[Bug 68037] Async Servlet implementation doesn't allow setting a response status
https://bz.apache.org/bugzilla/show_bug.cgi?id=68037 adwsingh changed: What|Removed |Added CC||adwsi...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 68037] Async Servlet implementation doesn't allow setting a response status
https://bz.apache.org/bugzilla/show_bug.cgi?id=68037 --- Comment #1 from adwsingh --- I traced the problem to this line in AbstractProcessor : https://github.com/apache/tomcat/blob/9.0.x/java/org/apache/coyote/AbstractProcessor.java#L121 This will not dispatch if the container thread is the one which is processing the error. But in this case it will always be the container thread which gets the SocketEvent.ERROR. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 68037] New: Async Servlet implementation doesn't allow setting a response status
https://bz.apache.org/bugzilla/show_bug.cgi?id=68037
Bug ID: 68037
Summary: Async Servlet implementation doesn't allow setting a
response status
Product: Tomcat 9
Version: 9.0.82
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: blocker
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: adwsi...@gmail.com
Target Milestone: -
Please find the below reproducible test case to demonstrate the issue.
It is expected both testTimeoutGets408Async and testTimeoutGets408Sync to pass,
but testTimeoutGets408Async fails.
Test Case:
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Wrapper;
import org.apache.catalina.connector.ClientAbortException;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.core.StandardHost;
import org.apache.catalina.startup.Tomcat;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import javax.servlet.ReadListener;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
public class ReproducibleTest {
static Tomcat tomcat;
@BeforeAll
static void setup() throws LifecycleException {
tomcat = new Tomcat();
ExecutorService executorService = Executors.newFixedThreadPool(5);
Context ctx = tomcat.addContext("", new File(".").getAbsolutePath());
Wrapper asyncWrapper = Tomcat.addServlet(ctx, "TestAsync", new
TestAsyncServlet());
Wrapper syncWrapper = Tomcat.addServlet(ctx, "TestSync", new
SyncServlet());
asyncWrapper.setAsyncSupported(true);
StandardHost host = (StandardHost) tomcat.getHost();
host.setErrorReportValveClass(null);
Connector connector = new Connector();
connector.setProperty("address", "http://localhost";);
connector.setPort(8000);
connector.setProperty("connectionTimeout", String.valueOf(100));
connector.getProtocolHandler().setExecutor(executorService);
tomcat.getService().addConnector(connector);
ctx.addServletMappingDecoded("/async/*", "TestAsync");
ctx.addServletMappingDecoded("/sync/*", "TestSync");
tomcat.start();
}
@AfterAll
static void destroy() throws LifecycleException {
tomcat.stop();
tomcat.destroy();
}
@Test
void testTimeoutGets408Async() throws LifecycleException, IOException {
try (Socket s = new Socket("localhost", 8000)) {
String request = "GET /async HTTP/1.1\r\nHost:
localhost\r\ncontent-length: 101\r\n\r\n";
sendBadRequest(s, request, 408);
}
}
@Test
void testTimeoutGets408Sync() throws LifecycleException, IOException {
try (Socket s = new Socket("localhost", 8000)) {
String request = "GET /sync HTTP/1.1\r\nHost:
localhost\r\ncontent-length: 100\r\n\r\n";
sendBadRequest(s, request, 408);
}
}
private static void sendBadRequest(Socket socket, String request, int
expectedStatusCode) throws IOException {
OutputStream os = socket.getOutputStream();
os.write(request.getBytes(UTF_8));
InputStream is = socket.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(is,
UTF_8));
String opening = reader.readLine();
assertNotNull(opening, "Didn't get back a response");
StringBuilder sb = new StringBuilder(opening);
try {
assertTrue(opening.startsWith("HTTP/1.1 " + expectedStatusCode),
"expected status code " + expectedStatusCode + " but got " + opening);
boolean connectionClose = false;
while (reader.ready()) {
String line = reader.readLine();
if (line == null) {
break;
}
sb.append("\n").append(line);
if ("connection: close".equalsIgnoreCase(line)) {
connectionClose = true;
}
assertFalse(line.contains("Exception Report"));
assertFalse(line.contains("Sta
[Bug 68035] New: Deploying a directory from Host appBase fails
https://bz.apache.org/bugzilla/show_bug.cgi?id=68035 Bug ID: 68035 Summary: Deploying a directory from Host appBase fails Product: Tomcat 10 Version: 10.1.15 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Manager Assignee: dev@tomcat.apache.org Reporter: brandg...@gmail.com Target Milestone: -- I have a webapp directory "my-webapp" in apache-tomcat/webapps. A .war file does NOT exist. Executing the GET request http://localhost:8080/manager/text/deploy?war=/my-webapp fails with the message "FAIL - Failed to deploy application at context path [/my-webapp]" Stack Trace: 31-Oct-2023 11:31:09.887 SEVERE [http-nio-8080-exec-7] org.apache.catalina.startup.ExpandWar.copy Error copying [my-webapp] to [apache-tomcat\webapps\my-webapp] java.io.FileNotFoundException: my-webapp (The system cannot find the file specified) at java.base/java.io.FileInputStream.open0(Native Method) at java.base/java.io.FileInputStream.open(FileInputStream.java:216) at java.base/java.io.FileInputStream.(FileInputStream.java:157) at org.apache.catalina.startup.ExpandWar.copy(ExpandWar.java:270) at org.apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:954) at org.apache.catalina.manager.ManagerServlet.doGet(ManagerServlet.java:334) at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564) at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) at org.apache.catalina.filters.CorsFilter.handleNonCORS(CorsFilter.java:331) at org.apache.catalina.filters.CorsFilter.doFilter(CorsFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:597) at org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:355) at org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:54) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:833) Documentation I am reading is here. https://tomcat.apache.org/tomcat-10.1-doc/manager-howto.html#Deploy_a_Directory_or_War_from_the_Host_appBase -- You are receiving
(tomcat) branch 9.0.x updated: Port add macros
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 313062eca9 Port add macros
313062eca9 is described below
commit 313062eca91e7049a132ae0fa4ce92d599fdc242
Author: remm
AuthorDate: Tue Oct 31 12:25:06 2023 +0100
Port add macros
---
.../util/net/openssl/panama/OpenSSLContext.java| 14
.../tomcat/util/openssl/openssl_h_Macros.java | 42 ++
2 files changed, 48 insertions(+), 8 deletions(-)
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 90b2a97047..2168196575 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -1180,8 +1180,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (!MemorySegment.NULL.equals(ecparams)) {
int curveNid = EC_GROUP_get_curve_name(ecparams);
var curveNidAddress =
localArena.allocateFrom(ValueLayout.JAVA_INT, curveNid);
-// SSL_CTX_set1_curves(state.sslCtx, &curveNid, 1)
-if (SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_GROUPS(),
1, curveNidAddress) <= 0) {
+if (SSL_CTX_set1_groups(state.sslCtx, curveNidAddress,
1) <= 0) {
curveNid = 0;
}
if (log.isDebugEnabled()) {
@@ -1190,6 +1189,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
EC_GROUP_free(ecparams);
}
}
+// FIXME: Ideally these should be loaded in Java but still
processed through OpenSSL
// Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
var certificateChainFileNative =
@@ -1211,9 +1211,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_file());
var certificateRevocationListFileNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
-//X509_LOOKUP_ctrl(lookup,X509_L_FILE_LOAD,file,type,NULL)
-if (X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(),
certificateRevocationListFileNative,
-X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+if (X509_LOOKUP_load_file(x509Lookup,
certificateRevocationListFileNative,
+X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListFile()));
}
}
@@ -1221,9 +1220,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_hash_dir());
var certificateRevocationListPathNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
-//X509_LOOKUP_ctrl(lookup,X509_L_ADD_DIR,path,type,NULL)
-if (X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(),
certificateRevocationListPathNative,
-X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+if (X509_LOOKUP_add_dir(x509Lookup,
certificateRevocationListPathNative,
+X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListPath()));
}
}
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
index 139addb2ba..de8cf7e079 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -189,6 +189,48 @@ public class openssl_h_Macros {
return BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemorySegment.NULL);
}
+
+/**
+ * Set NIDs of groups in preference orde
(tomcat) branch 10.1.x updated: Port add macros
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new e88c96453f Port add macros
e88c96453f is described below
commit e88c96453f45d075d3dc4533f1392277759dadc0
Author: remm
AuthorDate: Tue Oct 31 12:25:06 2023 +0100
Port add macros
---
.../util/net/openssl/panama/OpenSSLContext.java| 14
.../tomcat/util/openssl/openssl_h_Macros.java | 42 ++
2 files changed, 48 insertions(+), 8 deletions(-)
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 90b2a97047..2168196575 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -1180,8 +1180,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (!MemorySegment.NULL.equals(ecparams)) {
int curveNid = EC_GROUP_get_curve_name(ecparams);
var curveNidAddress =
localArena.allocateFrom(ValueLayout.JAVA_INT, curveNid);
-// SSL_CTX_set1_curves(state.sslCtx, &curveNid, 1)
-if (SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_GROUPS(),
1, curveNidAddress) <= 0) {
+if (SSL_CTX_set1_groups(state.sslCtx, curveNidAddress,
1) <= 0) {
curveNid = 0;
}
if (log.isDebugEnabled()) {
@@ -1190,6 +1189,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
EC_GROUP_free(ecparams);
}
}
+// FIXME: Ideally these should be loaded in Java but still
processed through OpenSSL
// Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
var certificateChainFileNative =
@@ -1211,9 +1211,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_file());
var certificateRevocationListFileNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
-//X509_LOOKUP_ctrl(lookup,X509_L_FILE_LOAD,file,type,NULL)
-if (X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(),
certificateRevocationListFileNative,
-X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+if (X509_LOOKUP_load_file(x509Lookup,
certificateRevocationListFileNative,
+X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListFile()));
}
}
@@ -1221,9 +1220,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_hash_dir());
var certificateRevocationListPathNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
-//X509_LOOKUP_ctrl(lookup,X509_L_ADD_DIR,path,type,NULL)
-if (X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(),
certificateRevocationListPathNative,
-X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+if (X509_LOOKUP_add_dir(x509Lookup,
certificateRevocationListPathNative,
+X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListPath()));
}
}
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
index 139addb2ba..de8cf7e079 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -189,6 +189,48 @@ public class openssl_h_Macros {
return BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemorySegment.NULL);
}
+
+/**
+ * Set NIDs of groups in preference or
(tomcat) branch main updated: Port add macros
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 467a112020 Port add macros
467a112020 is described below
commit 467a1120206fde60128d30d1fef2e5bc543ada1a
Author: remm
AuthorDate: Tue Oct 31 12:25:06 2023 +0100
Port add macros
---
.../util/net/openssl/panama/OpenSSLContext.java| 14
.../tomcat/util/openssl/openssl_h_Macros.java | 42 ++
2 files changed, 48 insertions(+), 8 deletions(-)
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index dff89bb23b..d15b56ab0c 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -1179,8 +1179,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (!MemorySegment.NULL.equals(ecparams)) {
int curveNid = EC_GROUP_get_curve_name(ecparams);
var curveNidAddress =
localArena.allocateFrom(ValueLayout.JAVA_INT, curveNid);
-// SSL_CTX_set1_curves(state.sslCtx, &curveNid, 1)
-if (SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_GROUPS(),
1, curveNidAddress) <= 0) {
+if (SSL_CTX_set1_groups(state.sslCtx, curveNidAddress,
1) <= 0) {
curveNid = 0;
}
if (log.isDebugEnabled()) {
@@ -1189,6 +1188,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
EC_GROUP_free(ecparams);
}
}
+// FIXME: Ideally these should be loaded in Java but still
processed through OpenSSL
// Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
var certificateChainFileNative =
@@ -1210,9 +1210,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_file());
var certificateRevocationListFileNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
-//X509_LOOKUP_ctrl(lookup,X509_L_FILE_LOAD,file,type,NULL)
-if (X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(),
certificateRevocationListFileNative,
-X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+if (X509_LOOKUP_load_file(x509Lookup,
certificateRevocationListFileNative,
+X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListFile()));
}
}
@@ -1220,9 +1219,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_hash_dir());
var certificateRevocationListPathNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
-//X509_LOOKUP_ctrl(lookup,X509_L_ADD_DIR,path,type,NULL)
-if (X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(),
certificateRevocationListPathNative,
-X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+if (X509_LOOKUP_add_dir(x509Lookup,
certificateRevocationListPathNative,
+X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListPath()));
}
}
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
index 139addb2ba..de8cf7e079 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -189,6 +189,48 @@ public class openssl_h_Macros {
return BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemorySegment.NULL);
}
+
+/**
+ * Set NIDs of groups in preference order.
(tomcat) branch main updated: Add additional macros
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 392ab9ac2b Add additional macros
392ab9ac2b is described below
commit 392ab9ac2ba7d06fc84eb973bf18cc6eae77890d
Author: remm
AuthorDate: Tue Oct 31 12:19:10 2023 +0100
Add additional macros
---
.../util/net/openssl/panama/OpenSSLContext.java| 15
.../tomcat/util/openssl/openssl_h_Macros.java | 42 ++
2 files changed, 48 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 1742fb739c..f5855b4f2d 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -1182,8 +1182,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (!MemorySegment.NULL.equals(ecparams)) {
int curveNid = EC_GROUP_get_curve_name(ecparams);
var curveNidAddress =
localArena.allocateFrom(ValueLayout.JAVA_INT, curveNid);
-// SSL_CTX_set1_curves(state.sslCtx, &curveNid, 1)
-if (SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_GROUPS(),
1, curveNidAddress) <= 0) {
+if (SSL_CTX_set1_groups(state.sslCtx, curveNidAddress,
1) <= 0) {
curveNid = 0;
}
if (log.isDebugEnabled()) {
@@ -1192,9 +1191,9 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
EC_GROUP_free(ecparams);
}
}
+// FIXME: Ideally these should be loaded in Java but still
processed through OpenSSL
// Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
-// FIXME: Ideally this should be loaded in Java but still
processed through OpenSSL
var certificateChainFileNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()));
// SSLContext.setCertificateChainFile(state.ctx,
@@ -1214,9 +1213,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_file());
var certificateRevocationListFileNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
-//X509_LOOKUP_ctrl(lookup,X509_L_FILE_LOAD,file,type,NULL)
-if (X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(),
certificateRevocationListFileNative,
-X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+if (X509_LOOKUP_load_file(x509Lookup,
certificateRevocationListFileNative,
+X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListFile()));
}
}
@@ -1224,9 +1222,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_hash_dir());
var certificateRevocationListPathNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
-//X509_LOOKUP_ctrl(lookup,X509_L_ADD_DIR,path,type,NULL)
-if (X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(),
certificateRevocationListPathNative,
-X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+if (X509_LOOKUP_add_dir(x509Lookup,
certificateRevocationListPathNative,
+X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListPath()));
}
}
diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
b/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
index 139addb2ba..de8cf7e079 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -189,6 +189,48 @@ public class openssl_h_Macros {
return BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemorySegment.NULL);
}
+
+/**
+
[Bug 67926] PEMFile prints unidentifiable string representation of ASN.1 OIDs
https://bz.apache.org/bugzilla/show_bug.cgi?id=67926 Michael Osipov changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #6 from Michael Osipov --- Fixed in: - main for 11.0.0-M14 and onwards - 10.1.x for 10.1.16 and onwards - 9.0.x for 9.0.83 and onwards - 8.5.x for 8.5.96 and onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs [tomcat]
michael-o closed pull request #675: BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs URL: https://github.com/apache/tomcat/pull/675 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs [tomcat]
michael-o commented on PR #675: URL: https://github.com/apache/tomcat/pull/675#issuecomment-1787001486 Merged. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 8.5.x updated: BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 40a1d14fd4 BZ 67926: PEMFile prints unidentifiable string
representation of ASN.1 OIDs
40a1d14fd4 is described below
commit 40a1d14fd4717505f756f08d5b76abaf55b7778c
Author: Michael Osipov
AuthorDate: Mon Oct 30 11:43:36 2023 +0100
BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
---
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 20
webapps/docs/changelog.xml| 4
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index a136bef6a6..2499beda79 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -56,6 +56,8 @@ import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.codec.binary.Base64;
import org.apache.tomcat.util.file.ConfigFileLoader;
import org.apache.tomcat.util.res.StringManager;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.Oid;
/**
* RFC 1421 PEM file containing X509 certificates or private keys.
@@ -373,7 +375,7 @@ public class PEMFile {
*/
if (!Arrays.equals(oidEncryptionAlgorithm, OID_PBES2)) {
throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPkcs8Algorithm",
-HexUtils.toHexString(oidEncryptionAlgorithm)));
+toDottedOidString(oidEncryptionAlgorithm)));
}
// PBES2-params
@@ -386,7 +388,7 @@ public class PEMFile {
byte[] oidKDF = p.parseOIDAsBytes();
if (!Arrays.equals(oidKDF, OID_PBKDF2)) {
throw new NoSuchAlgorithmException(
-sm.getString("pemFile.notPbkdf2",
HexUtils.toHexString(oidKDF)));
+sm.getString("pemFile.notPbkdf2",
toDottedOidString(oidKDF)));
}
// PBES2 KDF-params
@@ -404,7 +406,7 @@ public class PEMFile {
byte[] oidPRF = p.parseOIDAsBytes();
String prf = OID_TO_PRF.get(HexUtils.toHexString(oidPRF));
if (prf == null) {
-throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm",
HexUtils.toHexString(oidPRF)));
+throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm",
toDottedOidString(oidPRF)));
}
p.parseNull();
@@ -415,7 +417,7 @@ public class PEMFile {
Algorithm algorithm =
OID_TO_ALGORITHM.get(HexUtils.toHexString(oidCipher));
if (algorithm == null) {
throw new NoSuchAlgorithmException(
-
sm.getString("pemFile.unknownEncryptionAlgorithm",
HexUtils.toHexString(oidCipher)));
+
sm.getString("pemFile.unknownEncryptionAlgorithm",
toDottedOidString(oidCipher)));
}
byte[] iv = p.parseOctetString();
@@ -622,6 +624,16 @@ public class PEMFile {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+return HexUtils.toHexString(oidBytes);
+}
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 72ea1e0402..2340769f7a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -120,6 +120,10 @@
Optionally allow ServiceBindingPropertySource to trim a trailing
newline
from a file containing a property-value. (schultz)
+
+67926: PEMFile prints unidentifiable string
representation
+ of ASN.1 OIDs. (michaelo)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 60b68d8f2a BZ 67926: PEMFile prints unidentifiable string
representation of ASN.1 OIDs
60b68d8f2a is described below
commit 60b68d8f2a84e10e275fa8d7b83d1a2da99e35c2
Author: Michael Osipov
AuthorDate: Mon Oct 30 11:43:36 2023 +0100
BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
---
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 20
webapps/docs/changelog.xml| 4
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index b3f60ce0db..5bef5b6f24 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -56,6 +56,8 @@ import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.codec.binary.Base64;
import org.apache.tomcat.util.file.ConfigFileLoader;
import org.apache.tomcat.util.res.StringManager;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.Oid;
/**
* RFC 1421 PEM file containing X509 certificates or private keys.
@@ -375,7 +377,7 @@ public class PEMFile {
*/
if (!Arrays.equals(oidEncryptionAlgorithm, OID_PBES2)) {
throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPkcs8Algorithm",
-HexUtils.toHexString(oidEncryptionAlgorithm)));
+toDottedOidString(oidEncryptionAlgorithm)));
}
// PBES2-params
@@ -388,7 +390,7 @@ public class PEMFile {
byte[] oidKDF = p.parseOIDAsBytes();
if (!Arrays.equals(oidKDF, OID_PBKDF2)) {
throw new NoSuchAlgorithmException(
-sm.getString("pemFile.notPbkdf2",
HexUtils.toHexString(oidKDF)));
+sm.getString("pemFile.notPbkdf2",
toDottedOidString(oidKDF)));
}
// PBES2 KDF-params
@@ -406,7 +408,7 @@ public class PEMFile {
byte[] oidPRF = p.parseOIDAsBytes();
String prf = OID_TO_PRF.get(HexUtils.toHexString(oidPRF));
if (prf == null) {
-throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm",
HexUtils.toHexString(oidPRF)));
+throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm",
toDottedOidString(oidPRF)));
}
p.parseNull();
@@ -417,7 +419,7 @@ public class PEMFile {
Algorithm algorithm =
OID_TO_ALGORITHM.get(HexUtils.toHexString(oidCipher));
if (algorithm == null) {
throw new NoSuchAlgorithmException(
-
sm.getString("pemFile.unknownEncryptionAlgorithm",
HexUtils.toHexString(oidCipher)));
+
sm.getString("pemFile.unknownEncryptionAlgorithm",
toDottedOidString(oidCipher)));
}
byte[] iv = p.parseOctetString();
@@ -624,6 +626,16 @@ public class PEMFile {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+return HexUtils.toHexString(oidBytes);
+}
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4301e1fa40..89f9ad68db 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -120,6 +120,10 @@
Optionally allow ServiceBindingPropertySource to trim a trailing
newline
from a file containing a property-value. (schultz)
+
+67926: PEMFile prints unidentifiable string
representation
+ of ASN.1 OIDs. (michaelo)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 96688ea1ff BZ 67926: PEMFile prints unidentifiable string
representation of ASN.1 OIDs
96688ea1ff is described below
commit 96688ea1ff1b622653dd9cc1c7cbe1a04ad5d81b
Author: Michael Osipov
AuthorDate: Mon Oct 30 11:43:36 2023 +0100
BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
---
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 20
webapps/docs/changelog.xml| 4
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index b3f60ce0db..5bef5b6f24 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -56,6 +56,8 @@ import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.codec.binary.Base64;
import org.apache.tomcat.util.file.ConfigFileLoader;
import org.apache.tomcat.util.res.StringManager;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.Oid;
/**
* RFC 1421 PEM file containing X509 certificates or private keys.
@@ -375,7 +377,7 @@ public class PEMFile {
*/
if (!Arrays.equals(oidEncryptionAlgorithm, OID_PBES2)) {
throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPkcs8Algorithm",
-HexUtils.toHexString(oidEncryptionAlgorithm)));
+toDottedOidString(oidEncryptionAlgorithm)));
}
// PBES2-params
@@ -388,7 +390,7 @@ public class PEMFile {
byte[] oidKDF = p.parseOIDAsBytes();
if (!Arrays.equals(oidKDF, OID_PBKDF2)) {
throw new NoSuchAlgorithmException(
-sm.getString("pemFile.notPbkdf2",
HexUtils.toHexString(oidKDF)));
+sm.getString("pemFile.notPbkdf2",
toDottedOidString(oidKDF)));
}
// PBES2 KDF-params
@@ -406,7 +408,7 @@ public class PEMFile {
byte[] oidPRF = p.parseOIDAsBytes();
String prf = OID_TO_PRF.get(HexUtils.toHexString(oidPRF));
if (prf == null) {
-throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm",
HexUtils.toHexString(oidPRF)));
+throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm",
toDottedOidString(oidPRF)));
}
p.parseNull();
@@ -417,7 +419,7 @@ public class PEMFile {
Algorithm algorithm =
OID_TO_ALGORITHM.get(HexUtils.toHexString(oidCipher));
if (algorithm == null) {
throw new NoSuchAlgorithmException(
-
sm.getString("pemFile.unknownEncryptionAlgorithm",
HexUtils.toHexString(oidCipher)));
+
sm.getString("pemFile.unknownEncryptionAlgorithm",
toDottedOidString(oidCipher)));
}
byte[] iv = p.parseOctetString();
@@ -624,6 +626,16 @@ public class PEMFile {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+return HexUtils.toHexString(oidBytes);
+}
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b576cb62b7..9f96c43e8e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -120,6 +120,10 @@
Optionally allow ServiceBindingPropertySource to trim a trailing
newline
from a file containing a property-value. (schultz)
+
+67926: PEMFile prints unidentifiable string
representation
+ of ASN.1 OIDs. (michaelo)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3151ed38a6 BZ 67926: PEMFile prints unidentifiable string
representation of ASN.1 OIDs
3151ed38a6 is described below
commit 3151ed38a65a77f0bb2ef9668bd19ceb5f31c48a
Author: Michael Osipov
AuthorDate: Mon Oct 30 11:43:36 2023 +0100
BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
---
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 20
webapps/docs/changelog.xml| 4
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index b3f60ce0db..5bef5b6f24 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -56,6 +56,8 @@ import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.codec.binary.Base64;
import org.apache.tomcat.util.file.ConfigFileLoader;
import org.apache.tomcat.util.res.StringManager;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.Oid;
/**
* RFC 1421 PEM file containing X509 certificates or private keys.
@@ -375,7 +377,7 @@ public class PEMFile {
*/
if (!Arrays.equals(oidEncryptionAlgorithm, OID_PBES2)) {
throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPkcs8Algorithm",
-HexUtils.toHexString(oidEncryptionAlgorithm)));
+toDottedOidString(oidEncryptionAlgorithm)));
}
// PBES2-params
@@ -388,7 +390,7 @@ public class PEMFile {
byte[] oidKDF = p.parseOIDAsBytes();
if (!Arrays.equals(oidKDF, OID_PBKDF2)) {
throw new NoSuchAlgorithmException(
-sm.getString("pemFile.notPbkdf2",
HexUtils.toHexString(oidKDF)));
+sm.getString("pemFile.notPbkdf2",
toDottedOidString(oidKDF)));
}
// PBES2 KDF-params
@@ -406,7 +408,7 @@ public class PEMFile {
byte[] oidPRF = p.parseOIDAsBytes();
String prf = OID_TO_PRF.get(HexUtils.toHexString(oidPRF));
if (prf == null) {
-throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm",
HexUtils.toHexString(oidPRF)));
+throw new
NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm",
toDottedOidString(oidPRF)));
}
p.parseNull();
@@ -417,7 +419,7 @@ public class PEMFile {
Algorithm algorithm =
OID_TO_ALGORITHM.get(HexUtils.toHexString(oidCipher));
if (algorithm == null) {
throw new NoSuchAlgorithmException(
-
sm.getString("pemFile.unknownEncryptionAlgorithm",
HexUtils.toHexString(oidCipher)));
+
sm.getString("pemFile.unknownEncryptionAlgorithm",
toDottedOidString(oidCipher)));
}
byte[] iv = p.parseOctetString();
@@ -624,6 +626,16 @@ public class PEMFile {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+return HexUtils.toHexString(oidBytes);
+}
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 575b08f3dc..edac7d0e60 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -125,6 +125,10 @@
support a broader range of environments, and to give better information
in the event of a failure. (schultz)
+
+67926: PEMFile prints unidentifiable string
representation
+ of ASN.1 OIDs. (michaelo)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs [tomcat]
rmaucher commented on code in PR #675: URL: https://github.com/apache/tomcat/pull/675#discussion_r1377379112 ## java/org/apache/tomcat/util/net/jsse/PEMFile.java: ## @@ -56,6 +56,8 @@ import org.apache.tomcat.util.codec.binary.Base64; import org.apache.tomcat.util.file.ConfigFileLoader; import org.apache.tomcat.util.res.StringManager; +import org.ietf.jgss.GSSException; Review Comment: I agree it is safe enough. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs [tomcat]
aooohan commented on code in PR #675:
URL: https://github.com/apache/tomcat/pull/675#discussion_r1377275894
##
java/org/apache/tomcat/util/net/jsse/PEMFile.java:
##
@@ -624,6 +626,16 @@ private byte[] fromHex(String hexString) {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+throw new IllegalArgumentException(e.getMajorString());
Review Comment:
Yes. ; )
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs [tomcat]
michael-o commented on code in PR #675:
URL: https://github.com/apache/tomcat/pull/675#discussion_r1377274168
##
java/org/apache/tomcat/util/net/jsse/PEMFile.java:
##
@@ -624,6 +626,16 @@ private byte[] fromHex(String hexString) {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+throw new IllegalArgumentException(e.getMajorString());
Review Comment:
I see, right. Then it is the user's problem to investigate the file.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs [tomcat]
aooohan commented on code in PR #675:
URL: https://github.com/apache/tomcat/pull/675#discussion_r1377262792
##
java/org/apache/tomcat/util/net/jsse/PEMFile.java:
##
@@ -624,6 +626,16 @@ private byte[] fromHex(String hexString) {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+throw new IllegalArgumentException(e.getMajorString());
Review Comment:
I still think it's better to just return it, because the place where the
method is called already makes it clear where there is a problem with the OID.
(encryption algorithm with OID or pseudo random function with OID etc.)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat-native) branch main updated: BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths
On 2023/10/30 15:47:20 Christopher Schultz wrote:
> Michael,
>
> On 10/30/23 08:40, Michael Osipov wrote:
> > On 2023/10/30 11:50:55 Mark Thomas wrote:
> >> 30 Oct 2023 10:25:07 micha...@apache.org:
> >>
> >>> This is an automated email from the ASF dual-hosted git repository.
> >>>
> >>> michaelo pushed a commit to branch main
> >>> in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
> >>>
> >>>
> >>> The following commit(s) were added to refs/heads/main by this push:
> >>> new ccc6bfe99 BZ 67818: SSL#setVerify()/SSLContext#setVerify()
> >>> silently set undocumented default verify paths
> >>> ccc6bfe99 is described below
> >>>
> >>> commit ccc6bfe99d1981aabde6a3175866f99d38207f03
> >>> Author: Michael Osipov
> >>> AuthorDate: Wed Oct 18 22:22:06 2023 +0200
> >>>
> >>> BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set
> >>> undocumented default verify paths
> >>> ---
> >>> native/src/ssl.c | 11 ++-
> >>> native/src/sslcontext.c | 12 +++-
> >>> xdocs/miscellaneous/changelog.xml | 4
> >>> 3 files changed, 9 insertions(+), 18 deletions(-)
> >>>
> >>> diff --git a/native/src/ssl.c b/native/src/ssl.c
> >>> index e0b0461a9..7f4ca7e78 100644
> >>> --- a/native/src/ssl.c
> >>> +++ b/native/src/ssl.c
> >>> @@ -1177,15 +1177,8 @@ TCN_IMPLEMENT_CALL(void, SSL,
> >>> setVerify)(TCN_STDARGS, jlong ssl,
> >>> if ((c->verify_mode == SSL_CVERIFY_OPTIONAL) ||
> >>> (c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
> >>> verify |= SSL_VERIFY_PEER;
> >>> - if (!c->store) {
> >>> - if (SSL_CTX_set_default_verify_paths(c->ctx)) {
> >>> - c->store = SSL_CTX_get_cert_store(c->ctx);
> >>> - X509_STORE_set_flags(c->store, 0);
> >>> - }
> >>> - else {
> >>> - /* XXX: See if this is fatal */
> >>> - }
> >>> - }
> >>> + if (!c->store)
> >>> + c->store = SSL_CTX_get_cert_store(c->ctx);
> >>>
> >>> SSL_set_verify(ssl_, verify, SSL_callback_SSL_verify);
> >>> }
> >>> diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
> >>> index 34669ff70..f5b2b9831 100644
> >>> --- a/native/src/sslcontext.c
> >>> +++ b/native/src/sslcontext.c
> >>> @@ -35,6 +35,7 @@ static apr_status_t ssl_context_cleanup(void *data)
> >>> if (c) {
> >>> int i;
> >>> c->crl = NULL;
> >>> + c->store = NULL;
> >>> if (c->ctx)
> >>> SSL_CTX_free(c->ctx);
> >>> c->ctx = NULL;
> >>> @@ -861,15 +862,8 @@ TCN_IMPLEMENT_CALL(void, SSLContext,
> >>> setVerify)(TCN_STDARGS, jlong ctx,
> >>> if ((c->verify_mode == SSL_CVERIFY_OPTIONAL) ||
> >>> (c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
> >>> verify |= SSL_VERIFY_PEER;
> >>> - if (!c->store) {
> >>> - if (SSL_CTX_set_default_verify_paths(c->ctx)) {
> >>> - c->store = SSL_CTX_get_cert_store(c->ctx);
> >>> - X509_STORE_set_flags(c->store, 0);
> >>> - }
> >>> - else {
> >>> - /* XXX: See if this is fatal */
> >>> - }
> >>> - }
> >>> + if (!c->store)
> >>> + c->store = SSL_CTX_get_cert_store(c->ctx);
> >>>
> >>> SSL_CTX_set_verify(c->ctx, verify, SSL_callback_SSL_verify);
> >>> }
> >>> diff --git a/xdocs/miscellaneous/changelog.xml
> >>> b/xdocs/miscellaneous/changelog.xml
> >>> index ffd0e10f5..0aedd8212 100644
> >>> --- a/xdocs/miscellaneous/changelog.xml
> >>> +++ b/xdocs/miscellaneous/changelog.xml
> >>> @@ -59,6 +59,10 @@
> >>>
> >>> Remove an unreachable if condition around CRLs in sslcontext.c.
> >>> (michaelo)
> >>>
> >>> +
> >>> + 67818:
> >>> SSL.setVerify()/SSLContext.setVerify()
> >>> + silently set undocumented default verify paths. (michaelo)
> >>> +
> >>
> >> I think this needs a better change log entry. It isn't clear if the paths
> >> were set and now are not set or vice versa.
> >
> > I see. Can you propose something which is worded better? I wasn't able to
> > come up with anything better. At most:
> > SSL#setVerify()/SSLContext#setVerify() unconditionally silently set
> > undocumented default verify paths
>
> I think if you try to figure out how to get the words "now" and/or
> "when" into the change-entry, it'll be more clear what's happening.
What about?
When SSL.setVerify()/SSLContext.setVerify() are
invoked they silently set undocumented default verify paths. Now, one needs to
properly configure those paths according to documentation.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs [tomcat]
michael-o commented on code in PR #675:
URL: https://github.com/apache/tomcat/pull/675#discussion_r1377209435
##
java/org/apache/tomcat/util/net/jsse/PEMFile.java:
##
@@ -624,6 +626,16 @@ private byte[] fromHex(String hexString) {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+throw new IllegalArgumentException(e.getMajorString());
Review Comment:
I am fine with either. What about:
```
throw new IllegalArgumentException(e.getMajorString() + ": " +
HexUtils.toHexString(oidBytes));
```
Combining both. WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs [tomcat]
michael-o commented on code in PR #675:
URL: https://github.com/apache/tomcat/pull/675#discussion_r1377209435
##
java/org/apache/tomcat/util/net/jsse/PEMFile.java:
##
@@ -624,6 +626,16 @@ private byte[] fromHex(String hexString) {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+throw new IllegalArgumentException(e.getMajorString());
Review Comment:
I am fine with either. What about:
``
throw new IllegalArgumentException(e.getMajorString() + ": " +
HexUtils.toHexString(oidBytes));
```
Combining both. WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs [tomcat]
aooohan commented on code in PR #675:
URL: https://github.com/apache/tomcat/pull/675#discussion_r1376990387
##
java/org/apache/tomcat/util/net/jsse/PEMFile.java:
##
@@ -624,6 +626,16 @@ private byte[] fromHex(String hexString) {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+throw new IllegalArgumentException(e.getMajorString());
Review Comment:
I think this only needs to return a hex string of `oidBytes` if it does not
follow format as the message in GSSException only show a tip 'Improperly
formatted ASN.1 DER encoding for Oid' which will not help.
```suggestion
return HexUtils.toHexString(oidBytes)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs [tomcat]
aooohan commented on code in PR #675:
URL: https://github.com/apache/tomcat/pull/675#discussion_r1376990387
##
java/org/apache/tomcat/util/net/jsse/PEMFile.java:
##
@@ -624,6 +626,16 @@ private byte[] fromHex(String hexString) {
}
return bytes;
}
+
+
+private String toDottedOidString(byte[] oidBytes) {
+try {
+Oid oid = new Oid(oidBytes);
+return oid.toString();
+} catch (GSSException e) {
+throw new IllegalArgumentException(e.getMajorString());
Review Comment:
I think this only needd to return a hex string of `oidBytes` if it does not
follow format as the message in GSSException only show a tip 'Improperly
formatted ASN.1 DER encoding for Oid' which will not help.
```suggestion
return HexUtils.toHexString(oidBytes)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
