[Bug 68037] Async Servlet implementation doesn't allow setting a response status
https://bz.apache.org/bugzilla/show_bug.cgi?id=68037 --- Comment #3 from adwsingh --- @markt do you know why we check here [1] if its an asyncError and only then choose to process the SocketEvent? [1] https://github.com/apache/tomcat/blob/9.0.x/java/org/apache/coyote/AbstractProcessor.java#L121 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 68037] Async Servlet implementation doesn't allow setting a response status
https://bz.apache.org/bugzilla/show_bug.cgi?id=68037 --- Comment #2 from adwsingh --- @markt do you know why we check here [1] if its an asyncError and only then choose to process the SocketEvent? [1] https://github.com/apache/tomcat/blob/9.0.x/java/org/apache/coyote/AbstractProcessor.java#L121 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix explicit chunked encoding specification [tomcat]
w1ida commented on PR #676: URL: https://github.com/apache/tomcat/pull/676#issuecomment-1789983590 > The description for the PR confuses request and response. It appears from the code that this PR relates to the response. > > This PR will not be applied. Whether or not to chunk the response is a container decision, not an application decision. Thank you for pointing out the confusion caused by my previous message. I want to clarify that both the PR description and the code modification specifically address the issue with the response header, not the request. To demonstrate this, I have created a [demo](https://github.com/w1ida/tomcat-chunked-bug-demo) that reproduces the problem and showcases the accurate solution for explicit chunked encoding specification in the response. Would you kindly consider reopening the PR based on the accurate commit message and the accompanying demo? **please see https://github.com/w1ida/tomcat-chunked-bug-demo** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 68035] Deploying a directory from Host appBase fails
https://bz.apache.org/bugzilla/show_bug.cgi?id=68035 brandg...@gmail.com changed: What|Removed |Added OS||All --- Comment #1 from brandg...@gmail.com --- Another note. I have autoDeploy="false" in server.xml. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-11.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/722 Blamelist: Mark Thomas Build Text: build successful Status Detected: restored build Build Source Stamp: [branch main] 4ed0ea74c7f84984b617e9132b102978b65392ef Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 shell_6: 0 compile: 1 shell_7: 0 shell_8: 0 shell_9: 0 shell_10: 0 Rsync docs to nightlies.apache.org: 0 shell_11: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_12: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-11.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/721 Blamelist: Mark Thomas Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch main] ef52cc47d886c2cb13792ec9d98448b83c3bf47e Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 shell_6: 0 compile: 1 shell_7: 0 shell_8: 0 shell_9: 0 shell_10: 0 Rsync docs to nightlies.apache.org: 0 shell_11: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_12: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 8.5.x updated: Remove a couple of additional out-dated translations
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new a97a3d6089 Remove a couple of additional out-dated translations
a97a3d6089 is described below
commit a97a3d6089c91fda23015ee57a1604060f5c6fb7
Author: Mark Thomas
AuthorDate: Wed Nov 1 20:24:00 2023 +
Remove a couple of additional out-dated translations
---
java/org/apache/tomcat/util/net/LocalStrings_fr.properties| 1 -
java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties | 1 -
2 files changed, 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
b/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
index 7f5528a956..9b57a9e19d 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
@@ -178,7 +178,6 @@ sslUtilBase.noCrlSupport=Le truststoreProvider [{0}] ne
supporte pas d''option d
sslUtilBase.noKeys=Aucun alias pour les clés privées n'a été trouvé dans la
base de clés
sslUtilBase.noVerificationDepth=Le truststoreProvider [{0}] ne supporte pas
l''option de configuration certificateVerificationDepth
sslUtilBase.noneSupported=Aucun des [{0}] spécifiés n''est supporté par le
moteur SSL : [{1}]
-sslUtilBase.skipped=Quelques [{0}] spécifiés ne sont pas supportés par le
moteur SSL et ont été ignorés : [{1}]
sslUtilBase.ssl3=SSLv3 a été explicitement activé. Ce protocole est connu
comme non-sécurisé.
sslUtilBase.tls13.auth=L’implémentation JSSE de TLS 1.3 ne supporte pas
l'authentification après la négociation initiale, elle est donc incompatible
avec l’authentification optionnelle du client
sslUtilBase.trustedCertNotChecked=Les dates de validité du certificat de
confiance dont l''alias est [{0}] n''ont pas été vérifiées car sont type est
inconnu
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
b/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
index f9e01cc75d..49aa69d81a 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
@@ -175,7 +175,6 @@ sslUtilBase.noCrlSupport=truststoreProvider
[{0}]不支持certificateRevocationF
sslUtilBase.noKeys=在密钥存储中找不到私钥的别名
sslUtilBase.noVerificationDepth=truststoreProvider[{0}]不支持CertificationDepth配置选项
sslUtilBase.noneSupported=SSL引擎不支持指定的[{0}]:[{1}]
-sslUtilBase.skipped=某些指定的[{0}]不受SSL引擎支持,已被跳过:[{1}]
sslUtilBase.ssl3=SSLv3 已显式启用。 已知该协议是不安全。
sslUtilBase.tls13.auth=JSSE TLS 1.3实现不支持初始握手后的身份验证,因此与可选的客户端身份验证不兼容
sslUtilBase.trustedCertNotChecked=未检查别名为[{0}]的受信任证书的有效日期,因为该证书属于未知类型
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Remove a couple of additional out-dated translations
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 6d7842d59c Remove a couple of additional out-dated translations
6d7842d59c is described below
commit 6d7842d59c3c7c7236dc58f8a0f3e09b67ce5eb6
Author: Mark Thomas
AuthorDate: Wed Nov 1 20:24:00 2023 +
Remove a couple of additional out-dated translations
---
java/org/apache/tomcat/util/net/LocalStrings_fr.properties| 1 -
java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties | 1 -
2 files changed, 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
b/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
index 40665ea38d..a463648996 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
@@ -184,7 +184,6 @@ sslUtilBase.noCrlSupport=Le truststoreProvider [{0}] ne
supporte pas d''option d
sslUtilBase.noKeys=Aucun alias pour les clés privées n'a été trouvé dans la
base de clés
sslUtilBase.noVerificationDepth=Le truststoreProvider [{0}] ne supporte pas
l''option de configuration certificateVerificationDepth
sslUtilBase.noneSupported=Aucun des [{0}] spécifiés n''est supporté par le
moteur SSL : [{1}]
-sslUtilBase.skipped=Quelques [{0}] spécifiés ne sont pas supportés par le
moteur SSL et ont été ignorés : [{1}]
sslUtilBase.ssl3=SSLv3 a été explicitement activé. Ce protocole est connu
comme non-sécurisé.
sslUtilBase.tls13.auth=L’implémentation JSSE de TLS 1.3 ne supporte pas
l'authentification après la négociation initiale, elle est donc incompatible
avec l’authentification optionnelle du client
sslUtilBase.trustedCertNotChecked=Les dates de validité du certificat de
confiance dont l''alias est [{0}] n''ont pas été vérifiées car sont type est
inconnu
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
b/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
index f0f963d1ba..4f1fcbe12d 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
@@ -181,7 +181,6 @@ sslUtilBase.noCrlSupport=truststoreProvider
[{0}]不支持certificateRevocationF
sslUtilBase.noKeys=在密钥存储中找不到私钥的别名
sslUtilBase.noVerificationDepth=truststoreProvider[{0}]不支持CertificationDepth配置选项
sslUtilBase.noneSupported=SSL引擎不支持指定的[{0}]:[{1}]
-sslUtilBase.skipped=某些指定的[{0}]不受SSL引擎支持,已被跳过:[{1}]
sslUtilBase.ssl3=SSLv3 已显式启用。 已知该协议是不安全。
sslUtilBase.tls13.auth=JSSE TLS 1.3实现不支持初始握手后的身份验证,因此与可选的客户端身份验证不兼容
sslUtilBase.trustedCertNotChecked=未检查别名为[{0}]的受信任证书的有效日期,因为该证书属于未知类型
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Remove a couple of additional out-dated translations
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new a082aa7248 Remove a couple of additional out-dated translations
a082aa7248 is described below
commit a082aa7248aa8c98b6f6b817e4626ca80a03a9f1
Author: Mark Thomas
AuthorDate: Wed Nov 1 20:24:00 2023 +
Remove a couple of additional out-dated translations
---
java/org/apache/tomcat/util/net/LocalStrings_fr.properties| 1 -
java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties | 1 -
2 files changed, 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
b/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
index 6ebb8bb69e..f06bdbebc6 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
@@ -165,7 +165,6 @@ sslUtilBase.noCrlSupport=Le truststoreProvider [{0}] ne
supporte pas d''option d
sslUtilBase.noKeys=Aucun alias pour les clés privées n'a été trouvé dans la
base de clés
sslUtilBase.noVerificationDepth=Le truststoreProvider [{0}] ne supporte pas
l''option de configuration certificateVerificationDepth
sslUtilBase.noneSupported=Aucun des [{0}] spécifiés n''est supporté par le
moteur SSL : [{1}]
-sslUtilBase.skipped=Quelques [{0}] spécifiés ne sont pas supportés par le
moteur SSL et ont été ignorés : [{1}]
sslUtilBase.ssl3=SSLv3 a été explicitement activé. Ce protocole est connu
comme non-sécurisé.
sslUtilBase.tls13.auth=L’implémentation JSSE de TLS 1.3 ne supporte pas
l'authentification après la négociation initiale, elle est donc incompatible
avec l’authentification optionnelle du client
sslUtilBase.trustedCertNotChecked=Les dates de validité du certificat de
confiance dont l''alias est [{0}] n''ont pas été vérifiées car sont type est
inconnu
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
b/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
index 9019b40a27..f7008b0428 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
@@ -162,7 +162,6 @@ sslUtilBase.noCrlSupport=truststoreProvider
[{0}]不支持certificateRevocationF
sslUtilBase.noKeys=在密钥存储中找不到私钥的别名
sslUtilBase.noVerificationDepth=truststoreProvider[{0}]不支持CertificationDepth配置选项
sslUtilBase.noneSupported=SSL引擎不支持指定的[{0}]:[{1}]
-sslUtilBase.skipped=某些指定的[{0}]不受SSL引擎支持,已被跳过:[{1}]
sslUtilBase.ssl3=SSLv3 已显式启用。 已知该协议是不安全。
sslUtilBase.tls13.auth=JSSE TLS 1.3实现不支持初始握手后的身份验证,因此与可选的客户端身份验证不兼容
sslUtilBase.trustedCertNotChecked=未检查别名为[{0}]的受信任证书的有效日期,因为该证书属于未知类型
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Remove a couple of additional out-dated translations
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4ed0ea74c7 Remove a couple of additional out-dated translations
4ed0ea74c7 is described below
commit 4ed0ea74c7f84984b617e9132b102978b65392ef
Author: Mark Thomas
AuthorDate: Wed Nov 1 20:24:00 2023 +
Remove a couple of additional out-dated translations
---
java/org/apache/tomcat/util/net/LocalStrings_fr.properties| 1 -
java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties | 1 -
2 files changed, 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
b/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
index 6ebb8bb69e..f06bdbebc6 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_fr.properties
@@ -165,7 +165,6 @@ sslUtilBase.noCrlSupport=Le truststoreProvider [{0}] ne
supporte pas d''option d
sslUtilBase.noKeys=Aucun alias pour les clés privées n'a été trouvé dans la
base de clés
sslUtilBase.noVerificationDepth=Le truststoreProvider [{0}] ne supporte pas
l''option de configuration certificateVerificationDepth
sslUtilBase.noneSupported=Aucun des [{0}] spécifiés n''est supporté par le
moteur SSL : [{1}]
-sslUtilBase.skipped=Quelques [{0}] spécifiés ne sont pas supportés par le
moteur SSL et ont été ignorés : [{1}]
sslUtilBase.ssl3=SSLv3 a été explicitement activé. Ce protocole est connu
comme non-sécurisé.
sslUtilBase.tls13.auth=L’implémentation JSSE de TLS 1.3 ne supporte pas
l'authentification après la négociation initiale, elle est donc incompatible
avec l’authentification optionnelle du client
sslUtilBase.trustedCertNotChecked=Les dates de validité du certificat de
confiance dont l''alias est [{0}] n''ont pas été vérifiées car sont type est
inconnu
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
b/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
index 9019b40a27..f7008b0428 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_zh_CN.properties
@@ -162,7 +162,6 @@ sslUtilBase.noCrlSupport=truststoreProvider
[{0}]不支持certificateRevocationF
sslUtilBase.noKeys=在密钥存储中找不到私钥的别名
sslUtilBase.noVerificationDepth=truststoreProvider[{0}]不支持CertificationDepth配置选项
sslUtilBase.noneSupported=SSL引擎不支持指定的[{0}]:[{1}]
-sslUtilBase.skipped=某些指定的[{0}]不受SSL引擎支持,已被跳过:[{1}]
sslUtilBase.ssl3=SSLv3 已显式启用。 已知该协议是不安全。
sslUtilBase.tls13.auth=JSSE TLS 1.3实现不支持初始握手后的身份验证,因此与可选的客户端身份验证不兼容
sslUtilBase.trustedCertNotChecked=未检查别名为[{0}]的受信任证书的有效日期,因为该证书属于未知类型
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67628] OpenSSLCipherConfigurationParser#parse() produces misleading false positive cipher warnings
https://bz.apache.org/bugzilla/show_bug.cgi?id=67628 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #7 from Mark Thomas --- Fixed in: - 11.0.x for 11.0.0-M14 onwards - 10.1.x for 10.1.16 onwards - 9.0.x for 9.0.83 onwards - 8.5.x for 8.5.96 onwards The description of ciphers and the log message should be a lot clearer now. I couldn't reproduce the DSS issue so there may be another issue here that needs a new bug report. Generally, I'd expect to see two types of bugs with this code. 1. Interpretation errors. These take the form of a test added to TestOpenSSLCipherConfigurationParser with a valid ciphers string that fails when run with the latest OpenSSL dev buld. 2. Test errors. Any test in TestOpenSSLCipherConfigurationParser that passes with the latest OpenSSL dev build but fails with the latest build of one or more older branches.This usually means we haven;t taken full account of a change between OpenSSL versions in the tests. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 8.5.x updated (08424898ac -> 790b5eecaa)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from 08424898ac Line length new 7e88304df6 OpenSSL master branch is now 3.3.x new cd164eabf2 Add test based on BZ 67628 new 790b5eecaa Fix BZ 67628 - Improve description of ciphers The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/tomcat/util/net/LocalStrings.properties | 2 +- .../apache/tomcat/util/net/LocalStrings_ja.properties| 1 - .../apache/tomcat/util/net/LocalStrings_ko.properties| 1 - .../ciphers/TestOpenSSLCipherConfigurationParser.java| 15 +++ .../tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 -- webapps/docs/changelog.xml | 4 webapps/docs/config/http.xml | 16 7 files changed, 36 insertions(+), 9 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/03: OpenSSL master branch is now 3.3.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 7e88304df66e19dceb10f750d1616479bffd8bdf
Author: Mark Thomas
AuthorDate: Wed Nov 1 19:34:31 2023 +
OpenSSL master branch is now 3.3.x
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 0df4cb26bb..ab9433b84d 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,8 +49,10 @@ public class TesterOpenSSL {
} catch (IOException e) {
versionString = "";
}
-if (versionString.startsWith("OpenSSL 3.2.")) {
-// Note: Gump currently tests 11.x with OpenSSL 3.2.x
+if (versionString.startsWith("OpenSSL 3.3.")) {
+// Note: Gump currently tests 11.x with OpenSSL 3.3.x
+VERSION = 30300;
+} else if (versionString.startsWith("OpenSSL 3.2.")) {
VERSION = 30200;
} else if (versionString.startsWith("OpenSSL 3.1.")) {
VERSION = 30100;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 03/03: Fix BZ 67628 - Improve description of ciphers
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 790b5eecaa18e4d636de69c8045e44acaff262ea
Author: Mark Thomas
AuthorDate: Wed Nov 1 20:13:31 2023 +
Fix BZ 67628 - Improve description of ciphers
Also improve associated log message
---
java/org/apache/tomcat/util/net/LocalStrings.properties | 2 +-
.../apache/tomcat/util/net/LocalStrings_ja.properties| 1 -
.../apache/tomcat/util/net/LocalStrings_ko.properties| 1 -
webapps/docs/changelog.xml | 4
webapps/docs/config/http.xml | 16
5 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index d8e0d6ea29..a0b212fc22 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -182,7 +182,7 @@ sslUtilBase.noCrlSupport=The truststoreProvider [{0}] does
not support the certi
sslUtilBase.noKeys=No aliases for private keys found in key store
sslUtilBase.noVerificationDepth=The truststoreProvider [{0}] does not support
the certificateVerificationDepth configuration option
sslUtilBase.noneSupported=None of the [{0}] specified are supported by the SSL
engine : [{1}]
-sslUtilBase.skipped=Some of the specified [{0}] are not supported by the SSL
engine and have been skipped: [{1}]
+sslUtilBase.skipped=Tomcat interprets the [{0}] attribute in a manner
consistent with the latest OpenSSL development branch. Some of the specified
[{0}] are not supported by the configured SSL engine for this connector (which
may use JSSE or an older OpenSSL version) and have been skipped: [{1}]
sslUtilBase.ssl3=SSLv3 has been explicitly enabled. This protocol is known to
be insecure.
sslUtilBase.tls13.auth=The JSSE TLS 1.3 implementation does not support post
handshake authentication (PHA) and is therefore incompatible with optional
certificate authentication
sslUtilBase.trustedCertNotChecked=The validity dates of the trusted
certificate with alias [{0}] were not checked as the certificate was of an
unknown type
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
b/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
index e0c9ece8a4..e2e86be619 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
@@ -178,7 +178,6 @@ sslUtilBase.noCrlSupport=トラストストアプロバイダー [{0}] は設定
sslUtilBase.noKeys=キーストアで見つかった秘密キーのエイリアスがありません。
sslUtilBase.noVerificationDepth=トラストストアプロバイダー [{0}] は設定項目
certificateVerificationDepth に未対応です。
sslUtilBase.noneSupported=指定された [{0}] のどれもSSLエンジンでサポートされていません: [{1}]
-sslUtilBase.skipped=指定された [{0}] の一部はSSLエンジンでサポートされておらず、スキップされています: [{1}]
sslUtilBase.ssl3=SSLv3 が明示的に有効化化されています。このプロトコルは安全ではありません。
sslUtilBase.tls13.auth=JSSE TLS
1.3実装は、初期ハンドシェイク後の認証をサポートしていないため、オプションのクライアント認証と互換性がありません。
sslUtilBase.trustedCertNotChecked=エイリアス [{0}]
を持つ信頼できる証明書の有効期限は、証明書が不明な型であるためチェックされませんでした
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
b/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
index efa977a34d..146f831044 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
@@ -173,7 +173,6 @@ sslUtilBase.noCrlSupport=truststoreProvider [{0}]은(는)
certificateRevocationF
sslUtilBase.noKeys=개인 키들에 대한 별칭들이 키 저장소에 없습니다.
sslUtilBase.noVerificationDepth=truststoreProvider [{0}]은(는)
certificateVerificationDepth 설정 옵션을 지원하지 않습니다.
sslUtilBase.noneSupported=지정된 [{0}]의 어느 것도 SSL 엔진에 의해 지원되지 않습니다: [{1}]
-sslUtilBase.skipped=지정된 [{0}]의 일부가 SSL 엔진에 의해 지원되지 않아 건너뜁니다: [{1}]
sslUtilBase.ssl3=SSLv3이 명시적으로 사용 가능 상태로 설정되었습니다. 이 프로토콜은 안전하지 않은 것으로 알려져 있습니다.
sslUtilBase.tls13.auth=JSSE TLS 1.3 구현이 초기 handshake 이후의 인증을 지원하지 않음에 따라,
선택사항인 클라이언트 인증과 호환되지 않습니다.
sslUtilBase.trustedCertNotChecked=인증서가 알 수 없는 타입이라서, 별칭이 [{0}]인 신뢰되는 인증서의
유효일자들이 점검되지 않았습니다.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c7e9a0e77a..04453572ee 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -145,6 +145,10 @@
automatically call
setCertificateKeystoreType(ks.getType()). (markt)
+
+67628: Clarify how the ciphers attribute of the
+SSLHostConfig is used. (markt)
+
67666: Ensure TLS connectors using PEM files either work
with
the TLSCertificateReloadListener or, in the rare case that
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index bc76a13f8c..8372bc2648 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1328,11 +1328,19 @@
documentation for the list of ciphers supported and
(tomcat) 02/03: Add test based on BZ 67628
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit cd164eabf21c8f6021291c97ee3d42701e1bafe9
Author: Mark Thomas
AuthorDate: Wed Nov 1 19:34:45 2023 +
Add test based on BZ 67628
---
.../ciphers/TestOpenSSLCipherConfigurationParser.java | 15 +++
1 file changed, 15 insertions(+)
diff --git
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
index 5f301b5cae..1c2b94644e 100644
---
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -556,6 +556,21 @@ public class TestOpenSSLCipherConfigurationParser {
testSpecification("EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS");
}
+
+/*
+ * Cipher string extracted from
https://bz.apache.org/bugzilla/show_bug.cgi?id=67628
+ */
+@Test
+public void testSpecification04() throws Exception {
+if (TesterOpenSSL.VERSION < 30200) {
+// OpenSSL 3.2.x moved the CCM8 ciphers from high to medium
+
testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384:!AESCCM8");
+} else {
+
testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384:");
+}
+}
+
+
private void testSpecification(String specification) throws Exception {
// Filter out cipher suites that OpenSSL does not implement
String openSSLCipherList =
TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated (fe5e550d69 -> 14d70ab35b)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from fe5e550d69 Line length new 04f54f5d1d OpenSSL master branch is now 3.3.x new 07b7551a65 Add test based on BZ 67628 new 14d70ab35b Fix BZ 67628 - Improve description of ciphers The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/tomcat/util/net/LocalStrings.properties | 2 +- .../apache/tomcat/util/net/LocalStrings_ja.properties| 1 - .../apache/tomcat/util/net/LocalStrings_ko.properties| 1 - .../ciphers/TestOpenSSLCipherConfigurationParser.java| 15 +++ .../tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 -- webapps/docs/changelog.xml | 4 webapps/docs/config/http.xml | 16 7 files changed, 36 insertions(+), 9 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated (7c53498ea8 -> 0e25627690)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from 7c53498ea8 Line length new cdf6329f70 OpenSSL master branch is now 3.3.x new 50d024b27e Add test based on BZ 67628 new 0e25627690 Fix BZ 67628 - Improve description of ciphers The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/tomcat/util/net/LocalStrings.properties | 2 +- .../apache/tomcat/util/net/LocalStrings_ja.properties| 1 - .../apache/tomcat/util/net/LocalStrings_ko.properties| 1 - .../ciphers/TestOpenSSLCipherConfigurationParser.java| 15 +++ .../tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 -- webapps/docs/changelog.xml | 4 webapps/docs/config/http.xml | 16 7 files changed, 36 insertions(+), 9 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 03/03: Fix BZ 67628 - Improve description of ciphers
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0e25627690245cdf1f4f013eb348290c3e0fb8f0
Author: Mark Thomas
AuthorDate: Wed Nov 1 20:13:31 2023 +
Fix BZ 67628 - Improve description of ciphers
Also improve associated log message
---
java/org/apache/tomcat/util/net/LocalStrings.properties | 2 +-
.../apache/tomcat/util/net/LocalStrings_ja.properties| 1 -
.../apache/tomcat/util/net/LocalStrings_ko.properties| 1 -
webapps/docs/changelog.xml | 4
webapps/docs/config/http.xml | 16
5 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 0118074447..20e8ed1a4d 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -187,7 +187,7 @@ sslUtilBase.noCrlSupport=The truststoreProvider [{0}] does
not support the certi
sslUtilBase.noKeys=No aliases for private keys found in key store
sslUtilBase.noVerificationDepth=The truststoreProvider [{0}] does not support
the certificateVerificationDepth configuration option
sslUtilBase.noneSupported=None of the [{0}] specified are supported by the SSL
engine : [{1}]
-sslUtilBase.skipped=Some of the specified [{0}] are not supported by the SSL
engine and have been skipped: [{1}]
+sslUtilBase.skipped=Tomcat interprets the [{0}] attribute in a manner
consistent with the latest OpenSSL development branch. Some of the specified
[{0}] are not supported by the configured SSL engine for this connector (which
may use JSSE or an older OpenSSL version) and have been skipped: [{1}]
sslUtilBase.ssl3=SSLv3 has been explicitly enabled. This protocol is known to
be insecure.
sslUtilBase.tls13.auth=The JSSE TLS 1.3 implementation does not support post
handshake authentication (PHA) and is therefore incompatible with optional
certificate authentication
sslUtilBase.trustedCertNotChecked=The validity dates of the trusted
certificate with alias [{0}] were not checked as the certificate was of an
unknown type
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
b/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
index a45b60af2e..9c8ec6d60c 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
@@ -184,7 +184,6 @@ sslUtilBase.noCrlSupport=トラストストアプロバイダー [{0}] は設定
sslUtilBase.noKeys=キーストアで見つかった秘密キーのエイリアスがありません。
sslUtilBase.noVerificationDepth=トラストストアプロバイダー [{0}] は設定項目
certificateVerificationDepth に未対応です。
sslUtilBase.noneSupported=指定された [{0}] のどれもSSLエンジンでサポートされていません: [{1}]
-sslUtilBase.skipped=指定された [{0}] の一部はSSLエンジンでサポートされておらず、スキップされています: [{1}]
sslUtilBase.ssl3=SSLv3 が明示的に有効化化されています。このプロトコルは安全ではありません。
sslUtilBase.tls13.auth=JSSE TLS
1.3実装は、初期ハンドシェイク後の認証をサポートしていないため、オプションのクライアント認証と互換性がありません。
sslUtilBase.trustedCertNotChecked=エイリアス [{0}]
を持つ信頼できる証明書の有効期限は、証明書が不明な型であるためチェックされませんでした
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
b/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
index 6a29ea3812..da1a865806 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
@@ -179,7 +179,6 @@ sslUtilBase.noCrlSupport=truststoreProvider [{0}]은(는)
certificateRevocationF
sslUtilBase.noKeys=개인 키들에 대한 별칭들이 키 저장소에 없습니다.
sslUtilBase.noVerificationDepth=truststoreProvider [{0}]은(는)
certificateVerificationDepth 설정 옵션을 지원하지 않습니다.
sslUtilBase.noneSupported=지정된 [{0}]의 어느 것도 SSL 엔진에 의해 지원되지 않습니다: [{1}]
-sslUtilBase.skipped=지정된 [{0}]의 일부가 SSL 엔진에 의해 지원되지 않아 건너뜁니다: [{1}]
sslUtilBase.ssl3=SSLv3이 명시적으로 사용 가능 상태로 설정되었습니다. 이 프로토콜은 안전하지 않은 것으로 알려져 있습니다.
sslUtilBase.tls13.auth=JSSE TLS 1.3 구현이 초기 handshake 이후의 인증을 지원하지 않음에 따라,
선택사항인 클라이언트 인증과 호환되지 않습니다.
sslUtilBase.trustedCertNotChecked=인증서가 알 수 없는 타입이라서, 별칭이 [{0}]인 신뢰되는 인증서의
유효일자들이 점검되지 않았습니다.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5c0ae5660d..26a1197b32 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -145,6 +145,10 @@
automatically call
setCertificateKeystoreType(ks.getType()). (markt)
+
+67628: Clarify how the ciphers attribute of the
+SSLHostConfig is used. (markt)
+
67666: Ensure TLS connectors using PEM files either work
with
the TLSCertificateReloadListener or, in the rare case that
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index cb12d17f4b..cc38e8f07e 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1361,11 +1361,19 @@
documentation for the list of ciphers supported and
(tomcat) 01/03: OpenSSL master branch is now 3.3.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit cdf6329f705e366b50f47a12453e9236355356d2
Author: Mark Thomas
AuthorDate: Wed Nov 1 19:34:31 2023 +
OpenSSL master branch is now 3.3.x
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 0df4cb26bb..ab9433b84d 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,8 +49,10 @@ public class TesterOpenSSL {
} catch (IOException e) {
versionString = "";
}
-if (versionString.startsWith("OpenSSL 3.2.")) {
-// Note: Gump currently tests 11.x with OpenSSL 3.2.x
+if (versionString.startsWith("OpenSSL 3.3.")) {
+// Note: Gump currently tests 11.x with OpenSSL 3.3.x
+VERSION = 30300;
+} else if (versionString.startsWith("OpenSSL 3.2.")) {
VERSION = 30200;
} else if (versionString.startsWith("OpenSSL 3.1.")) {
VERSION = 30100;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/03: OpenSSL master branch is now 3.3.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 04f54f5d1d5d280a58670af6528ef5e65caee7b3
Author: Mark Thomas
AuthorDate: Wed Nov 1 19:34:31 2023 +
OpenSSL master branch is now 3.3.x
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 0df4cb26bb..ab9433b84d 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,8 +49,10 @@ public class TesterOpenSSL {
} catch (IOException e) {
versionString = "";
}
-if (versionString.startsWith("OpenSSL 3.2.")) {
-// Note: Gump currently tests 11.x with OpenSSL 3.2.x
+if (versionString.startsWith("OpenSSL 3.3.")) {
+// Note: Gump currently tests 11.x with OpenSSL 3.3.x
+VERSION = 30300;
+} else if (versionString.startsWith("OpenSSL 3.2.")) {
VERSION = 30200;
} else if (versionString.startsWith("OpenSSL 3.1.")) {
VERSION = 30100;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 02/03: Add test based on BZ 67628
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 50d024b27ea29380b0fc35ead39ff1c9acb97404
Author: Mark Thomas
AuthorDate: Wed Nov 1 19:34:45 2023 +
Add test based on BZ 67628
---
.../ciphers/TestOpenSSLCipherConfigurationParser.java | 15 +++
1 file changed, 15 insertions(+)
diff --git
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
index 5f301b5cae..1c2b94644e 100644
---
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -556,6 +556,21 @@ public class TestOpenSSLCipherConfigurationParser {
testSpecification("EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS");
}
+
+/*
+ * Cipher string extracted from
https://bz.apache.org/bugzilla/show_bug.cgi?id=67628
+ */
+@Test
+public void testSpecification04() throws Exception {
+if (TesterOpenSSL.VERSION < 30200) {
+// OpenSSL 3.2.x moved the CCM8 ciphers from high to medium
+
testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384:!AESCCM8");
+} else {
+
testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384:");
+}
+}
+
+
private void testSpecification(String specification) throws Exception {
// Filter out cipher suites that OpenSSL does not implement
String openSSLCipherList =
TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 02/03: Add test based on BZ 67628
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 1d4f22078010aee28f097a588c2146bd2b09f7b4
Author: Mark Thomas
AuthorDate: Wed Nov 1 19:34:45 2023 +
Add test based on BZ 67628
---
.../ciphers/TestOpenSSLCipherConfigurationParser.java | 15 +++
1 file changed, 15 insertions(+)
diff --git
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
index 5f301b5cae..1c2b94644e 100644
---
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -556,6 +556,21 @@ public class TestOpenSSLCipherConfigurationParser {
testSpecification("EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS");
}
+
+/*
+ * Cipher string extracted from
https://bz.apache.org/bugzilla/show_bug.cgi?id=67628
+ */
+@Test
+public void testSpecification04() throws Exception {
+if (TesterOpenSSL.VERSION < 30200) {
+// OpenSSL 3.2.x moved the CCM8 ciphers from high to medium
+
testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384:!AESCCM8");
+} else {
+
testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384:");
+}
+}
+
+
private void testSpecification(String specification) throws Exception {
// Filter out cipher suites that OpenSSL does not implement
String openSSLCipherList =
TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 03/03: Fix BZ 67628 - Improve description of ciphers
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 14d70ab35b363e0e6541dbbaf3431e4156f9bf4f
Author: Mark Thomas
AuthorDate: Wed Nov 1 20:13:31 2023 +
Fix BZ 67628 - Improve description of ciphers
Also improve associated log message
---
java/org/apache/tomcat/util/net/LocalStrings.properties | 2 +-
.../apache/tomcat/util/net/LocalStrings_ja.properties| 1 -
.../apache/tomcat/util/net/LocalStrings_ko.properties| 1 -
webapps/docs/changelog.xml | 4
webapps/docs/config/http.xml | 16
5 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index b92d116450..493459e606 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -165,7 +165,7 @@ sslUtilBase.noCrlSupport=The truststoreProvider [{0}] does
not support the certi
sslUtilBase.noKeys=No aliases for private keys found in key store
sslUtilBase.noVerificationDepth=The truststoreProvider [{0}] does not support
the certificateVerificationDepth configuration option
sslUtilBase.noneSupported=None of the [{0}] specified are supported by the SSL
engine : [{1}]
-sslUtilBase.skipped=Some of the specified [{0}] are not supported by the SSL
engine and have been skipped: [{1}]
+sslUtilBase.skipped=Tomcat interprets the [{0}] attribute in a manner
consistent with the latest OpenSSL development branch. Some of the specified
[{0}] are not supported by the configured SSL engine for this connector (which
may use JSSE or an older OpenSSL version) and have been skipped: [{1}]
sslUtilBase.ssl3=SSLv3 has been explicitly enabled. This protocol is known to
be insecure.
sslUtilBase.tls13.auth=The JSSE TLS 1.3 implementation does not support post
handshake authentication (PHA) and is therefore incompatible with optional
certificate authentication
sslUtilBase.trustedCertNotChecked=The validity dates of the trusted
certificate with alias [{0}] were not checked as the certificate was of an
unknown type
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
b/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
index 62d53637a7..1dc377920d 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
@@ -165,7 +165,6 @@ sslUtilBase.noCrlSupport=トラストストアプロバイダー [{0}] は設定
sslUtilBase.noKeys=キーストアで見つかった秘密キーのエイリアスがありません。
sslUtilBase.noVerificationDepth=トラストストアプロバイダー [{0}] は設定項目
certificateVerificationDepth に未対応です。
sslUtilBase.noneSupported=指定された [{0}] のどれもSSLエンジンでサポートされていません: [{1}]
-sslUtilBase.skipped=指定された [{0}] の一部はSSLエンジンでサポートされておらず、スキップされています: [{1}]
sslUtilBase.ssl3=SSLv3 が明示的に有効化化されています。このプロトコルは安全ではありません。
sslUtilBase.tls13.auth=JSSE TLS
1.3実装は、初期ハンドシェイク後の認証をサポートしていないため、オプションのクライアント認証と互換性がありません。
sslUtilBase.trustedCertNotChecked=エイリアス [{0}]
を持つ信頼できる証明書の有効期限は、証明書が不明な型であるためチェックされませんでした
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
b/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
index e60e0b4c15..06b7b464a6 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
@@ -160,7 +160,6 @@ sslUtilBase.noCrlSupport=truststoreProvider [{0}]은(는)
certificateRevocationF
sslUtilBase.noKeys=개인 키들에 대한 별칭들이 키 저장소에 없습니다.
sslUtilBase.noVerificationDepth=truststoreProvider [{0}]은(는)
certificateVerificationDepth 설정 옵션을 지원하지 않습니다.
sslUtilBase.noneSupported=지정된 [{0}]의 어느 것도 SSL 엔진에 의해 지원되지 않습니다: [{1}]
-sslUtilBase.skipped=지정된 [{0}]의 일부가 SSL 엔진에 의해 지원되지 않아 건너뜁니다: [{1}]
sslUtilBase.ssl3=SSLv3이 명시적으로 사용 가능 상태로 설정되었습니다. 이 프로토콜은 안전하지 않은 것으로 알려져 있습니다.
sslUtilBase.tls13.auth=JSSE TLS 1.3 구현이 초기 handshake 이후의 인증을 지원하지 않음에 따라,
선택사항인 클라이언트 인증과 호환되지 않습니다.
sslUtilBase.trustedCertNotChecked=인증서가 알 수 없는 타입이라서, 별칭이 [{0}]인 신뢰되는 인증서의
유효일자들이 점검되지 않았습니다.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2ee96f1229..1ac9865df1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -145,6 +145,10 @@
automatically call
setCertificateKeystoreType(ks.getType()). (markt)
+
+67628: Clarify how the ciphers attribute of the
+SSLHostConfig is used. (markt)
+
67666: Ensure TLS connectors using PEM files either work
with
the TLSCertificateReloadListener or, in the rare case that
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 3da48561be..422df9c1d0 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1253,11 +1253,19 @@
documentation for the list of ciphers supported an
(tomcat) 02/03: Add test based on BZ 67628
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 07b7551a65dd42b8949c45efe422c2796ee2475b
Author: Mark Thomas
AuthorDate: Wed Nov 1 19:34:45 2023 +
Add test based on BZ 67628
---
.../ciphers/TestOpenSSLCipherConfigurationParser.java | 15 +++
1 file changed, 15 insertions(+)
diff --git
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
index 5f301b5cae..1c2b94644e 100644
---
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -556,6 +556,21 @@ public class TestOpenSSLCipherConfigurationParser {
testSpecification("EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS");
}
+
+/*
+ * Cipher string extracted from
https://bz.apache.org/bugzilla/show_bug.cgi?id=67628
+ */
+@Test
+public void testSpecification04() throws Exception {
+if (TesterOpenSSL.VERSION < 30200) {
+// OpenSSL 3.2.x moved the CCM8 ciphers from high to medium
+
testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384:!AESCCM8");
+} else {
+
testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384:");
+}
+}
+
+
private void testSpecification(String specification) throws Exception {
// Filter out cipher suites that OpenSSL does not implement
String openSSLCipherList =
TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated (38a386390f -> ef52cc47d8)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from 38a386390f Line length new 8990cac7f8 OpenSSL master branch is now 3.3.x new 1d4f220780 Add test based on BZ 67628 new ef52cc47d8 Fix BZ 67628 - Improve description of ciphers The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/tomcat/util/net/LocalStrings.properties | 2 +- .../apache/tomcat/util/net/LocalStrings_ja.properties| 1 - .../apache/tomcat/util/net/LocalStrings_ko.properties| 1 - .../ciphers/TestOpenSSLCipherConfigurationParser.java| 15 +++ .../tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 -- webapps/docs/changelog.xml | 4 webapps/docs/config/http.xml | 16 7 files changed, 36 insertions(+), 9 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 03/03: Fix BZ 67628 - Improve description of ciphers
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit ef52cc47d886c2cb13792ec9d98448b83c3bf47e
Author: Mark Thomas
AuthorDate: Wed Nov 1 20:13:31 2023 +
Fix BZ 67628 - Improve description of ciphers
Also improve associated log message
---
java/org/apache/tomcat/util/net/LocalStrings.properties | 2 +-
.../apache/tomcat/util/net/LocalStrings_ja.properties| 1 -
.../apache/tomcat/util/net/LocalStrings_ko.properties| 1 -
webapps/docs/changelog.xml | 4
webapps/docs/config/http.xml | 16
5 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 43146c2c16..b86d15566b 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -165,7 +165,7 @@ sslUtilBase.noCrlSupport=The truststoreProvider [{0}] does
not support the certi
sslUtilBase.noKeys=No aliases for private keys found in key store
sslUtilBase.noVerificationDepth=The truststoreProvider [{0}] does not support
the certificateVerificationDepth configuration option
sslUtilBase.noneSupported=None of the [{0}] specified are supported by the SSL
engine : [{1}]
-sslUtilBase.skipped=Some of the specified [{0}] are not supported by the SSL
engine and have been skipped: [{1}]
+sslUtilBase.skipped=Tomcat interprets the [{0}] attribute in a manner
consistent with the latest OpenSSL development branch. Some of the specified
[{0}] are not supported by the configured SSL engine for this connector (which
may use JSSE or an older OpenSSL version) and have been skipped: [{1}]
sslUtilBase.ssl3=SSLv3 has been explicitly enabled. This protocol is known to
be insecure.
sslUtilBase.tls13.auth=The JSSE TLS 1.3 implementation does not support post
handshake authentication (PHA) and is therefore incompatible with optional
certificate authentication
sslUtilBase.trustedCertNotChecked=The validity dates of the trusted
certificate with alias [{0}] were not checked as the certificate was of an
unknown type
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
b/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
index 62d53637a7..1dc377920d 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_ja.properties
@@ -165,7 +165,6 @@ sslUtilBase.noCrlSupport=トラストストアプロバイダー [{0}] は設定
sslUtilBase.noKeys=キーストアで見つかった秘密キーのエイリアスがありません。
sslUtilBase.noVerificationDepth=トラストストアプロバイダー [{0}] は設定項目
certificateVerificationDepth に未対応です。
sslUtilBase.noneSupported=指定された [{0}] のどれもSSLエンジンでサポートされていません: [{1}]
-sslUtilBase.skipped=指定された [{0}] の一部はSSLエンジンでサポートされておらず、スキップされています: [{1}]
sslUtilBase.ssl3=SSLv3 が明示的に有効化化されています。このプロトコルは安全ではありません。
sslUtilBase.tls13.auth=JSSE TLS
1.3実装は、初期ハンドシェイク後の認証をサポートしていないため、オプションのクライアント認証と互換性がありません。
sslUtilBase.trustedCertNotChecked=エイリアス [{0}]
を持つ信頼できる証明書の有効期限は、証明書が不明な型であるためチェックされませんでした
diff --git a/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
b/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
index e60e0b4c15..06b7b464a6 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings_ko.properties
@@ -160,7 +160,6 @@ sslUtilBase.noCrlSupport=truststoreProvider [{0}]은(는)
certificateRevocationF
sslUtilBase.noKeys=개인 키들에 대한 별칭들이 키 저장소에 없습니다.
sslUtilBase.noVerificationDepth=truststoreProvider [{0}]은(는)
certificateVerificationDepth 설정 옵션을 지원하지 않습니다.
sslUtilBase.noneSupported=지정된 [{0}]의 어느 것도 SSL 엔진에 의해 지원되지 않습니다: [{1}]
-sslUtilBase.skipped=지정된 [{0}]의 일부가 SSL 엔진에 의해 지원되지 않아 건너뜁니다: [{1}]
sslUtilBase.ssl3=SSLv3이 명시적으로 사용 가능 상태로 설정되었습니다. 이 프로토콜은 안전하지 않은 것으로 알려져 있습니다.
sslUtilBase.tls13.auth=JSSE TLS 1.3 구현이 초기 handshake 이후의 인증을 지원하지 않음에 따라,
선택사항인 클라이언트 인증과 호환되지 않습니다.
sslUtilBase.trustedCertNotChecked=인증서가 알 수 없는 타입이라서, 별칭이 [{0}]인 신뢰되는 인증서의
유효일자들이 점검되지 않았습니다.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2308566fe1..fa74fc8c69 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -156,6 +156,10 @@
listener on the Server element when using Java 22
or later. (remm)
+
+67628: Clarify how the ciphers attribute of the
+SSLHostConfig is used. (markt)
+
67666: Ensure TLS connectors using PEM files either work
with
the TLSCertificateReloadListener or, in the rare case that
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 2faa6f002f..31f273f615 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1228,11 +1228,19 @@
documentation for the list of ciphers supported and th
(tomcat) 01/03: OpenSSL master branch is now 3.3.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 8990cac7f8745651cce24db3919de8eb48e1ffd0
Author: Mark Thomas
AuthorDate: Wed Nov 1 19:34:31 2023 +
OpenSSL master branch is now 3.3.x
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 0df4cb26bb..ab9433b84d 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,8 +49,10 @@ public class TesterOpenSSL {
} catch (IOException e) {
versionString = "";
}
-if (versionString.startsWith("OpenSSL 3.2.")) {
-// Note: Gump currently tests 11.x with OpenSSL 3.2.x
+if (versionString.startsWith("OpenSSL 3.3.")) {
+// Note: Gump currently tests 11.x with OpenSSL 3.3.x
+VERSION = 30300;
+} else if (versionString.startsWith("OpenSSL 3.2.")) {
VERSION = 30200;
} else if (versionString.startsWith("OpenSSL 3.1.")) {
VERSION = 30100;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-10.1.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/44/builds/1015 Blamelist: Mark Thomas Build Text: build successful Status Detected: restored build Build Source Stamp: [branch 10.1.x] fe5e550d6963ce9a0b6055c8c7d229867295a768 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-11.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/720 Blamelist: Mark Thomas Build Text: build successful Status Detected: restored build Build Source Stamp: [branch main] 38a386390fec073826aca1988723fc25f9ac3bc8 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 shell_6: 0 compile: 1 shell_7: 0 shell_8: 0 shell_9: 0 shell_10: 0 Rsync docs to nightlies.apache.org: 0 shell_11: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_12: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch 1.2.x updated: Further improve BZ 67818 wording
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new c4f23c954 Further improve BZ 67818 wording c4f23c954 is described below commit c4f23c954976861d30db5cd814d4cc627949fe27 Author: Mark Thomas AuthorDate: Wed Nov 1 16:49:46 2023 + Further improve BZ 67818 wording --- xdocs/miscellaneous/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 955fd881a..60fe4e4c1 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -48,7 +48,7 @@ 67818: When calling SSL.setVerify() or SSLContext.setVerify(), the default verify paths are no longer set. Only the explicitly configured trust store, if any, will be - used to verify client certificates. (michaelo) + used. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Fix typo. Further improve BZ 67818 wording
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 607af745a Fix typo. Further improve BZ 67818 wording 607af745a is described below commit 607af745adfeb1728fcc30e42218122a9e7b36e2 Author: Mark Thomas AuthorDate: Wed Nov 1 16:49:46 2023 + Fix typo. Further improve BZ 67818 wording --- xdocs/miscellaneous/changelog.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 8ed614b72..42a242b42 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -35,7 +35,7 @@ 67538: Make use of Ant's- task to enfore the mininum Java build version. (michaelo) + task to enforce the mininum Java build version. (michaelo) 67615: Windows binary for version 2 has incorrect version @@ -64,7 +64,7 @@ 67818: When calling SSL.setVerify() or SSLContext.setVerify(), the default verify paths are no longer set. Only the explicitly configured trust store, if any, will be - used to verify client certificates. (michaelo) + used. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67938] Tomcat mishandles large client hello messages
https://bz.apache.org/bugzilla/show_bug.cgi?id=67938
--- Comment #4 from Stephen Higgs ---
Reproducer Steps
This reproducer creates an artificially large ClientHello that causes Tomcat to
respond with an SSL alert on TLS 1.3 session resumption. In this test case, a
certificate extension with a very long string value is added to the server's
certificate. Wireshark analysis shows the ClientHello preshared key identity
can become very large with a large certificate. Mutual authentication also
increases the size of the identity.
In the following test, the first openssl call will succeed while the second one
will fail.
STEP 1 - generate a large certificate
-
$ cat openssl.cnf
[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[req_distinguished_name]
C = NA
ST = NA
L = NA
O = NA
OU = NA
CN = localhost
[req_ext]
subjectAltName = @alternate_names
[alternate_names]
DNS.1 = localhost
DNS.2 = *.localhost
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
subjectAltName = @alternate_names
keyUsage = digitalSignature, keyEncipherment
2.999 = ASN1:UTF8String:LONGSTRING
$ sed "s/LONGSTRING/$(printf '%.0sx' {0..16000})/g" ./openssl.cnf >
openssl-long.cnf
$ cat create-cert.sh
#!/bin/bash
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days
7 -nodes -config ./openssl-long.cnf -extensions v3_ca
openssl pkcs12 -inkey key.pem -in cert.pem -export -out keystore.p12 -password
pass:changeit -name my
keytool -importkeystore -srckeystore keystore.p12 -destkeystore keystore.jks
-srcstoretype PKCS12 -deststoretype jks -deststorepass changeit -srcstorepass
changeit
$ ./create-cert.sh
Step 2 - install cert and start Tomcat
--
$ grep --after-context 8 "
$ cp $CERT_DIR/keystore.jks conf/keystore.jks
$ bin/catalina.sh run
Step 3 - test
-
$ cat test.sh
#!/bin/bash
echo -en "GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n" |
openssl s_client -connect localhost:8443 -sess_out session -tls1_3 -quiet
-CAfile=cert.pem
echo -en "GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n" |
openssl s_client -connect localhost:8443 -sess_in session -tls1_3 -quiet
-CAfile=cert.pem
$ ./test.sh
...
003E54FCFD7E:error:0A000438:SSL routines:ssl3_read_bytes:tlsv1 alert
internal error:ssl/record/rec_layer_s3.c:1586:SSL alert number 80
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67628] OpenSSLCipherConfigurationParser#parse() produces misleading false positive cipher warnings
https://bz.apache.org/bugzilla/show_bug.cgi?id=67628 --- Comment #6 from Michael Osipov --- (In reply to Mark Thomas from comment #5) > If we pass ciphers directly to OpenSSL then we get different behaviour > between JSSE and OpenSSL. This is the issue the current design is trying to > avoid - or at least highlight when it happens. But we both know that JSSE and OpenSSL are different no matter what we do. Why don't we put that into consider and be fair about that fact. > What you are seeing is intended behaviour. > > I remain of the view that better docs and a better log message is the way to > address this. I agree with you that behavior should be consistent wherever possible, but documentation has to mention where it differs for obvious reasons. Let's work on docs first. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-10.1.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/44/builds/1014 Blamelist: Mark Thomas Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch 10.1.x] eb735f853f7f1607ff82e70b4fe0f985a4622637 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: Line length
On 01/11/2023 15:37, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 38a386390f Line length 38a386390f is described below commit 38a386390fec073826aca1988723fc25f9ac3bc8 Author: Mark Thomas AuthorDate: Wed Nov 1 15:36:25 2023 + Line length The change log has remained at a max width of 80 while the source code is now 120. Any reason not to allow the change log a max width of 120 as well? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 8.5.x updated: Line length
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 08424898ac Line length 08424898ac is described below commit 08424898acbc60c3735363f33dc520fa7f7c45a9 Author: Mark Thomas AuthorDate: Wed Nov 1 15:36:25 2023 + Line length --- webapps/docs/changelog.xml | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index cf93ace6ef..c7e9a0e77a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -108,8 +108,9 @@ -67667: TLSCertificateReloadListener prints unreadable -rendering of X509Certificate#getNotAfter(). (michaelo) +67667: TLSCertificateReloadListener prints +unreadable rendering of X509Certificate#getNotAfter(). +(michaelo) The status servlet included in the manager webapp can now output @@ -121,8 +122,8 @@ from a file containing a property-value. (schultz) -67926: PEMFile prints unidentifiable string representation - of ASN.1 OIDs. (michaelo) +67926: PEMFile prints unidentifiable string +representation of ASN.1 OIDs. (michaelo) 66875: Ensure that setting the request attribute @@ -134,7 +135,8 @@ -66670: Add SSLHostConfig#certificateKeyPasswordFile and +66670: Add +SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Line length
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 7c53498ea8 Line length 7c53498ea8 is described below commit 7c53498ea8c0230975fe90eb9fa17e341e1b3f49 Author: Mark Thomas AuthorDate: Wed Nov 1 15:36:25 2023 + Line length --- webapps/docs/changelog.xml | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 5fb8489a2b..5c0ae5660d 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -108,8 +108,9 @@ -67667: TLSCertificateReloadListener prints unreadable -rendering of X509Certificate#getNotAfter(). (michaelo) +67667: TLSCertificateReloadListener prints +unreadable rendering of X509Certificate#getNotAfter(). +(michaelo) The status servlet included in the manager webapp can now output @@ -121,8 +122,8 @@ from a file containing a property-value. (schultz) -67926: PEMFile prints unidentifiable string representation - of ASN.1 OIDs. (michaelo) +67926: PEMFile prints unidentifiable string +representation of ASN.1 OIDs. (michaelo) 66875: Ensure that setting the request attribute @@ -134,7 +135,8 @@ -66670: Add SSLHostConfig#certificateKeyPasswordFile and +66670: Add +SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Line length
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new fe5e550d69 Line length fe5e550d69 is described below commit fe5e550d6963ce9a0b6055c8c7d229867295a768 Author: Mark Thomas AuthorDate: Wed Nov 1 15:36:25 2023 + Line length --- webapps/docs/changelog.xml | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 65cfd9c6be..2ee96f1229 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -108,8 +108,9 @@ -67667: TLSCertificateReloadListener prints unreadable -rendering of X509Certificate#getNotAfter(). (michaelo) +67667: TLSCertificateReloadListener prints +unreadable rendering of X509Certificate#getNotAfter(). +(michaelo) The status servlet included in the manager webapp can now output @@ -121,8 +122,8 @@ from a file containing a property-value. (schultz) -67926: PEMFile prints unidentifiable string representation - of ASN.1 OIDs. (michaelo) +67926: PEMFile prints unidentifiable string +representation of ASN.1 OIDs. (michaelo) 66875: Ensure that setting the request attribute @@ -134,7 +135,8 @@ -66670: Add SSLHostConfig#certificateKeyPasswordFile and +66670: Add +SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Line length
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 38a386390f Line length 38a386390f is described below commit 38a386390fec073826aca1988723fc25f9ac3bc8 Author: Mark Thomas AuthorDate: Wed Nov 1 15:36:25 2023 + Line length --- webapps/docs/changelog.xml | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index b80ed9ee7e..2308566fe1 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -108,8 +108,9 @@ -67667: TLSCertificateReloadListener prints unreadable -rendering of X509Certificate#getNotAfter(). (michaelo) +67667: TLSCertificateReloadListener prints +unreadable rendering of X509Certificate#getNotAfter(). +(michaelo) The status servlet included in the manager webapp can now output @@ -126,8 +127,8 @@ in the event of a failure. (schultz) -67926: PEMFile prints unidentifiable string representation - of ASN.1 OIDs. (michaelo) +67926: PEMFile prints unidentifiable string +representation of ASN.1 OIDs. (michaelo) 66875: Ensure that setting the request attribute - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67628] OpenSSLCipherConfigurationParser#parse() produces misleading false positive cipher warnings
https://bz.apache.org/bugzilla/show_bug.cgi?id=67628 --- Comment #5 from Mark Thomas --- If we pass ciphers directly to OpenSSL then we get different behaviour between JSSE and OpenSSL. This is the issue the current design is trying to avoid - or at least highlight when it happens. What you are seeing is intended behaviour. I remain of the view that better docs and a better log message is the way to address this. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: BZ 66875. jakarta.servlet.error.exception shouldn't start error handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 276e04f3d5 BZ 66875. jakarta.servlet.error.exception shouldn't start
error handling
276e04f3d5 is described below
commit 276e04f3d5ddab68914be9234bdca8fc06bf6412
Author: Mark Thomas
AuthorDate: Wed Nov 1 15:25:44 2023 +
BZ 66875. jakarta.servlet.error.exception shouldn't start error handling
---
java/org/apache/catalina/connector/CoyoteAdapter.java | 4 ++--
webapps/docs/changelog.xml| 5 +
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index edad0edc84..a85c703d81 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -233,8 +233,8 @@ public class CoyoteAdapter implements Adapter {
if (request.isAsyncDispatching()) {
connector.getService().getContainer().getPipeline().getFirst().invoke(request,
response);
-Throwable t = (Throwable)
request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
-if (t != null) {
+if (response.isError()) {
+Throwable t = (Throwable)
request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
asyncConImpl.setErrorState(t, true);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index edac7d0e60..b80ed9ee7e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -129,6 +129,11 @@
67926: PEMFile prints unidentifiable string
representation
of ASN.1 OIDs. (michaelo)
+
+66875: Ensure that setting the request attribute
+jakarta.servlet.error.exception is not sufficient to
+trigger error handling for the current request and response. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66875] Handling async error after spring already handled error
https://bz.apache.org/bugzilla/show_bug.cgi?id=66875 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #12 from Mark Thomas --- Fixed in: - 11.0.x for 11.0.0-M14 onwards - 10.1.x for 10.1.16 onwards - 9.0.x for 9.0.83 onwards - 8.5.x for 8.5.96 onwards Comment #8 identifies the right place for the fix but I think a slightly different fix is called for. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: BZ 66875. jakarta.servlet.error.exception shouldn't start error handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 2c5c9e3a1b BZ 66875. jakarta.servlet.error.exception shouldn't start
error handling
2c5c9e3a1b is described below
commit 2c5c9e3a1b71448c388e6ee07222128401d65743
Author: Mark Thomas
AuthorDate: Wed Nov 1 15:25:44 2023 +
BZ 66875. jakarta.servlet.error.exception shouldn't start error handling
---
java/org/apache/catalina/connector/CoyoteAdapter.java | 4 ++--
webapps/docs/changelog.xml| 5 +
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index 9ee688b854..087cb0cfe3 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -235,8 +235,8 @@ public class CoyoteAdapter implements Adapter {
if (request.isAsyncDispatching()) {
connector.getService().getContainer().getPipeline().getFirst().invoke(request,
response);
-Throwable t = (Throwable)
request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
-if (t != null) {
+if (response.isError()) {
+Throwable t = (Throwable)
request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
asyncConImpl.setErrorState(t, true);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9f96c43e8e..5fb8489a2b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -124,6 +124,11 @@
67926: PEMFile prints unidentifiable string
representation
of ASN.1 OIDs. (michaelo)
+
+66875: Ensure that setting the request attribute
+jakarta.servlet.error.exception is not sufficient to
+trigger error handling for the current request and response. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 8.5.x updated: BZ 66875. jakarta.servlet.error.exception shouldn't start error handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 37789ecd15 BZ 66875. jakarta.servlet.error.exception shouldn't start
error handling
37789ecd15 is described below
commit 37789ecd1551585f812b2b00a9b6b0620f53ae21
Author: Mark Thomas
AuthorDate: Wed Nov 1 15:25:44 2023 +
BZ 66875. jakarta.servlet.error.exception shouldn't start error handling
---
java/org/apache/catalina/connector/CoyoteAdapter.java | 4 ++--
webapps/docs/changelog.xml| 5 +
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index b08d6f2833..e1e077a2b4 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -235,8 +235,8 @@ public class CoyoteAdapter implements Adapter {
if (request.isAsyncDispatching()) {
connector.getService().getContainer().getPipeline().getFirst().invoke(request,
response);
-Throwable t = (Throwable)
request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
-if (t != null) {
+if (response.isError()) {
+Throwable t = (Throwable)
request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
asyncConImpl.setErrorState(t, true);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2340769f7a..cf93ace6ef 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -124,6 +124,11 @@
67926: PEMFile prints unidentifiable string
representation
of ASN.1 OIDs. (michaelo)
+
+66875: Ensure that setting the request attribute
+jakarta.servlet.error.exception is not sufficient to
+trigger error handling for the current request and response. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: BZ 66875. jakarta.servlet.error.exception shouldn't start error handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new eb735f853f BZ 66875. jakarta.servlet.error.exception shouldn't start
error handling
eb735f853f is described below
commit eb735f853f7f1607ff82e70b4fe0f985a4622637
Author: Mark Thomas
AuthorDate: Wed Nov 1 15:25:44 2023 +
BZ 66875. jakarta.servlet.error.exception shouldn't start error handling
---
java/org/apache/catalina/connector/CoyoteAdapter.java | 4 ++--
webapps/docs/changelog.xml| 5 +
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index 6a32e26948..471d2d6da4 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -233,8 +233,8 @@ public class CoyoteAdapter implements Adapter {
if (request.isAsyncDispatching()) {
connector.getService().getContainer().getPipeline().getFirst().invoke(request,
response);
-Throwable t = (Throwable)
request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
-if (t != null) {
+if (response.isError()) {
+Throwable t = (Throwable)
request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
asyncConImpl.setErrorState(t, true);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 89f9ad68db..65cfd9c6be 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -124,6 +124,11 @@
67926: PEMFile prints unidentifiable string
representation
of ASN.1 OIDs. (michaelo)
+
+66875: Ensure that setting the request attribute
+jakarta.servlet.error.exception is not sufficient to
+trigger error handling for the current request and response. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66875] Handling async error after spring already handled error
https://bz.apache.org/bugzilla/show_bug.cgi?id=66875 --- Comment #11 from Mark Thomas --- I think there are two separate issues here. 1. When Spring sets jakarta.servlet.error.exception that triggers Tomcat's internal error handling. Whether Spring should do that and whether that should have the effect it has are the first issue. 2. Tomcat's error handling triggers the onError event. As per SRV.2.3.3.3 (search for "error dispatch") if no listeners call complete() or dispatch() this triggers another error dispatch. It is this second error dispatch that is generating the second error message. Spring and/or the application should be calling complete() or dispatch() as a result of the onError() event. This is the second issue. Next steps are to do some more research on the first issue. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix explicit chunked encoding specification [tomcat]
markt-asf commented on PR #676: URL: https://github.com/apache/tomcat/pull/676#issuecomment-1788896749 The description for the PR confuses request and response. It appears from the code that this PR relates to the response. This PR will not be applied. Whether or not to chunk the response is a container decision, not an application decision. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix explicit chunked encoding specification [tomcat]
markt-asf closed pull request #676: Fix explicit chunked encoding specification URL: https://github.com/apache/tomcat/pull/676 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66875] Handling async error after spring already handled error
https://bz.apache.org/bugzilla/show_bug.cgi?id=66875 --- Comment #10 from Mark Thomas --- (In reply to Nils Kohrs from comment #4) > Here is a minimal project to reproduce it: > https://github.com/nilskohrs/tomcat-bug-66875 Thanks. This reproduces the issue as originally described with Tomcat 10.1.13. I need to set up some debugging to figure out what is going on. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[PR] Fix explicit chunked encoding specification [tomcat]
w1ida opened a new pull request, #676:
URL: https://github.com/apache/tomcat/pull/676
Summary:
This commit fixes a bug in the code related to handling chunked transfer
encoding. The original code only handled chunked transfer encoding when http11
was true, entityBody was true, and connectionClosePresent was false. However,
this did not take into account the case where the request headers indicated
chunked transfer encoding.
The modified code now includes a check for isChunked(headers) in addition to
the existing conditions. This ensures that chunked transfer encoding is
correctly handled when all the specified conditions are met, as well as when
the request headers indicate chunked transfer encoding.
Detailed Explanation:
The original code snippet did not consider the situation where the request
headers explicitly specified chunked transfer encoding. This resulted in a bug
where chunked transfer encoding was not handled correctly.
example:
javax.servlet.http.HttpServletResponse#setHeader("Transfer-encoding","chunked");
javax.servlet.http.HttpServletResponse#setHeader("Connection","close");
The modification addresses this issue by introducing a call to
isChunked(headers) as an additional condition. This ensures that chunked
transfer encoding is handled correctly when all the conditions (http11,
entityBody, connectionClosePresent) are met, or when the request headers
indicate chunked transfer encoding.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66875] Handling async error after spring already handled error
https://bz.apache.org/bugzilla/show_bug.cgi?id=66875 --- Comment #9 from Mark Thomas --- The simpler test case behaves as desired if the response buffer is flushed after the application provided error response is written. I'm not convinced that the test case completely reproduces the reported issue. I'm going to go back to the original reproducer and do some more debugging. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67932] module-info re-export other libraries
https://bz.apache.org/bugzilla/show_bug.cgi?id=67932 Mark Thomas changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #1 from Mark Thomas --- The embedded packages are convenience packages that combine multiple standard Tomcat JARs in a single JAR. Unfortunately, the JPMS doesn't yet support multiple modules in a single JAR: https://openjdk.org/projects/jigsaw/spec/issues/#MultiModuleJARs You'll need to create dependencies on the individual Tomcat JARs you need rather than the embedded versions. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch 1.2.x updated: Better wording for BZ 67818
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new 775330977 Better wording for BZ 67818 775330977 is described below commit 775330977ae41e2da8b7deced20656301ebcc8d8 Author: Mark Thomas AuthorDate: Wed Nov 1 11:41:43 2023 + Better wording for BZ 67818 --- xdocs/miscellaneous/changelog.xml | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index cac6e1b2d..955fd881a 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -45,8 +45,10 @@ Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo) - 67818: SSL.setVerify()/SSLContext.setVerify() - silently set undocumented default verify paths. (michaelo) + 67818: When calling SSL.setVerify() or + SSLContext.setVerify(), the default verify paths are no + longer set. Only the explicitly configured trust store, if any, will be + used to verify client certificates. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Better wording for BZ 67818
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 92aefff80 Better wording for BZ 67818 92aefff80 is described below commit 92aefff803e009f4cb71f0204a37878ebf97f2e4 Author: Mark Thomas AuthorDate: Wed Nov 1 11:40:29 2023 + Better wording for BZ 67818 --- xdocs/miscellaneous/changelog.xml | 17 ++--- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 0aedd8212..8ed614b72 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -34,18 +34,19 @@ - 67538: Make use of Ant'stask - to enfore the mininum Java build version. (michaelo) + 67538: Make use of Ant's + task to enfore the mininum Java build version. (michaelo) - 67615: Windows binary for version 2 has incorrect version suffix - compared to the GNU autoconf version. (michaelo) + 67615: Windows binary for version 2 has incorrect version + suffix compared to the GNU autoconf version. (michaelo) Align default pass phrase prompt with HTTPd on Windows as well. (michaelo) - 67616: o.a.tomcat.jni.SSL contains useless check for old OpenSSL version. (michaelo) + 67616: o.a.tomcat.jni.SSL contains useless check for old + OpenSSL version. (michaelo) Drop useless compile.optimize option. (michaelo) @@ -60,8 +61,10 @@ Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo) - 67818: SSL.setVerify()/SSLContext.setVerify() - silently set undocumented default verify paths. (michaelo) + 67818: When calling SSL.setVerify() or + SSLContext.setVerify(), the default verify paths are no + longer set. Only the explicitly configured trust store, if any, will be + used to verify client certificates. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-11.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/719 Blamelist: Andrei Briukhov , Andrey Bruykhov , Arun Chaitanya Miriappalli , Bailey Brownie , Carsten Klein , ChrissW-R1 , Christopher Schultz , Clément Guillaume , Coty Sutherland , David Blevins , Dmitri Blinov , Eirik Bjorsnos , Emmanuel Bourg , Felix Schumacher , Filip Hanik , Gareth Evans , Herb , Igal Sapir , Jean-Frederic Clere , John Neffenger , Jordan Christiansen , Knut Sander , Konstantin Kolinko , Magnus Reftel , Mal ay Shah , Mark Thomas , Matthew Painter , Michael Osipov , Michael Seele , Mooo , Piotr P. Karwasz , Piotr P. Karwasz , Poison , Rainer Jung , ReO <89302528+jaeyoun...@users.noreply.github.com>, Romain Manni-Bucau , Sokratis Zappis , Sébastien Deleuze , Yordanov , Youyu Song , Zishuo Ding , alexkachanov , dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>, dn121049 , dsoumis , dummy, gohilmca <37513418+gohil...@users.noreply.github.com>, greeng00se , iamjooon2 , ingpyo , jiangtao , lakeoffaith , lihan , lihan , marcorobiati <82662790+marcorobi...@users.noreply.github.com>, remm , schultz , shin-mallang , sim-lus <67785631+sim-...@users.noreply.github.com>, thomasma , vassilismourikis , wyc , xxeol2 , zhenguoli , zsrv <95176387+z...@users.noreply.github.com> Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch main] d7e6c58c444c93742bf53f7228181179ec663645 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 shell_6: 0 compile: 1 shell_7: 0 shell_8: 0 shell_9: 0 shell_10: 0 Rsync docs to nightlies.apache.org: 0 shell_11: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_12: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
