Re: Time for Tomcat Native 1.2.25
Am 2020-08-20 um 18:30 schrieb Mark Thomas: Hi, It has been a while since 1.2.24 and there are a few fixes in the changelog (mainly for LibreSSL and better support for a range of platforms). With this in mind, I'm currently intending to tag 1.2.25 in ~24 hours Please go ahead. I have started at some point in the parst to go through ifdefs and identify all LibreSSL versions which implement the OpenSSL counterparts. I hope I can pick that up next months. Michael - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Time for Tomcat Native 1.2.25
Hi, It has been a while since 1.2.24 and there are a few fixes in the changelog (mainly for LibreSSL and better support for a range of platforms). With this in mind, I'm currently intending to tag 1.2.25 in ~24 hours Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62911] Add support for proxying ocsp requests via ProxyHost and ProxyPort in TomcAt
https://bz.apache.org/bugzilla/show_bug.cgi?id=62911 --- Comment #4 from Mark Thomas --- I'll note at this point that the Connector attributes proxyHost and proxyPort are NOT intended to provide proxy info for outgoing connections. Those using a Java connector and a JRE that supports OCSP can configure the OCSP requests to go via a proxy by using the standard Java system properties: https://docs.oracle.com/javase/8/docs/api/java/net/doc-files/net-properties.html#Proxies Those using APR/native will need to wait for this enhancement (and bug 56148) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 53940] Added support for new CRL loading after expiration
https://bz.apache.org/bugzilla/show_bug.cgi?id=53940 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #1 from Mark Thomas --- This is no longer necessary. Tomcat now supports a general re-reading of all TLS config files. See bug 61565. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62626] Tomcat 9.0.10 APR/Native crashes
https://bz.apache.org/bugzilla/show_bug.cgi?id=62626 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEEDINFO|RESOLVED --- Comment #32 from Mark Thomas --- No response for several months so I am going to assume the issue is resolved. Most of the errors in the attached logs relate to HTTP/2 but not all. I can't tell if what is shown is a single error that affects HTTP/2 and HTTP/1.1 are two separate issues. I did note an HTTP/2 issue was fixed in 8.5.42 related to multiple threads accessing a single stream - similar scenarios have triggered APR/native crashes in the past. Looking at the changelog, the refactoring to use a single pollset in 8.5.50 looks like a possible change that coudl have fixed these issues. If you still see this issue or something similar please: - update to the latest 8.5.x or 9.0.x release - update to the latest Tomcat Native release - retest - if you still see the issue, feel free to re-open this bug What we really need are the steps to reproduce it. Anything that narrows down the trigger is helpful but a set of steps to reproduce is ideal. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63199] sslsocket handshake JVM crash
https://bz.apache.org/bugzilla/show_bug.cgi?id=63199 Mark Thomas changed: What|Removed |Added Status|NEEDINFO|RESOLVED Resolution|--- |FIXED --- Comment #3 from Mark Thomas --- No response for over a year. I am going to assume that changes in 9.0.21 addressed this. If you still see this issue or something similar please: - update to the latest 9.0.x release - update to the latest Tomcat Native release - retest - if you still see the issue, feel free to re-open this bug What we really need are the steps to reproduce it. Anything that narrows down the trigger is helpful but a set of steps to reproduce is ideal. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63405] Tomcat 7.0.91.0 EXCEPTION_ACCESS_VIOLATION - Problematic frame tcnative-1.dll+0x802e
https://bz.apache.org/bugzilla/show_bug.cgi?id=63405 Mark Thomas changed: What|Removed |Added Status|NEEDINFO|RESOLVED Resolution|--- |FIXED --- Comment #4 from Mark Thomas --- The crash log indicates that the crash occurred in the Poller. I've reviewed the changes since Tomcat 7.0.91 and Tomcat Native 1.2.17 and I don't see any references in the change log for fixing issues that could trigger a crash like this. There is a significant change in 7.0.99 onwards where the code was refactored to use a single pollset rather than multiple. I have also compared the 7.0.x code to 8.5.x and while a direct comparison is not possible due to 7.0.x having to support Comet, I don't see any obvious differences that could trigger a crash. I did make a few cosmetic changes to bring 7.0.x into line with 8.5.x and I also fixed one threading issue although the 8.5.x changelog indicated that that was related to timeouts. At this point I suspect a bug in the code that handled multiple pollsets. I am therefore going to resolve this as fixed. If you still see this issue, or one like it please: - update to the latest available major Tomact version (7.0.x, 8.5.x, 9.0.x ot 10.0.x) and latest available Tomcat native version - retest Anything you can do to narrow down how to trigger the issue is helpful and steps that reproduce are ideal. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Back-port thread-safety fix from 8, 5.x
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new a97f6b2 Back-port thread-safety fix from 8,5.x a97f6b2 is described below commit a97f6b281857b4572d73e7e5b681a8b75897a7b2 Author: Mark Thomas AuthorDate: Thu Aug 20 16:04:12 2020 +0100 Back-port thread-safety fix from 8,5.x --- java/org/apache/tomcat/util/net/AprEndpoint.java | 2 +- webapps/docs/changelog.xml | 4 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index 432d89a..c94fd7c 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -1328,7 +1328,7 @@ public class AprEndpoint extends AbstractEndpoint { // -- SocketList Inner Class public static class SocketList { -protected int size; +protected volatile int size; protected int pos; protected long[] sockets; diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 2d40bae..ba9834a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -89,6 +89,10 @@ ServletInputStream.available() to provide a more accurate return value, particularly when end of stream has been reached. (markt) + +Fix a rare potential race condition when chekcing for timeouts with the +APR connector. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Cosmetic changes only to align with 8.5.x to ease maintenance
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new f421dab Cosmetic changes only to align with 8.5.x to ease maintenance f421dab is described below commit f421dab423d86a0336fdc83b784cb485fd19f6cb Author: Mark Thomas AuthorDate: Thu Aug 20 15:45:47 2020 +0100 Cosmetic changes only to align with 8.5.x to ease maintenance --- java/org/apache/tomcat/util/net/AprEndpoint.java | 53 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index a27ee22..432d89a 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -1698,15 +1698,15 @@ public class AprEndpoint extends AbstractEndpoint { */ @Override public String toString() { -StringBuffer buf = new StringBuffer(); +StringBuilder buf = new StringBuilder(); buf.append("Poller"); long[] res = new long[pollerSize * 2]; int count = Poll.pollset(aprPoller, res); buf.append(" [ "); for (int j = 0; j < count; j++) { -buf.append(desc[2*j+1]).append(" "); +buf.append(desc[2*j+1]).append(' '); } -buf.append("]"); +buf.append(']'); return buf.toString(); } @@ -1810,33 +1810,32 @@ public class AprEndpoint extends AbstractEndpoint { timeouts.remove(info.socket); AprSocketWrapper wrapper = connections.get( Long.valueOf(info.socket)); -if (wrapper == null) { -continue; -} -if (info.read() || info.write()) { -boolean comet = wrapper.isComet(); -if (comet || wrapper.pollerFlags != 0) { -removeFromPoller(info.socket); -} -wrapper.pollerFlags = wrapper.pollerFlags | -(info.read() ? Poll.APR_POLLIN : 0) | -(info.write() ? Poll.APR_POLLOUT : 0); -if (!addToPoller(info.socket, wrapper.pollerFlags)) { -// Can't do anything: close the socket right -// away -if (!comet || !processSocket(info.socket, SocketStatus.ERROR)) { -closeSocket(info.socket); +if (wrapper != null) { +if (info.read() || info.write()) { +boolean comet = wrapper.isComet(); +if (comet || wrapper.pollerFlags != 0) { +removeFromPoller(info.socket); +} +wrapper.pollerFlags = wrapper.pollerFlags | +(info.read() ? Poll.APR_POLLIN : 0) | +(info.write() ? Poll.APR_POLLOUT : 0); +if (!addToPoller(info.socket, wrapper.pollerFlags)) { +// Can't do anything: close the socket right +// away +if (!comet || !processSocket(info.socket, SocketStatus.ERROR)) { +closeSocket(info.socket); +} +} else { +timeouts.add(info.socket, +System.currentTimeMillis() + +info.timeout); } } else { -timeouts.add(info.socket, -System.currentTimeMillis() + -info.timeout); +// Should never happen. +closeSocket(info.socket); +getLog().warn(sm.getString( +"endpoint.apr.pollAddInvalid", info)); } -} else { -// Should never happen. -
[tomcat] branch 7.0.x updated: Cosmetic changes only to align with 8.5.x to ease maintenance
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new f421dab Cosmetic changes only to align with 8.5.x to ease maintenance f421dab is described below commit f421dab423d86a0336fdc83b784cb485fd19f6cb Author: Mark Thomas AuthorDate: Thu Aug 20 15:45:47 2020 +0100 Cosmetic changes only to align with 8.5.x to ease maintenance --- java/org/apache/tomcat/util/net/AprEndpoint.java | 53 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index a27ee22..432d89a 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -1698,15 +1698,15 @@ public class AprEndpoint extends AbstractEndpoint { */ @Override public String toString() { -StringBuffer buf = new StringBuffer(); +StringBuilder buf = new StringBuilder(); buf.append("Poller"); long[] res = new long[pollerSize * 2]; int count = Poll.pollset(aprPoller, res); buf.append(" [ "); for (int j = 0; j < count; j++) { -buf.append(desc[2*j+1]).append(" "); +buf.append(desc[2*j+1]).append(' '); } -buf.append("]"); +buf.append(']'); return buf.toString(); } @@ -1810,33 +1810,32 @@ public class AprEndpoint extends AbstractEndpoint { timeouts.remove(info.socket); AprSocketWrapper wrapper = connections.get( Long.valueOf(info.socket)); -if (wrapper == null) { -continue; -} -if (info.read() || info.write()) { -boolean comet = wrapper.isComet(); -if (comet || wrapper.pollerFlags != 0) { -removeFromPoller(info.socket); -} -wrapper.pollerFlags = wrapper.pollerFlags | -(info.read() ? Poll.APR_POLLIN : 0) | -(info.write() ? Poll.APR_POLLOUT : 0); -if (!addToPoller(info.socket, wrapper.pollerFlags)) { -// Can't do anything: close the socket right -// away -if (!comet || !processSocket(info.socket, SocketStatus.ERROR)) { -closeSocket(info.socket); +if (wrapper != null) { +if (info.read() || info.write()) { +boolean comet = wrapper.isComet(); +if (comet || wrapper.pollerFlags != 0) { +removeFromPoller(info.socket); +} +wrapper.pollerFlags = wrapper.pollerFlags | +(info.read() ? Poll.APR_POLLIN : 0) | +(info.write() ? Poll.APR_POLLOUT : 0); +if (!addToPoller(info.socket, wrapper.pollerFlags)) { +// Can't do anything: close the socket right +// away +if (!comet || !processSocket(info.socket, SocketStatus.ERROR)) { +closeSocket(info.socket); +} +} else { +timeouts.add(info.socket, +System.currentTimeMillis() + +info.timeout); } } else { -timeouts.add(info.socket, -System.currentTimeMillis() + -info.timeout); +// Should never happen. +closeSocket(info.socket); +getLog().warn(sm.getString( +"endpoint.apr.pollAddInvalid", info)); } -} else { -// Should never happen. -
[tomcat] branch 7.0.x updated: Cosmetic changes only to align with 8.5.x to ease maintenance
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new f421dab Cosmetic changes only to align with 8.5.x to ease maintenance f421dab is described below commit f421dab423d86a0336fdc83b784cb485fd19f6cb Author: Mark Thomas AuthorDate: Thu Aug 20 15:45:47 2020 +0100 Cosmetic changes only to align with 8.5.x to ease maintenance --- java/org/apache/tomcat/util/net/AprEndpoint.java | 53 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index a27ee22..432d89a 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -1698,15 +1698,15 @@ public class AprEndpoint extends AbstractEndpoint { */ @Override public String toString() { -StringBuffer buf = new StringBuffer(); +StringBuilder buf = new StringBuilder(); buf.append("Poller"); long[] res = new long[pollerSize * 2]; int count = Poll.pollset(aprPoller, res); buf.append(" [ "); for (int j = 0; j < count; j++) { -buf.append(desc[2*j+1]).append(" "); +buf.append(desc[2*j+1]).append(' '); } -buf.append("]"); +buf.append(']'); return buf.toString(); } @@ -1810,33 +1810,32 @@ public class AprEndpoint extends AbstractEndpoint { timeouts.remove(info.socket); AprSocketWrapper wrapper = connections.get( Long.valueOf(info.socket)); -if (wrapper == null) { -continue; -} -if (info.read() || info.write()) { -boolean comet = wrapper.isComet(); -if (comet || wrapper.pollerFlags != 0) { -removeFromPoller(info.socket); -} -wrapper.pollerFlags = wrapper.pollerFlags | -(info.read() ? Poll.APR_POLLIN : 0) | -(info.write() ? Poll.APR_POLLOUT : 0); -if (!addToPoller(info.socket, wrapper.pollerFlags)) { -// Can't do anything: close the socket right -// away -if (!comet || !processSocket(info.socket, SocketStatus.ERROR)) { -closeSocket(info.socket); +if (wrapper != null) { +if (info.read() || info.write()) { +boolean comet = wrapper.isComet(); +if (comet || wrapper.pollerFlags != 0) { +removeFromPoller(info.socket); +} +wrapper.pollerFlags = wrapper.pollerFlags | +(info.read() ? Poll.APR_POLLIN : 0) | +(info.write() ? Poll.APR_POLLOUT : 0); +if (!addToPoller(info.socket, wrapper.pollerFlags)) { +// Can't do anything: close the socket right +// away +if (!comet || !processSocket(info.socket, SocketStatus.ERROR)) { +closeSocket(info.socket); +} +} else { +timeouts.add(info.socket, +System.currentTimeMillis() + +info.timeout); } } else { -timeouts.add(info.socket, -System.currentTimeMillis() + -info.timeout); +// Should never happen. +closeSocket(info.socket); +getLog().warn(sm.getString( +"endpoint.apr.pollAddInvalid", info)); } -} else { -// Should never happen. -
[Bug 64429] Commit b8649e81458194d70667952d9e26df82a79c773f in 1.1.24 breaks compilation with LibreSSL
https://bz.apache.org/bugzilla/show_bug.cgi?id=64429 --- Comment #7 from Mark Thomas --- The directives I added needed to be consistent with the directives already in place to avoid the errors. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64426] TestSSLHostConfigCompat crashes with LibreSSL 2.9.0
https://bz.apache.org/bugzilla/show_bug.cgi?id=64426 Mark Thomas changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW |RESOLVED --- Comment #8 from Mark Thomas --- As far as I can tell the root cause is a LibreSSL bug. I see the same behaviour with the current Tomcat Native source. I have added some debugging trace to LibreSSL 2.9.0 it it shows a crash at the point where the internal ssl_set_cert(CERT *c, X509 *x) method is called. That looks like memory corruption to me. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 02/02: Fiz BZ 64429 - compilation with LibreSSL
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 82a29490f2ab9cefa45fe23d0ebfe65c0a53 Author: Mark Thomas AuthorDate: Thu Aug 20 11:04:19 2020 +0100 Fiz BZ 64429 - compilation with LibreSSL https://bz.apache.org/bugzilla/show_bug.cgi?id=64429 --- native/include/ssl_private.h | 2 +- native/src/ssl.c | 18 +- xdocs/miscellaneous/changelog.xml | 3 +++ 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 125d6b7..b50bf24 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -397,7 +397,7 @@ int SSL_callback_alpn_select_proto(SSL *, const unsigned char **, unsign voidSSL_callback_add_keylog(SSL_CTX *); #endif -#if (OPENSSL_VERSION_NUMBER < 0x1010L) && ! (defined(WIN32) || defined(WIN64)) +#if (OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)) && ! (defined(WIN32) || defined(WIN64)) unsigned long SSL_ERR_get(void); void SSL_ERR_clear(void); #else diff --git a/native/src/ssl.c b/native/src/ssl.c index 98d77eb..985b61a 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -46,7 +46,7 @@ static void ssl_keylog_callback(const SSL *ssl, const char *line) static jclass byteArrayClass; static jclass stringClass; -#if OPENSSL_VERSION_NUMBER < 0x1010L +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) /* Global reference to the pool used by the dynamic mutexes */ static apr_pool_t *dynlockpool = NULL; @@ -349,7 +349,7 @@ static apr_status_t ssl_init_cleanup(void *data) return APR_SUCCESS; ssl_initialized = 0; -#if OPENSSL_VERSION_NUMBER < 0x1010L && ! (defined(WIN32) || defined(WIN64)) +#if (OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)) && ! (defined(WIN32) || defined(WIN64)) if (threadkey_initialized) { threadkey_initialized = 0; apr_threadkey_private_delete(thread_exit_key); @@ -435,7 +435,7 @@ static ENGINE *ssl_try_load_engine(const char *engine) * To ensure thread-safetyness in OpenSSL */ -#if OPENSSL_VERSION_NUMBER < 0x1010L +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) static apr_thread_mutex_t **ssl_lock_cs; static int ssl_lock_num_locks; @@ -460,7 +460,7 @@ static unsigned long ssl_thread_id(void) return (unsigned long)tcn_get_thread_id(); } -#if OPENSSL_VERSION_NUMBER < 0x1010L +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) #if ! (defined(WIN32) || defined(WIN64)) void SSL_thread_exit(void) { ERR_remove_thread_state(NULL); @@ -1310,7 +1310,7 @@ static apr_status_t ssl_con_pool_cleanup(void *data) int *destroyCount; TCN_ASSERT(ssl != 0); - + destroyCount = SSL_get_app_data4(ssl); if (destroyCount != NULL) { ++(*destroyCount); @@ -1332,7 +1332,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, UNREFERENCED_STDARGS; TCN_ASSERT(ctx != 0); - + ssl = SSL_new(c->ctx); if (ssl == NULL) { free(handshakeCount); @@ -1340,7 +1340,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, tcn_ThrowException(e, "cannot create new ssl"); return 0; } - + apr_pool_create(, c->pool); if (p == NULL) { free(handshakeCount); @@ -1349,7 +1349,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, tcn_ThrowAPRException(e, apr_get_os_error()); return 0; } - + if ((con = apr_pcalloc(p, sizeof(tcn_ssl_conn_t))) == NULL) { free(handshakeCount); free(destroyCount); @@ -1391,7 +1391,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, apr_pool_cleanup_register(con->pool, (const void *)ssl, ssl_con_pool_cleanup, apr_pool_cleanup_null); - + return P2J(ssl); } diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index a6690b9..a59df09 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -61,6 +61,9 @@ if OCSP is enabled, a missing responder is now treated as an error. (jfclere) + + 64429: Fix compilation with LibreSSL. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch master updated (be9fa30 -> 82a2949)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git. from be9fa30 Allow to bypass the OCSP responder check like SSLOCSPEnable to use it in add: Note that a not responding OCSP responder is now handled as an error. new 5670240 Update changelog new 82a2949 Fiz BZ 64429 - compilation with LibreSSL The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: native/include/ssl_private.h | 2 +- native/src/ssl.c | 18 +- xdocs/miscellaneous/changelog.xml | 8 3 files changed, 18 insertions(+), 10 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64429] Commit b8649e81458194d70667952d9e26df82a79c773f in 1.1.24 breaks compilation with LibreSSL
https://bz.apache.org/bugzilla/show_bug.cgi?id=64429 --- Comment #6 from Michael Osipov --- (In reply to Mark Thomas from comment #5) > It was another inconsistent directive. Does your fix apply to every version of LibreSSL? While working on other LibreSSL related issues I used this pattern: https://github.com/apache/tomcat-native/commit/51f949dc6e0b6e4e27972b8ba2d0a2626fc3c1c5#diff-d5ecebaa2939a925164d1e10b8ab0f35R1265 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 01/02: Update changelog
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 567024033cafd78faf59a556afad7fc1cb821aa3 Author: Mark Thomas AuthorDate: Thu Aug 20 09:44:35 2020 +0100 Update changelog --- xdocs/miscellaneous/changelog.xml | 5 + 1 file changed, 5 insertions(+) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 2b5c073..a6690b9 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -56,6 +56,11 @@ Remove default option passed for rpath to linker on HP-UX. (michaelo) + + Add an option to allow the OCSP responder check to by bypassed. Note that + if OCSP is enabled, a missing responder is now treated as an error. + (jfclere) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch master updated (be9fa30 -> 82a2949)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git. from be9fa30 Allow to bypass the OCSP responder check like SSLOCSPEnable to use it in add: Note that a not responding OCSP responder is now handled as an error. new 5670240 Update changelog new 82a2949 Fiz BZ 64429 - compilation with LibreSSL The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: native/include/ssl_private.h | 2 +- native/src/ssl.c | 18 +- xdocs/miscellaneous/changelog.xml | 8 3 files changed, 18 insertions(+), 10 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 01/02: Update changelog
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 567024033cafd78faf59a556afad7fc1cb821aa3 Author: Mark Thomas AuthorDate: Thu Aug 20 09:44:35 2020 +0100 Update changelog --- xdocs/miscellaneous/changelog.xml | 5 + 1 file changed, 5 insertions(+) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 2b5c073..a6690b9 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -56,6 +56,11 @@ Remove default option passed for rpath to linker on HP-UX. (michaelo) + + Add an option to allow the OCSP responder check to by bypassed. Note that + if OCSP is enabled, a missing responder is now treated as an error. + (jfclere) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 02/02: Fiz BZ 64429 - compilation with LibreSSL
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 82a29490f2ab9cefa45fe23d0ebfe65c0a53 Author: Mark Thomas AuthorDate: Thu Aug 20 11:04:19 2020 +0100 Fiz BZ 64429 - compilation with LibreSSL https://bz.apache.org/bugzilla/show_bug.cgi?id=64429 --- native/include/ssl_private.h | 2 +- native/src/ssl.c | 18 +- xdocs/miscellaneous/changelog.xml | 3 +++ 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 125d6b7..b50bf24 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -397,7 +397,7 @@ int SSL_callback_alpn_select_proto(SSL *, const unsigned char **, unsign voidSSL_callback_add_keylog(SSL_CTX *); #endif -#if (OPENSSL_VERSION_NUMBER < 0x1010L) && ! (defined(WIN32) || defined(WIN64)) +#if (OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)) && ! (defined(WIN32) || defined(WIN64)) unsigned long SSL_ERR_get(void); void SSL_ERR_clear(void); #else diff --git a/native/src/ssl.c b/native/src/ssl.c index 98d77eb..985b61a 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -46,7 +46,7 @@ static void ssl_keylog_callback(const SSL *ssl, const char *line) static jclass byteArrayClass; static jclass stringClass; -#if OPENSSL_VERSION_NUMBER < 0x1010L +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) /* Global reference to the pool used by the dynamic mutexes */ static apr_pool_t *dynlockpool = NULL; @@ -349,7 +349,7 @@ static apr_status_t ssl_init_cleanup(void *data) return APR_SUCCESS; ssl_initialized = 0; -#if OPENSSL_VERSION_NUMBER < 0x1010L && ! (defined(WIN32) || defined(WIN64)) +#if (OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)) && ! (defined(WIN32) || defined(WIN64)) if (threadkey_initialized) { threadkey_initialized = 0; apr_threadkey_private_delete(thread_exit_key); @@ -435,7 +435,7 @@ static ENGINE *ssl_try_load_engine(const char *engine) * To ensure thread-safetyness in OpenSSL */ -#if OPENSSL_VERSION_NUMBER < 0x1010L +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) static apr_thread_mutex_t **ssl_lock_cs; static int ssl_lock_num_locks; @@ -460,7 +460,7 @@ static unsigned long ssl_thread_id(void) return (unsigned long)tcn_get_thread_id(); } -#if OPENSSL_VERSION_NUMBER < 0x1010L +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) #if ! (defined(WIN32) || defined(WIN64)) void SSL_thread_exit(void) { ERR_remove_thread_state(NULL); @@ -1310,7 +1310,7 @@ static apr_status_t ssl_con_pool_cleanup(void *data) int *destroyCount; TCN_ASSERT(ssl != 0); - + destroyCount = SSL_get_app_data4(ssl); if (destroyCount != NULL) { ++(*destroyCount); @@ -1332,7 +1332,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, UNREFERENCED_STDARGS; TCN_ASSERT(ctx != 0); - + ssl = SSL_new(c->ctx); if (ssl == NULL) { free(handshakeCount); @@ -1340,7 +1340,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, tcn_ThrowException(e, "cannot create new ssl"); return 0; } - + apr_pool_create(, c->pool); if (p == NULL) { free(handshakeCount); @@ -1349,7 +1349,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, tcn_ThrowAPRException(e, apr_get_os_error()); return 0; } - + if ((con = apr_pcalloc(p, sizeof(tcn_ssl_conn_t))) == NULL) { free(handshakeCount); free(destroyCount); @@ -1391,7 +1391,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, apr_pool_cleanup_register(con->pool, (const void *)ssl, ssl_con_pool_cleanup, apr_pool_cleanup_null); - + return P2J(ssl); } diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index a6690b9..a59df09 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -61,6 +61,9 @@ if OCSP is enabled, a missing responder is now treated as an error. (jfclere) + + 64429: Fix compilation with LibreSSL. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch master updated (be9fa30 -> 82a2949)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git. from be9fa30 Allow to bypass the OCSP responder check like SSLOCSPEnable to use it in add: Note that a not responding OCSP responder is now handled as an error. new 5670240 Update changelog new 82a2949 Fiz BZ 64429 - compilation with LibreSSL The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: native/include/ssl_private.h | 2 +- native/src/ssl.c | 18 +- xdocs/miscellaneous/changelog.xml | 8 3 files changed, 18 insertions(+), 10 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 02/02: Fiz BZ 64429 - compilation with LibreSSL
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 82a29490f2ab9cefa45fe23d0ebfe65c0a53 Author: Mark Thomas AuthorDate: Thu Aug 20 11:04:19 2020 +0100 Fiz BZ 64429 - compilation with LibreSSL https://bz.apache.org/bugzilla/show_bug.cgi?id=64429 --- native/include/ssl_private.h | 2 +- native/src/ssl.c | 18 +- xdocs/miscellaneous/changelog.xml | 3 +++ 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 125d6b7..b50bf24 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -397,7 +397,7 @@ int SSL_callback_alpn_select_proto(SSL *, const unsigned char **, unsign voidSSL_callback_add_keylog(SSL_CTX *); #endif -#if (OPENSSL_VERSION_NUMBER < 0x1010L) && ! (defined(WIN32) || defined(WIN64)) +#if (OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)) && ! (defined(WIN32) || defined(WIN64)) unsigned long SSL_ERR_get(void); void SSL_ERR_clear(void); #else diff --git a/native/src/ssl.c b/native/src/ssl.c index 98d77eb..985b61a 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -46,7 +46,7 @@ static void ssl_keylog_callback(const SSL *ssl, const char *line) static jclass byteArrayClass; static jclass stringClass; -#if OPENSSL_VERSION_NUMBER < 0x1010L +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) /* Global reference to the pool used by the dynamic mutexes */ static apr_pool_t *dynlockpool = NULL; @@ -349,7 +349,7 @@ static apr_status_t ssl_init_cleanup(void *data) return APR_SUCCESS; ssl_initialized = 0; -#if OPENSSL_VERSION_NUMBER < 0x1010L && ! (defined(WIN32) || defined(WIN64)) +#if (OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)) && ! (defined(WIN32) || defined(WIN64)) if (threadkey_initialized) { threadkey_initialized = 0; apr_threadkey_private_delete(thread_exit_key); @@ -435,7 +435,7 @@ static ENGINE *ssl_try_load_engine(const char *engine) * To ensure thread-safetyness in OpenSSL */ -#if OPENSSL_VERSION_NUMBER < 0x1010L +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) static apr_thread_mutex_t **ssl_lock_cs; static int ssl_lock_num_locks; @@ -460,7 +460,7 @@ static unsigned long ssl_thread_id(void) return (unsigned long)tcn_get_thread_id(); } -#if OPENSSL_VERSION_NUMBER < 0x1010L +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) #if ! (defined(WIN32) || defined(WIN64)) void SSL_thread_exit(void) { ERR_remove_thread_state(NULL); @@ -1310,7 +1310,7 @@ static apr_status_t ssl_con_pool_cleanup(void *data) int *destroyCount; TCN_ASSERT(ssl != 0); - + destroyCount = SSL_get_app_data4(ssl); if (destroyCount != NULL) { ++(*destroyCount); @@ -1332,7 +1332,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, UNREFERENCED_STDARGS; TCN_ASSERT(ctx != 0); - + ssl = SSL_new(c->ctx); if (ssl == NULL) { free(handshakeCount); @@ -1340,7 +1340,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, tcn_ThrowException(e, "cannot create new ssl"); return 0; } - + apr_pool_create(, c->pool); if (p == NULL) { free(handshakeCount); @@ -1349,7 +1349,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, tcn_ThrowAPRException(e, apr_get_os_error()); return 0; } - + if ((con = apr_pcalloc(p, sizeof(tcn_ssl_conn_t))) == NULL) { free(handshakeCount); free(destroyCount); @@ -1391,7 +1391,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, apr_pool_cleanup_register(con->pool, (const void *)ssl, ssl_con_pool_cleanup, apr_pool_cleanup_null); - + return P2J(ssl); } diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index a6690b9..a59df09 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -61,6 +61,9 @@ if OCSP is enabled, a missing responder is now treated as an error. (jfclere) + + 64429: Fix compilation with LibreSSL. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 01/02: Update changelog
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 567024033cafd78faf59a556afad7fc1cb821aa3 Author: Mark Thomas AuthorDate: Thu Aug 20 09:44:35 2020 +0100 Update changelog --- xdocs/miscellaneous/changelog.xml | 5 + 1 file changed, 5 insertions(+) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 2b5c073..a6690b9 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -56,6 +56,11 @@ Remove default option passed for rpath to linker on HP-UX. (michaelo) + + Add an option to allow the OCSP responder check to by bypassed. Note that + if OCSP is enabled, a missing responder is now treated as an error. + (jfclere) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64429] Commit b8649e81458194d70667952d9e26df82a79c773f in 1.1.24 breaks compilation with LibreSSL
https://bz.apache.org/bugzilla/show_bug.cgi?id=64429 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #5 from Mark Thomas --- It was another inconsistent directive. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64429] Commit b8649e81458194d70667952d9e26df82a79c773f in 1.1.24 breaks compilation with LibreSSL
https://bz.apache.org/bugzilla/show_bug.cgi?id=64429 --- Comment #4 from Michael Osipov --- (In reply to Mark Thomas from comment #3) > The fix looks to be fairly simple and I have this committed locally. The > various #if preprocessor directives are not consistent. > > #if OPENSSL_VERSION_NUMBER < 0x1010L > > vs > > #if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) > > Making them consistent fixes the compilation issue. However, I am not > currently able to confirm the fix because LibreSSL portable on Linux appears > to enter a tight loop (never exits, 100% CPU on one thread) when > SSL_CTX_use_PrivateKey is called. > > I've tested 2.9.1, 2.9.2, 3.1.4 and 3.2.0 and the behaviour is the same. > > I want to investigate the "tight loop" further before I push the commit that > fixes this issue. Can this be reproduced with the tests? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64429] Commit b8649e81458194d70667952d9e26df82a79c773f in 1.1.24 breaks compilation with LibreSSL
https://bz.apache.org/bugzilla/show_bug.cgi?id=64429 --- Comment #3 from Mark Thomas --- The fix looks to be fairly simple and I have this committed locally. The various #if preprocessor directives are not consistent. #if OPENSSL_VERSION_NUMBER < 0x1010L vs #if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER) Making them consistent fixes the compilation issue. However, I am not currently able to confirm the fix because LibreSSL portable on Linux appears to enter a tight loop (never exits, 100% CPU on one thread) when SSL_CTX_use_PrivateKey is called. I've tested 2.9.1, 2.9.2, 3.1.4 and 3.2.0 and the behaviour is the same. I want to investigate the "tight loop" further before I push the commit that fixes this issue. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64497] jni.SSL.getSessionId returns null
https://bz.apache.org/bugzilla/show_bug.cgi?id=64497 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #3 from Mark Thomas --- It was part of the big patch from netty ~5 years ago. It isn't mentioned explicitly so I am guessing session caching was disabled by default because it isn't needed when RFC 5077 session tickets are available. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64497] jni.SSL.getSessionId returns null
https://bz.apache.org/bugzilla/show_bug.cgi?id=64497 --- Comment #2 from Mark Thomas --- Turns out setting the session cache size was exposed and setting that automatically sets the mode correctly. The session ID is now available to the rewrite valve. I still want to check on why the tomcat-native default is to disable this. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Enable session cache so session ID is available with APR
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 389a9bb Enable session cache so session ID is available with APR 389a9bb is described below commit 389a9bbd1c9297f97ad6717641b5cc736ffdd7e0 Author: Mark Thomas AuthorDate: Thu Aug 20 09:10:26 2020 +0100 Enable session cache so session ID is available with APR --- test/org/apache/catalina/valves/rewrite/TestResolverSSL.java | 5 + 1 file changed, 5 insertions(+) diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java index 10100e1..39e33dc 100644 --- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java +++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java @@ -32,6 +32,7 @@ import org.apache.catalina.startup.Tomcat; import org.apache.catalina.startup.TomcatBaseTest; import org.apache.catalina.valves.ValveBase; import org.apache.tomcat.util.buf.ByteChunk; +import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.TesterSupport; public class TestResolverSSL extends TomcatBaseTest { @@ -45,6 +46,10 @@ public class TestResolverSSL extends TomcatBaseTest { Container root = tomcat.getHost().findChild(""); root.getPipeline().addValve(new ResolverTestValve()); +// Enable session caching so the SSL Session is available when using APR +SSLHostConfig sslHostConfig = tomcat.getConnector().findSslHostConfigs()[0]; +sslHostConfig.setSessionCacheSize(20 * 1024); + tomcat.start(); ByteChunk res = getUrl("https://localhost:; + getPort() + "/protected"); // Just look a bit at the result - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Enable session cache so session ID is available with APR
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 213b5db Enable session cache so session ID is available with APR 213b5db is described below commit 213b5db2c2629284072b5d90e1116c6b2e466afe Author: Mark Thomas AuthorDate: Thu Aug 20 09:10:26 2020 +0100 Enable session cache so session ID is available with APR --- test/org/apache/catalina/valves/rewrite/TestResolverSSL.java | 5 + 1 file changed, 5 insertions(+) diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java index d4624a3..872ba06 100644 --- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java +++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java @@ -31,6 +31,7 @@ import org.apache.catalina.startup.Tomcat; import org.apache.catalina.startup.TomcatBaseTest; import org.apache.catalina.valves.ValveBase; import org.apache.tomcat.util.buf.ByteChunk; +import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.TesterSupport; public class TestResolverSSL extends TomcatBaseTest { @@ -41,6 +42,10 @@ public class TestResolverSSL extends TomcatBaseTest { Container root = tomcat.getHost().findChild(""); root.getPipeline().addValve(new ResolverTestValve()); +// Enable session caching so the SSL Session is available when using APR +SSLHostConfig sslHostConfig = tomcat.getConnector().findSslHostConfigs()[0]; +sslHostConfig.setSessionCacheSize(20 * 1024); + tomcat.start(); ByteChunk res = getUrl("https://localhost:; + getPort() + "/protected"); // Just look a bit at the result - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Enable session cache so session ID is available with APR
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new af4a6a8 Enable session cache so session ID is available with APR af4a6a8 is described below commit af4a6a88df59cdb16e373e73071bc5c2f576cb41 Author: Mark Thomas AuthorDate: Thu Aug 20 09:10:26 2020 +0100 Enable session cache so session ID is available with APR --- test/org/apache/catalina/valves/rewrite/TestResolverSSL.java | 5 + 1 file changed, 5 insertions(+) diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java index 3d7d5f7..389fd58 100644 --- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java +++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java @@ -31,6 +31,7 @@ import org.apache.catalina.startup.Tomcat; import org.apache.catalina.startup.TomcatBaseTest; import org.apache.catalina.valves.ValveBase; import org.apache.tomcat.util.buf.ByteChunk; +import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.TesterSupport; public class TestResolverSSL extends TomcatBaseTest { @@ -41,6 +42,10 @@ public class TestResolverSSL extends TomcatBaseTest { Container root = tomcat.getHost().findChild(""); root.getPipeline().addValve(new ResolverTestValve()); +// Enable session caching so the SSL Session is available when using APR +SSLHostConfig sslHostConfig = tomcat.getConnector().findSslHostConfigs()[0]; +sslHostConfig.setSessionCacheSize(20 * 1024); + tomcat.start(); ByteChunk res = getUrl("https://localhost:; + getPort() + "/protected"); // Just look a bit at the result - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org