Re: [PR] Fix bz67675 [tomcat]
michael-o commented on PR #674: URL: https://github.com/apache/tomcat/pull/674#issuecomment-1775942678 Thanks for the hard work. I will try this tomorrow/Wednesday! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix bz67675 [tomcat]
michael-o commented on code in PR #674: URL: https://github.com/apache/tomcat/pull/674#discussion_r1369211534 ## test/org/apache/tomcat/util/net/jsse/TestPEMFile.java: ## @@ -118,4 +127,17 @@ private String getPath(String file) throws IOException { return f.getCanonicalPath(); } + + +@Test +public void testListSecretKeyFactories() { +for (Provider provider : Security.getProviders()) { +System.out.println( provider ); +for (Provider.Service service : provider.getServices()) { +if ("Cipher".equals( service.getType())) { +System.out.println( service.getAlgorithm() ); Review Comment: Are the spaces on purpose? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix bz67675 [tomcat]
michael-o commented on PR #674: URL: https://github.com/apache/tomcat/pull/674#issuecomment-1775933882 The more ASN.1 I see in Tomcat the more I think is that we should import Kerby ASN.1 at some point in time... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-9.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/37/builds/741 Blamelist: Mark Thomas , Michael Osipov , remm Build Text: build successful Status Detected: restored build Build Source Stamp: [branch 9.0.x] a28c36053622aabd9375d5a65ca88ba19fb522f1 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix bz67675 [tomcat]
michael-o commented on code in PR #674: URL: https://github.com/apache/tomcat/pull/674#discussion_r1369136617 ## java/org/apache/tomcat/util/net/jsse/PEMFile.java: ## @@ -64,8 +66,40 @@ public class PEMFile { private static final byte[] OID_EC_PUBLIC_KEY = new byte[] { 0x06, 0x07, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x02, 0x01 }; +// 1.2.840.113549.1.5.13 +private static final byte[] OID_PBES2 = +new byte[] { 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7, 0x0D, 0x01, 0x05, 0x0D }; +// 1.2.840.113549.1.5.12 +private static final byte[] OID_PBKDF2 = +new byte[] { 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7, 0x0D, 0x01, 0x05, 0x0C }; + +private static final Map OID_TO_PRF = new HashMap<>(); +static { +// 1.2.840.113549.2.7 +OID_TO_PRF.put("2a864886f70d0207", "HmacSHA1"); +// 1.2.840.113549.2.8 +OID_TO_PRF.put("2a864886f70d0208", "HmacSHA224"); +// 1.2.840.113549.2.9 +OID_TO_PRF.put("2a864886f70d0209", "HmacSHA256"); +// 1.2.840.113549.2.10 +OID_TO_PRF.put("2a864886f70d020a", "HmacSHA384"); +// 1.2.840.113549.2.11 +OID_TO_PRF.put("2a864886f70d020b", "HmacSHA512"); +// 1.2.840.113549.2.12 +OID_TO_PRF.put("2a864886f70d020c", "HmacSHA512/224"); +// 1.2.840.113549.2.13 +OID_TO_PRF.put("2a864886f70d020d", "HmacSHA512/256"); +} -private static final String PBES2 = "PBES2"; +private static final Map OID_TO_ALGOITHM = new HashMap<>(); Review Comment: Typo -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix bz67675 [tomcat]
michael-o commented on PR #674: URL: https://github.com/apache/tomcat/pull/674#issuecomment-1775825928 There is also AES128 with OpenSSL anf should be tried as well. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67675] Tomcat and/or Java do not read encrypted private keys with DES-EDE3-CBC generated by openssl-req(1)
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675 --- Comment #16 from Mark Thomas --- See https://github.com/apache/tomcat/pull/674 That should support any cert the current code supports plus the OpenSSL defaults. It is possible there are other combinations that need to be supported. It should be easy to add those as required. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Non preview FFM (formerly known as Panama) API
On Mon, Oct 23, 2023 at 6:57 PM Mark Thomas wrote: > > On 20/10/2023 08:30, Rémy Maucherat wrote: > > > > > Assuming Mark accepts working with an alpha build of Java 22 to > > produce the releases of Tomcat 11, it is now possible to merge the > > OpenSSL code. > > I'm fine with that. Java 22 will be released before Tomcat 11 will be > able to go stable. > > > The idea is to build the two packages that need it using a 22 release > > target, while the rest would release target 21 as usual. Using some > > conditionals, it should be possible to allow casual building with 21, > > as it would be bad to drive away contributors who would understandably > > not be very interested in alpha Java 22 yet. I would also add the > > jextract scripts in res/jextract (using jextract at this time is going > > to remain harder however). > > Sounds reasonable to me. Awesome, thanks a lot ! :) I'll work on the build adjustments. I hope we don't regret doing the move sooner rather than later, but I haven't had any 22 issues so far building or running Tomcat. So we would have to be really unlucky. Rémy > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Non preview FFM (formerly known as Panama) API
On 20/10/2023 08:30, Rémy Maucherat wrote: Assuming Mark accepts working with an alpha build of Java 22 to produce the releases of Tomcat 11, it is now possible to merge the OpenSSL code. I'm fine with that. Java 22 will be released before Tomcat 11 will be able to go stable. The idea is to build the two packages that need it using a 22 release target, while the rest would release target 21 as usual. Using some conditionals, it should be possible to allow casual building with 21, as it would be bad to drive away contributors who would understandably not be very interested in alpha Java 22 yet. I would also add the jextract scripts in res/jextract (using jextract at this time is going to remain harder however). Sounds reasonable to me. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Infer KeyStore type when configuring a KeyStore directly
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 7af21f6b75 Infer KeyStore type when configuring a KeyStore directly 7af21f6b75 is described below commit 7af21f6b75aa809c9e8e79f8f1fbffcb3b577d64 Author: Mark Thomas AuthorDate: Mon Oct 23 17:41:34 2023 +0100 Infer KeyStore type when configuring a KeyStore directly --- java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 3 +++ webapps/docs/changelog.xml| 10 ++ 2 files changed, 13 insertions(+) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java index 0c0ebb7274..68a6d2d378 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java @@ -224,6 +224,9 @@ public class SSLHostConfigCertificate implements Serializable { public void setCertificateKeystore(KeyStore certificateKeystore) { this.certificateKeystore = certificateKeystore; +if (certificateKeystore != null) { +setCertificateKeystoreType(certificateKeystore.getType()); +} } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index cccd9de7b2..34724b54a9 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -126,6 +126,16 @@ + + + +When calling +SSLHostConfigCertificate.setCertificateKeystore(ks), +automatically call +setCertificateKeystoreType(ks.getType()). (markt) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Infer KeyStore type when configuring a KeyStore directly
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new a28c360536 Infer KeyStore type when configuring a KeyStore directly a28c360536 is described below commit a28c36053622aabd9375d5a65ca88ba19fb522f1 Author: Mark Thomas AuthorDate: Mon Oct 23 17:41:34 2023 +0100 Infer KeyStore type when configuring a KeyStore directly --- java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 3 +++ webapps/docs/changelog.xml| 10 ++ 2 files changed, 13 insertions(+) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java index 0c0ebb7274..68a6d2d378 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java @@ -224,6 +224,9 @@ public class SSLHostConfigCertificate implements Serializable { public void setCertificateKeystore(KeyStore certificateKeystore) { this.certificateKeystore = certificateKeystore; +if (certificateKeystore != null) { +setCertificateKeystoreType(certificateKeystore.getType()); +} } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 2a908b046a..3f46719f49 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -126,6 +126,16 @@ + + + +When calling +SSLHostConfigCertificate.setCertificateKeystore(ks), +automatically call +setCertificateKeystoreType(ks.getType()). (markt) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Infer KeyStore type when configuring a KeyStore directly
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new cd4903db91 Infer KeyStore type when configuring a KeyStore directly cd4903db91 is described below commit cd4903db91714822b38d5017169599d4e15544aa Author: Mark Thomas AuthorDate: Mon Oct 23 17:41:34 2023 +0100 Infer KeyStore type when configuring a KeyStore directly --- java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 3 +++ webapps/docs/changelog.xml| 10 ++ 2 files changed, 13 insertions(+) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java index 0c0ebb7274..68a6d2d378 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java @@ -224,6 +224,9 @@ public class SSLHostConfigCertificate implements Serializable { public void setCertificateKeystore(KeyStore certificateKeystore) { this.certificateKeystore = certificateKeystore; +if (certificateKeystore != null) { +setCertificateKeystoreType(certificateKeystore.getType()); +} } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 0e028ed263..5100bd9a16 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -126,6 +126,16 @@ + + + +When calling +SSLHostConfigCertificate.setCertificateKeystore(ks), +automatically call +setCertificateKeystoreType(ks.getType()). (markt) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Infer KeyStore type when configuring a KeyStore directly
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 8096ce4a97 Infer KeyStore type when configuring a KeyStore directly 8096ce4a97 is described below commit 8096ce4a97afb78541df2cb49336f67aeccc95b6 Author: Mark Thomas AuthorDate: Mon Oct 23 17:41:34 2023 +0100 Infer KeyStore type when configuring a KeyStore directly --- java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 3 +++ webapps/docs/changelog.xml| 10 ++ 2 files changed, 13 insertions(+) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java index 0c0ebb7274..68a6d2d378 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java @@ -224,6 +224,9 @@ public class SSLHostConfigCertificate implements Serializable { public void setCertificateKeystore(KeyStore certificateKeystore) { this.certificateKeystore = certificateKeystore; +if (certificateKeystore != null) { +setCertificateKeystoreType(certificateKeystore.getType()); +} } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 85805e6cad..3b927d8e04 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -131,6 +131,16 @@ + + + +When calling +SSLHostConfigCertificate.setCertificateKeystore(ks), +automatically call +setCertificateKeystoreType(ks.getType()). (markt) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Add more complex password picker
Thanks for catching up! - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add more complex password picker
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 683eee6cc5 Add more complex password picker 683eee6cc5 is described below commit 683eee6cc58dcc2452102c2e5ec2edae43f53a6e Author: remm AuthorDate: Mon Oct 23 13:54:14 2023 +0200 Add more complex password picker With FIXMEs since the API is not there yet. --- .../util/net/openssl/panama/OpenSSLContext.java| 40 +- .../net/openssl/panama/LocalStrings.properties | 1 + 2 files changed, 33 insertions(+), 8 deletions(-) diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java index 5932fb7a15..da8c8e1046 100644 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java +++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java @@ -16,8 +16,10 @@ */ package org.apache.tomcat.util.net.openssl.panama; +import java.io.BufferedReader; import java.io.File; import java.io.IOException; +import java.io.InputStreamReader; import java.lang.foreign.Arena; import java.lang.foreign.FunctionDescriptor; import java.lang.foreign.Linker; @@ -977,6 +979,29 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { int index = getCertificateIndex(certificate); // Load Server key and certificate if (certificate.getCertificateFile() != null) { +// Pick right key password +String keyPassToUse = null; +String keyPass = certificate.getCertificateKeyPassword(); +if (keyPass == null) { +keyPass = certificate.getCertificateKeystorePassword(); +} +String keyPassFile = null;//FIXME Tomcat 9.0.83:certificate.getCertificateKeyPasswordFile(); +if (keyPassFile == null) { +keyPassFile = null;//FIXME Tomcat 9.0.83:certificate.getCertificateKeystorePasswordFile(); +} +if (keyPassFile != null) { +try (BufferedReader reader = +new BufferedReader(new InputStreamReader( + ConfigFileLoader.getSource().getResource(keyPassFile).getInputStream(), +StandardCharsets.UTF_8))) { +keyPassToUse = reader.readLine(); +} catch (IOException e) { +log.error(sm.getString("openssl.errorLoadingPassword", keyPassFile), e); +return false; +} +} else { +keyPassToUse = keyPass; +} // Set certificate //SSLContext.setCertificate(state.ctx, // SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()), @@ -1007,9 +1032,8 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { } MemorySegment passwordAddress = MemorySegment.NULL; int passwordLength = 0; -String callbackPassword = certificate.getCertificateKeyPassword(); -if (callbackPassword != null && callbackPassword.length() > 0) { -passwordAddress = localArena.allocateFrom(callbackPassword); +if (keyPassToUse != null && keyPassToUse.length() > 0) { +passwordAddress = localArena.allocateFrom(keyPassToUse); passwordLength = (int) (passwordAddress.byteSize() - 1); } if (PKCS12_verify_mac(p12, passwordAddress, passwordLength) <= 0) { @@ -1049,7 +1073,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { key = MemorySegment.NULL; for (int i = 0; i < 3; i++) { try { - callbackPasswordTheadLocal.set(certificate.getCertificateKeyPassword()); +callbackPasswordTheadLocal.set(keyPassToUse); key = PEM_read_bio_PrivateKey(keyBIO, MemorySegment.NULL, openSSLCallbackPassword, MemorySegment.NULL); } finally { callbackPasswordTheadLocal.set(null); @@ -1076,7 +1100,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { } // Load certificate try { - callbackPasswordTheadLocal.set(certificate.getCertificateKeyPassword()); +
[Bug 64826] libtcnative prompts for private key password in some situations
https://bz.apache.org/bugzilla/show_bug.cgi?id=64826 --- Comment #1 from Michael Osipov --- Last point has been addressed with Bug 66670. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile [tomcat]
michael-o commented on PR #672: URL: https://github.com/apache/tomcat/pull/672#issuecomment-1774954495 Merged into all branches. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile [tomcat]
michael-o closed pull request #672: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile URL: https://github.com/apache/tomcat/pull/672 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66670] Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
https://bz.apache.org/bugzilla/show_bug.cgi?id=66670 Michael Osipov changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #16 from Michael Osipov --- Fixed in: - main for 11.0.0-M14 and onwards - 10.1.x for 10.1.16 and onwards - 9.0.x for 9.0.83 and onwards - 8.5.x for 8.5.96 and onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 8768cb1607 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile 8768cb1607 is described below commit 8768cb160766487e43f861de9ded9d527fd9d334 Author: Michael Osipov AuthorDate: Wed Sep 27 11:23:19 2023 +0200 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile --- .../coyote/http11/AbstractHttp11Protocol.java | 34 java/org/apache/tomcat/util/net/SSLHostConfig.java | 34 +++- .../tomcat/util/net/SSLHostConfigCertificate.java | 27 - java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++ java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 -- .../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++- test/org/apache/tomcat/util/net/TestSsl.java | 22 +- test/org/apache/tomcat/util/net/TesterSupport.java | 12 +- .../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++--- test/org/apache/tomcat/util/net/jsse/key-password | 1 + test/org/apache/tomcat/util/net/key-password | 1 + test/org/apache/tomcat/util/net/keystore-password | 1 + webapps/docs/changelog.xml | 4 ++ webapps/docs/config/http.xml | 20 - 14 files changed, 267 insertions(+), 23 deletions(-) diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java index 8e4f3efe98..18005783e2 100644 --- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java +++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java @@ -1013,6 +1013,17 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { } +public String getKeystorePassFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeystorePasswordFile(); +} + +public void setKeystorePassFile(String certificateKeystorePasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeystorePasswordFile(certificateKeystorePasswordFile); +} + + public String getKeyPass() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateKeyPassword(); @@ -1023,6 +1034,18 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { defaultSSLHostConfig.setCertificateKeyPassword(certificateKeyPassword); } + +public String getKeyPassFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeyPasswordFile(); +} + +public void setKeyPassFile(String certificateKeyPasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile); +} + + public String getSSLPassword() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateKeyPassword(); @@ -1034,6 +1057,17 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { } +public String getSSLPasswordFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeyPasswordFile(); +} + +public void setSSLPasswordFile(String certificateKeyPasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile); +} + + public String getCrlFile() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateRevocationListFile(); diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java index 7563015373..c9b921026e 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java @@ -306,12 +306,29 @@ public class SSLHostConfig implements Serializable { return defaultCertificate.getCertificateKeyPassword(); } } + + public void setCertificateKeyPassword(String certificateKeyPassword) { registerDefaultCertificate(); defaultCertificate.setCertificateKeyPassword(certificateKeyPassword); } +public String getCertificateKeyPasswordFile() { +if (defaultCertificate == null) { +return null; +} else { +return defaultCertificate.getCertificateKeyPasswordFile(); +} +} + + +public void setCertificateKeyPasswordFile(String certificateKeyPasswordFile) { +registerDefaultCertificate(); + defaultCertificate.setCertificateKeyPasswordFile(certificateKeyPasswordFile); +
[tomcat] branch 9.0.x updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 3d8db8cd57 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile 3d8db8cd57 is described below commit 3d8db8cd57b1e89be75b004b7401eb9581f531a2 Author: Michael Osipov AuthorDate: Wed Sep 27 11:23:19 2023 +0200 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile --- .../coyote/http11/AbstractHttp11Protocol.java | 34 java/org/apache/tomcat/util/net/SSLHostConfig.java | 34 +++- .../tomcat/util/net/SSLHostConfigCertificate.java | 27 - java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++ java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 -- .../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++- test/org/apache/tomcat/util/net/TestSsl.java | 22 +- test/org/apache/tomcat/util/net/TesterSupport.java | 12 +- .../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++--- test/org/apache/tomcat/util/net/jsse/key-password | 1 + test/org/apache/tomcat/util/net/key-password | 1 + test/org/apache/tomcat/util/net/keystore-password | 1 + webapps/docs/changelog.xml | 4 ++ webapps/docs/config/http.xml | 20 - 14 files changed, 267 insertions(+), 23 deletions(-) diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java index cc6988d308..9f12ae8ec4 100644 --- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java +++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java @@ -1009,6 +1009,17 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { } +public String getKeystorePassFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeystorePasswordFile(); +} + +public void setKeystorePassFile(String certificateKeystorePasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeystorePasswordFile(certificateKeystorePasswordFile); +} + + public String getKeyPass() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateKeyPassword(); @@ -1019,6 +1030,18 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { defaultSSLHostConfig.setCertificateKeyPassword(certificateKeyPassword); } + +public String getKeyPassFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeyPasswordFile(); +} + +public void setKeyPassFile(String certificateKeyPasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile); +} + + public String getSSLPassword() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateKeyPassword(); @@ -1030,6 +1053,17 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { } +public String getSSLPasswordFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeyPasswordFile(); +} + +public void setSSLPasswordFile(String certificateKeyPasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile); +} + + public String getCrlFile() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateRevocationListFile(); diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java index b2d944ee9b..af320dfbb6 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java @@ -305,12 +305,29 @@ public class SSLHostConfig implements Serializable { return defaultCertificate.getCertificateKeyPassword(); } } + + public void setCertificateKeyPassword(String certificateKeyPassword) { registerDefaultCertificate(); defaultCertificate.setCertificateKeyPassword(certificateKeyPassword); } +public String getCertificateKeyPasswordFile() { +if (defaultCertificate == null) { +return null; +} else { +return defaultCertificate.getCertificateKeyPasswordFile(); +} +} + + +public void setCertificateKeyPasswordFile(String certificateKeyPasswordFile) { +registerDefaultCertificate(); + defaultCertificate.setCertificateKeyPasswordFile(certificateKeyPasswordFile); +
[tomcat] branch 10.1.x updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 62bbe46266 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile 62bbe46266 is described below commit 62bbe462666b34eda971d1256cc1e830b500bdc1 Author: Michael Osipov AuthorDate: Wed Sep 27 11:23:19 2023 +0200 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile --- java/org/apache/tomcat/util/net/SSLHostConfig.java | 4 +- .../tomcat/util/net/SSLHostConfigCertificate.java | 27 - java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++ java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 -- .../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++- test/org/apache/tomcat/util/net/TestSsl.java | 22 +- test/org/apache/tomcat/util/net/TesterSupport.java | 12 +- .../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++--- test/org/apache/tomcat/util/net/jsse/key-password | 1 + test/org/apache/tomcat/util/net/key-password | 1 + test/org/apache/tomcat/util/net/keystore-password | 1 + webapps/docs/changelog.xml | 4 ++ webapps/docs/config/http.xml | 20 - 13 files changed, 203 insertions(+), 23 deletions(-) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java index 003c9b8b27..a447c7fec0 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java @@ -659,7 +659,7 @@ public class SSLHostConfig implements Serializable { if (truststoreFile != null){ try { result = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), -getTruststoreFile(), getTruststorePassword()); +getTruststoreFile(), getTruststorePassword(), null); } catch (IOException ioe) { Throwable cause = ioe.getCause(); if (cause instanceof UnrecoverableKeyException) { @@ -668,7 +668,7 @@ public class SSLHostConfig implements Serializable { cause); // Re-try result = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), -getTruststoreFile(), null); +getTruststoreFile(), null, null); } else { // Something else went wrong - re-throw throw ioe; diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java index ff635bf588..0c0ebb7274 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java @@ -59,10 +59,12 @@ public class SSLHostConfigCertificate implements Serializable { private final SSLHostConfig sslHostConfig; private final Type type; private String certificateKeyPassword = null; +private String certificateKeyPasswordFile = null; // JSSE private String certificateKeyAlias; private String certificateKeystorePassword = DEFAULT_KEYSTORE_PASSWORD; +private String certificateKeystorePasswordFile = null; private String certificateKeystoreFile = DEFAULT_KEYSTORE_FILE; private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER; private String certificateKeystoreType = DEFAULT_KEYSTORE_TYPE; @@ -131,6 +133,16 @@ public class SSLHostConfigCertificate implements Serializable { } +public String getCertificateKeyPasswordFile() { +return certificateKeyPasswordFile; +} + + +public void setCertificateKeyPasswordFile(String certificateKeyPasswordFile) { +this.certificateKeyPasswordFile = certificateKeyPasswordFile; +} + + // JSSE public void setCertificateKeyAlias(String certificateKeyAlias) { @@ -171,6 +183,19 @@ public class SSLHostConfigCertificate implements Serializable { } +public void setCertificateKeystorePasswordFile(String certificateKeystorePasswordFile) { +sslHostConfig.setProperty( +"Certificate.certificateKeystorePasswordFile", SSLHostConfig.Type.JSSE); +setStoreType("Certificate.certificateKeystorePasswordFile", StoreType.KEYSTORE); +this.certificateKeystorePasswordFile = certificateKeystorePasswordFile; +} + + +public String getCertificateKeystorePasswordFile() { +return certificateKeystorePasswordFile; +} + + public void
[tomcat] branch main updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new b1d20cc6b0 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile b1d20cc6b0 is described below commit b1d20cc6b04d64f35b3b5e47d68e02c93437867b Author: Michael Osipov AuthorDate: Wed Sep 27 11:23:19 2023 +0200 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile --- java/org/apache/tomcat/util/net/SSLHostConfig.java | 4 +- .../tomcat/util/net/SSLHostConfigCertificate.java | 27 - java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++ java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 -- .../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++- test/org/apache/tomcat/util/net/TestSsl.java | 22 +- test/org/apache/tomcat/util/net/TesterSupport.java | 12 +- .../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++--- test/org/apache/tomcat/util/net/jsse/key-password | 1 + test/org/apache/tomcat/util/net/key-password | 1 + test/org/apache/tomcat/util/net/keystore-password | 1 + webapps/docs/changelog.xml | 4 ++ webapps/docs/config/http.xml | 20 - 13 files changed, 203 insertions(+), 23 deletions(-) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java index 003c9b8b27..a447c7fec0 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java @@ -659,7 +659,7 @@ public class SSLHostConfig implements Serializable { if (truststoreFile != null){ try { result = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), -getTruststoreFile(), getTruststorePassword()); +getTruststoreFile(), getTruststorePassword(), null); } catch (IOException ioe) { Throwable cause = ioe.getCause(); if (cause instanceof UnrecoverableKeyException) { @@ -668,7 +668,7 @@ public class SSLHostConfig implements Serializable { cause); // Re-try result = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), -getTruststoreFile(), null); +getTruststoreFile(), null, null); } else { // Something else went wrong - re-throw throw ioe; diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java index ff635bf588..0c0ebb7274 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java @@ -59,10 +59,12 @@ public class SSLHostConfigCertificate implements Serializable { private final SSLHostConfig sslHostConfig; private final Type type; private String certificateKeyPassword = null; +private String certificateKeyPasswordFile = null; // JSSE private String certificateKeyAlias; private String certificateKeystorePassword = DEFAULT_KEYSTORE_PASSWORD; +private String certificateKeystorePasswordFile = null; private String certificateKeystoreFile = DEFAULT_KEYSTORE_FILE; private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER; private String certificateKeystoreType = DEFAULT_KEYSTORE_TYPE; @@ -131,6 +133,16 @@ public class SSLHostConfigCertificate implements Serializable { } +public String getCertificateKeyPasswordFile() { +return certificateKeyPasswordFile; +} + + +public void setCertificateKeyPasswordFile(String certificateKeyPasswordFile) { +this.certificateKeyPasswordFile = certificateKeyPasswordFile; +} + + // JSSE public void setCertificateKeyAlias(String certificateKeyAlias) { @@ -171,6 +183,19 @@ public class SSLHostConfigCertificate implements Serializable { } +public void setCertificateKeystorePasswordFile(String certificateKeystorePasswordFile) { +sslHostConfig.setProperty( +"Certificate.certificateKeystorePasswordFile", SSLHostConfig.Type.JSSE); +setStoreType("Certificate.certificateKeystorePasswordFile", StoreType.KEYSTORE); +this.certificateKeystorePasswordFile = certificateKeystorePasswordFile; +} + + +public String getCertificateKeystorePasswordFile() { +return certificateKeystorePasswordFile; +} + + public void
[tomcat] branch main updated: Improve error propagation for various init errors
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 1cefadc447 Improve error propagation for various init errors 1cefadc447 is described below commit 1cefadc447657ead50b09b88ec8f566622a00f5e Author: remm AuthorDate: Mon Oct 23 11:10:31 2023 +0200 Improve error propagation for various init errors --- .../util/net/openssl/panama/OpenSSLContext.java| 146 +++-- 1 file changed, 74 insertions(+), 72 deletions(-) diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java index 9e224bafba..5932fb7a15 100644 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java +++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java @@ -31,7 +31,6 @@ import java.lang.invoke.MethodType; import java.lang.ref.Cleaner; import java.lang.ref.Cleaner.Cleanable; import java.nio.charset.StandardCharsets; -import java.security.PrivateKey; import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; @@ -530,6 +529,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { log.warn(sm.getString("openssl.doubleInit")); return; } +boolean success = true; try (var localArena = Arena.ofConfined()) { if (sslHostConfig.getInsecureRenegotiation()) { SSL_CTX_set_options(state.sslCtx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION()); @@ -577,7 +577,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { certificate.setCertificateKeyManager(OpenSSLUtil.chooseKeyManager(kms)); } -addCertificate(certificate, localArena); +success = addCertificate(certificate, localArena); // SSLContext.setVerify(state.ctx, value, sslHostConfig.getCertificateVerificationDepth()); // Client certificate verification @@ -688,10 +688,9 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { try { if (!checkConf(openSslConf)) { log.error(sm.getString("openssl.errCheckConf")); -throw new Exception(sm.getString("openssl.errCheckConf")); } } catch (Exception e) { -throw new Exception(sm.getString("openssl.errCheckConf"), e); +log.error(sm.getString("openssl.errCheckConf"), e); } if (log.isDebugEnabled()) { log.debug(sm.getString("openssl.applyConf")); @@ -699,10 +698,9 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { try { if (!applyConf(openSslConf)) { log.error(sm.getString("openssl.errApplyConf")); -throw new SSLException(sm.getString("openssl.errApplyConf")); } } catch (Exception e) { -throw new SSLException(sm.getString("openssl.errApplyConf"), e); +log.error(sm.getString("openssl.errApplyConf"), e); } // Reconfigure the enabled protocols long opts = SSL_CTX_get_options(state.sslCtx); @@ -743,6 +741,9 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { initialized = true; } catch (Exception e) { log.warn(sm.getString("openssl.errorSSLCtxInit"), e); +success = false; +} +if (!success) { destroy(); } } @@ -972,7 +973,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { } -private void addCertificate(SSLHostConfigCertificate certificate, Arena localArena) throws Exception { +private boolean addCertificate(SSLHostConfigCertificate certificate, Arena localArena) throws Exception { int index = getCertificateIndex(certificate); // Load Server key and certificate if (certificate.getCertificateFile() != null) { @@ -986,14 +987,14 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { certificateFileBytes = resource.getInputStream().readAllBytes(); } catch (IOException e) { log.error(sm.getString("openssl.errorLoadingCertificate", certificate.getCertificateFile()), e); -return; +return false; }
[tomcat] branch main updated: Remove deprecation to align with latest JSP 4.0 API
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new a171d4529f Remove deprecation to align with latest JSP 4.0 API a171d4529f is described below commit a171d4529f848797cf33d8b2ba5ea9ba440b1502 Author: Mark Thomas AuthorDate: Mon Oct 23 09:35:30 2023 +0100 Remove deprecation to align with latest JSP 4.0 API --- java/jakarta/servlet/jsp/ErrorData.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/java/jakarta/servlet/jsp/ErrorData.java b/java/jakarta/servlet/jsp/ErrorData.java index a1d445b059..5424f65d6d 100644 --- a/java/jakarta/servlet/jsp/ErrorData.java +++ b/java/jakarta/servlet/jsp/ErrorData.java @@ -40,10 +40,7 @@ public final class ErrorData { * @param statusCode The status code of the error * @param uri The request URI * @param servletName The name of the servlet invoked - * - * @deprecated Use {#link {@link ErrorData#ErrorData(Throwable, int, String, String, String)} */ -@Deprecated(since = "4.0", forRemoval = true) public ErrorData(Throwable throwable, int statusCode, String uri, String servletName) { this(throwable, statusCode, uri, servletName, null); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org