat.util.net.TesterSupport.
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new b25bdad Deprecate org.apache.tomcat.util.compat.TLS and move its
functionality to its only using lass org.apache.tomcat.util.net.TesterSupport.
b25bdad is described below
commit b25bdade57d442dd145951cbf2c62ce460694737
Author: Rainer Jung
AuthorDate: Thu Sep 19 13:43:04 2019 +0200
Deprecate org.apache.tomcat.util.compat.TLS
and move its functionality to its only using
lass org.apache.tomcat.util.net.TesterSupport.
---
java/org/apache/tomcat/util/compat/TLS.java| 3 +++
test/org/apache/tomcat/util/net/TesterSupport.java | 16 ++--
webapps/docs/changelog.xml | 6 ++
3 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/compat/TLS.java
b/java/org/apache/tomcat/util/compat/TLS.java
index e750f12..6eefdb0 100644
--- a/java/org/apache/tomcat/util/compat/TLS.java
+++ b/java/org/apache/tomcat/util/compat/TLS.java
@@ -22,7 +22,10 @@ import javax.net.ssl.SSLContext;
/**
* This class checks for the availability of TLS features.
+ *
+ * @deprecated Unused. This will be removed in Tomcat 10.
*/
+@Deprecated
public class TLS {
private static final boolean tlsv13Available;
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java
b/test/org/apache/tomcat/util/net/TesterSupport.java
index bf271a5..b402f24 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -57,7 +57,6 @@ import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.startup.TestTomcat.MapRealm;
import org.apache.catalina.startup.Tomcat;
import org.apache.tomcat.jni.SSL;
-import org.apache.tomcat.util.compat.TLS;
public final class TesterSupport {
@@ -73,6 +72,7 @@ public final class TesterSupport {
public static final String CA_CERT_PEM = RESOURCE_PATH + CA_ALIAS +
"-cert.pem";
public static final String LOCALHOST_CERT_PEM = RESOURCE_PATH +
"localhost-cert.pem";
public static final String LOCALHOST_KEY_PEM = RESOURCE_PATH +
"localhost-key.pem";
+public static final boolean TLSV13_AVAILABLE;
public static final String ROLE = "testrole";
@@ -98,6 +98,18 @@ public final class TesterSupport {
// Assume no RFC 5746 support
}
RFC_5746_SUPPORTED = result;
+
+result = false;
+try {
+SSLContext.getInstance(Constants.SSL_PROTO_TLSv1_3);
+result = true;
+} catch (NoSuchAlgorithmException ex) {
+}
+TLSV13_AVAILABLE = result;
+}
+
+public static boolean isTlsv13Available() {
+return TLSV13_AVAILABLE;
}
public static void initSsl(Tomcat tomcat) {
@@ -410,7 +422,7 @@ public final class TesterSupport {
*/
public static String getDefaultTLSProtocolForTesting(Connector connector) {
// Clients always use JSSE
-if (!TLS.isTlsv13Available()) {
+if (!TLSV13_AVAILABLE) {
// Client doesn't support TLS 1.3 so we have to use TLS 1.2
return Constants.SSL_PROTO_TLSv1_2;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 710063c..30d1aaa 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -247,6 +247,12 @@
Remove unused i18n messages and associated translations. Patch provided
by KangZhiDong. (markt)
+
+Deprecate org.apache.tomcat.util.compat.TLS.
+Its functionality was only used for unit tests in
+org.apache.tomcat.util.net.TesterSupport
+and has been moved there. (rjung)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Deprecate org.apache.tomcat.util.compat.TLS and move its functionality to its only using lass org.apache.tomcat.util.net.TesterSupport.
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 5c1699a Deprecate org.apache.tomcat.util.compat.TLS and move its
functionality to its only using lass org.apache.tomcat.util.net.TesterSupport.
5c1699a is described below
commit 5c1699aa22dff14865c42780ef79acece430d0c2
Author: Rainer Jung
AuthorDate: Thu Sep 19 13:34:09 2019 +0200
Deprecate org.apache.tomcat.util.compat.TLS
and move its functionality to its only using
lass org.apache.tomcat.util.net.TesterSupport.
---
java/org/apache/tomcat/util/compat/TLS.java| 3 +++
test/org/apache/tomcat/util/net/TesterSupport.java | 17 +++--
webapps/docs/changelog.xml | 10 ++
3 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/compat/TLS.java
b/java/org/apache/tomcat/util/compat/TLS.java
index f9ce018..53c1c44 100644
--- a/java/org/apache/tomcat/util/compat/TLS.java
+++ b/java/org/apache/tomcat/util/compat/TLS.java
@@ -24,7 +24,10 @@ import org.apache.tomcat.util.net.Constants;
/**
* This class checks for the availability of TLS features.
+ *
+ * @deprecated Unused. This will be removed in Tomcat 10.
*/
+@Deprecated
public class TLS {
private static final boolean tlsv13Available;
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java
b/test/org/apache/tomcat/util/net/TesterSupport.java
index 29736aa..c27d4bd 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -24,6 +24,7 @@ import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
@@ -58,7 +59,6 @@ import org.apache.tomcat.jni.Library;
import org.apache.tomcat.jni.LibraryNotFoundError;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.util.compat.JreCompat;
-import org.apache.tomcat.util.compat.TLS;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
@@ -82,6 +82,7 @@ public final class TesterSupport {
public static final String LOCALHOST_RSA_KEY_PEM = SSL_DIR +
"localhost-rsa-key.pem";
public static final boolean OPENSSL_AVAILABLE;
public static final int OPENSSL_VERSION;
+public static final boolean TLSV13_AVAILABLE;
public static final String ROLE = "testrole";
@@ -102,6 +103,14 @@ public final class TesterSupport {
}
OPENSSL_AVAILABLE = available;
OPENSSL_VERSION = version;
+
+available = false;
+try {
+SSLContext.getInstance(Constants.SSL_PROTO_TLSv1_3);
+available = true;
+} catch (NoSuchAlgorithmException ex) {
+}
+TLSV13_AVAILABLE = available;
}
public static boolean isOpensslAvailable() {
@@ -112,6 +121,10 @@ public final class TesterSupport {
return OPENSSL_VERSION;
}
+public static boolean isTlsv13Available() {
+return TLSV13_AVAILABLE;
+}
+
public static void initSsl(Tomcat tomcat) {
initSsl(tomcat, LOCALHOST_RSA_JKS, null, null);
}
@@ -663,7 +676,7 @@ public final class TesterSupport {
*/
public static String getDefaultTLSProtocolForTesting(Connector connector) {
// Clients always use JSSE
-if (!TLS.isTlsv13Available()) {
+if (!TLSV13_AVAILABLE) {
// Client doesn't support TLS 1.3 so we have to use TLS 1.2
return Constants.SSL_PROTO_TLSv1_2;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0f86aa6..0b02f95 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -54,6 +54,16 @@
+
+
+
+Deprecate org.apache.tomcat.util.compat.TLS.
+Its functionality was only used for unit tests in
+org.apache.tomcat.util.net.TesterSupport
+and has been moved there. (rjung)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Deprecate org.apache.tomcat.util.compat.TLS and move its functionality to its only using class org.apache.tomcat.util.net.TesterSupport.
This is an automated email from the ASF dual-hosted git repository.
rjung pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new f154fbe Deprecate org.apache.tomcat.util.compat.TLS and move its
functionality to its only using class org.apache.tomcat.util.net.TesterSupport.
f154fbe is described below
commit f154fbe32d0b52effc3f9591b8cae65ca6724bef
Author: Rainer Jung
AuthorDate: Thu Sep 19 13:25:02 2019 +0200
Deprecate org.apache.tomcat.util.compat.TLS
and move its functionality to its only using class
org.apache.tomcat.util.net.TesterSupport.
---
java/org/apache/tomcat/util/compat/TLS.java| 3 +++
test/org/apache/tomcat/util/net/TesterSupport.java | 17 +++--
webapps/docs/changelog.xml | 10 ++
3 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/compat/TLS.java
b/java/org/apache/tomcat/util/compat/TLS.java
index f9ce018..53c1c44 100644
--- a/java/org/apache/tomcat/util/compat/TLS.java
+++ b/java/org/apache/tomcat/util/compat/TLS.java
@@ -24,7 +24,10 @@ import org.apache.tomcat.util.net.Constants;
/**
* This class checks for the availability of TLS features.
+ *
+ * @deprecated Unused. This will be removed in Tomcat 10.
*/
+@Deprecated
public class TLS {
private static final boolean tlsv13Available;
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java
b/test/org/apache/tomcat/util/net/TesterSupport.java
index f8f7ddc..a795ffd 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -24,6 +24,7 @@ import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
@@ -57,7 +58,6 @@ import org.apache.tomcat.jni.Library;
import org.apache.tomcat.jni.LibraryNotFoundError;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.util.compat.JrePlatform;
-import org.apache.tomcat.util.compat.TLS;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
@@ -82,6 +82,7 @@ public final class TesterSupport {
public static final boolean OPENSSL_AVAILABLE;
public static final int OPENSSL_VERSION;
public static final String OPENSSL_ERROR;
+public static final boolean TLSV13_AVAILABLE;
public static final String ROLE = "testrole";
@@ -104,6 +105,14 @@ public final class TesterSupport {
OPENSSL_AVAILABLE = available;
OPENSSL_VERSION = version;
OPENSSL_ERROR = err;
+
+available = false;
+try {
+SSLContext.getInstance(Constants.SSL_PROTO_TLSv1_3);
+available = true;
+} catch (NoSuchAlgorithmException ex) {
+}
+TLSV13_AVAILABLE = available;
}
public static boolean isOpensslAvailable() {
@@ -114,6 +123,10 @@ public final class TesterSupport {
return OPENSSL_VERSION;
}
+public static boolean isTlsv13Available() {
+return TLSV13_AVAILABLE;
+}
+
public static void initSsl(Tomcat tomcat) {
initSsl(tomcat, LOCALHOST_RSA_JKS, null, null);
}
@@ -655,7 +668,7 @@ public final class TesterSupport {
*/
public static String getDefaultTLSProtocolForTesting(Connector connector) {
// Clients always use JSSE
-if (!TLS.isTlsv13Available()) {
+if (!TLSV13_AVAILABLE) {
// Client doesn't support TLS 1.3 so we have to use TLS 1.2
return Constants.SSL_PROTO_TLSv1_2;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 652eba3..58a0809 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -61,6 +61,16 @@
+
+
+
+Deprecate org.apache.tomcat.util.compat.TLS.
+Its functionality was only used for unit tests in
+org.apache.tomcat.util.net.TesterSupport
+and has been moved there. (rjung)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Better support for OpenJSSE?
On Thu, Sep 19, 2019 at 12:01 PM Mark Thomas wrote: > On 19/09/2019 09:27, Rainer Jung wrote: > > > > > I made a patch to detect ALPN support at runtime using reflection. > > Please have a look. Feedback welcome, whether we want to include that or > > whether we want to stick with the simpler approach we currently use. > > Past experience suggests a lot of users will be on Java 8 for quite some > time. I think it makes sense to support this. > > > Of > > course the windows for Java 8 plus OpenJSSE is getting smaller over > > time, and users could also use tcnative to get TLS 1.3 and HTTP/2. On > > the other hand integration of OpenJSSE is pretty simple and some users > > don't like native code in their JVM (and its maintenance). IMHO support > > for OpenJSSE (including HTTP/2) would be a nice addition. > > > > My TC 9 patch is available under: > > > > http://home.apache.org/~rjung/patches/tc9-openjsse.patch > > > > It moves the ALPN detection from classes Jre(9)Compat to class TLS in > > the same package and uses the same approach that we use for other > > runtime detection. It needs to make one method accessible, because under > > Java 9+ the implementation class SSLEngineImpl is no longer a public > > class. Since it is accessed normally via SSLEngine, direct method calls > > still work, but reflective calls no longer. > > Currently TLS.java is only used by the unit tests. > > We only need to use reflection on Java 8 since we know ALPN is available > on Java 9 onwards. > > The module system adds additional restrictions to calling > setAccessible() that might cause problems in the future. > I was a bit worried about that too. > > I wonder if a cleaner solution might be: > > - Move isTlsv13Available to TesterSupport and deprecate TLS.java > > - Add isAlpnAvailable() to JreCompat where: > - Java 7 (for 8.5.x) hard codes to false > - Java 8 uses reflection > - Java 9 hard codes to true > +1 Personally I wouldn't use OpenJSSE over tomcat-native (performance ? long term support ?), but since it's only about making the Tomcat code a bit more flexible that works for me. Rémy
Re: Better support for OpenJSSE?
Am 19.09.2019 um 12:01 schrieb Mark Thomas: On 19/09/2019 09:27, Rainer Jung wrote: I made a patch to detect ALPN support at runtime using reflection. Please have a look. Feedback welcome, whether we want to include that or whether we want to stick with the simpler approach we currently use. Past experience suggests a lot of users will be on Java 8 for quite some time. I think it makes sense to support this. Of course the windows for Java 8 plus OpenJSSE is getting smaller over time, and users could also use tcnative to get TLS 1.3 and HTTP/2. On the other hand integration of OpenJSSE is pretty simple and some users don't like native code in their JVM (and its maintenance). IMHO support for OpenJSSE (including HTTP/2) would be a nice addition. My TC 9 patch is available under: http://home.apache.org/~rjung/patches/tc9-openjsse.patch It moves the ALPN detection from classes Jre(9)Compat to class TLS in the same package and uses the same approach that we use for other runtime detection. It needs to make one method accessible, because under Java 9+ the implementation class SSLEngineImpl is no longer a public class. Since it is accessed normally via SSLEngine, direct method calls still work, but reflective calls no longer. Currently TLS.java is only used by the unit tests. We only need to use reflection on Java 8 since we know ALPN is available on Java 9 onwards. The module system adds additional restrictions to calling setAccessible() that might cause problems in the future. I wonder if a cleaner solution might be: - Move isTlsv13Available to TesterSupport and deprecate TLS.java - Add isAlpnAvailable() to JreCompat where: - Java 7 (for 8.5.x) hard codes to false - Java 8 uses reflection - Java 9 hard codes to true As long as we only talk about OpenJSSE I like the above. We can vary it, once more solutions come into play that might change behavior for Java below or above 8. But probably that will never happen. I can provide an updated version of the patch for review later today. Thanks for your feedback. Any other opinion? Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Better support for OpenJSSE?
On 19/09/2019 09:27, Rainer Jung wrote: > I made a patch to detect ALPN support at runtime using reflection. > Please have a look. Feedback welcome, whether we want to include that or > whether we want to stick with the simpler approach we currently use. Past experience suggests a lot of users will be on Java 8 for quite some time. I think it makes sense to support this. > Of > course the windows for Java 8 plus OpenJSSE is getting smaller over > time, and users could also use tcnative to get TLS 1.3 and HTTP/2. On > the other hand integration of OpenJSSE is pretty simple and some users > don't like native code in their JVM (and its maintenance). IMHO support > for OpenJSSE (including HTTP/2) would be a nice addition. > > My TC 9 patch is available under: > > http://home.apache.org/~rjung/patches/tc9-openjsse.patch > > It moves the ALPN detection from classes Jre(9)Compat to class TLS in > the same package and uses the same approach that we use for other > runtime detection. It needs to make one method accessible, because under > Java 9+ the implementation class SSLEngineImpl is no longer a public > class. Since it is accessed normally via SSLEngine, direct method calls > still work, but reflective calls no longer. Currently TLS.java is only used by the unit tests. We only need to use reflection on Java 8 since we know ALPN is available on Java 9 onwards. The module system adds additional restrictions to calling setAccessible() that might cause problems in the future. I wonder if a cleaner solution might be: - Move isTlsv13Available to TesterSupport and deprecate TLS.java - Add isAlpnAvailable() to JreCompat where: - Java 7 (for 8.5.x) hard codes to false - Java 8 uses reflection - Java 9 hard codes to true Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Better support for OpenJSSE?
The people from Azul have backported JSSE from Java 11 to Java 8 as an
additional provider. It is called OpenJSSE and available under
https://github.com/openjsse/openjsse
They moved packages underneath org.openjsse. OpenJSSE provides eg. TLS
1.3 and ALPN. So using OpenJSSE allows to use TLS 1.3 and HTTP/2 in TC 8
even when running under Java 8.
For those who want to experiment:
- the source code of OpenJSSE is relatively small and builds quickly
with maven.
- you can activate it in Tomcat using eg.
# Adjust the path to your OpenJSSE jar
CLASSPATH=${CATALINA_BASE}/ext/openjsse-1.1.0.jar
# See below for the contents of this file
CATALINA_OPTS=-Djava.security.properties=${CATALINA_BASE}/conf/java.security
and the new java.security file should contain one line like:
security.provider.4=org.openjsse.net.ssl.OpenJSSE
The number 4 has to be replaced by whatever number is used in your
original JVM java.security file for the provider
com.sun.net.ssl.internal.ssl.Provider. On Linux it is most often number
4, on Solaris number 6. Java 9+ uses the name SunJSSE instead of
com.sun.net.ssl.internal.ssl.Provider in the file java.security.
After that TLS 1.3 should be available. So no need for any changes in TC
to support that. But:
For HTTP/2 there is another change possible. We currently detect ALPN
availability by looking at the JVM version. If it is >= 9, we assume
ALPN, if it is smaller, we do not test for ALPN.
I made a patch to detect ALPN support at runtime using reflection.
Please have a look. Feedback welcome, whether we want to include that or
whether we want to stick with the simpler approach we currently use. Of
course the windows for Java 8 plus OpenJSSE is getting smaller over
time, and users could also use tcnative to get TLS 1.3 and HTTP/2. On
the other hand integration of OpenJSSE is pretty simple and some users
don't like native code in their JVM (and its maintenance). IMHO support
for OpenJSSE (including HTTP/2) would be a nice addition.
My TC 9 patch is available under:
http://home.apache.org/~rjung/patches/tc9-openjsse.patch
It moves the ALPN detection from classes Jre(9)Compat to class TLS in
the same package and uses the same approach that we use for other
runtime detection. It needs to make one method accessible, because under
Java 9+ the implementation class SSLEngineImpl is no longer a public
class. Since it is accessed normally via SSLEngine, direct method calls
still work, but reflective calls no longer.
Regards,
Rainer
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Bug 61441] daemon.sh's auto-detection fails on linux system's where java is installed via an RPM
On 19/09/2019 08:07, Felix Schumacher wrote: > That is obviously spam. When discussing spam please don't quote the material - particularly any links - as getting the links published as many times as possible is the aim of the spam. > My question here is, what is the official way to > get rid of such entries? Officially, the process is email bugzilla-admin@a.o and ask them to: - disable the account - delete the spam comment Since that email lands in my inbox I tend to skip the sending the email bit ;) If you want to help out - help is always appreciated - I can give you the BZ karma necessary to disable accounts. You usually need to do a little poking around to see if they have created any other comments as they tend to spread them over several projects. Deleting the comments requires executing SQL directly on the database. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Bug 61441] daemon.sh's auto-detection fails on linux system's where java is installed via an RPM
That is obviously spam. My question here is, what is the official way to get rid of such entries? Felix Am 19. September 2019 07:27:43 MESZ schrieb bugzi...@apache.org: >https://bz.apache.org/bugzilla/show_bug.cgi?id=61441 > >--- Comment #6 from Hugo Carnegie <0p1lp...@besttempmail.com> --- >Bug is the error that is produced due to some functional disorder in >the system >and the file due to hazards and other situations. The status of the bug >that is >mentioned has >https://www.techentice.com/top-10-practical-blogging-trends-you-need-to-follow-in-2019/ >for practicing the following steps like the products, version, and >components, >etc. > >-- >You are receiving this mail because: >You are the assignee for the bug. >- >To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >For additional commands, e-mail: dev-h...@tomcat.apache.org
