(tomcat) branch main updated: Cleanups
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4648db89a2 Cleanups
4648db89a2 is described below
commit 4648db89a26805ef1ad5212214b7c50d3165c93c
Author: remm
AuthorDate: Wed Dec 13 11:52:53 2023 +0100
Cleanups
Use the log loop when logging errors in the context.
Make some methods private.
Remove duplicate code.
renegotiate does not need sync since it is private and the only caller
is synced.
---
.../util/net/openssl/panama/OpenSSLContext.java| 43 +++---
.../util/net/openssl/panama/OpenSSLEngine.java | 164 ++---
.../tomcat/util/openssl/openssl_h_Macros.java | 5 -
3 files changed, 102 insertions(+), 110 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 729635a942..a5aa2ea8a0 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -100,6 +100,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 |
SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2 |
SSL_PROTOCOL_TLSV1_3);
+static final int OPTIONAL_NO_CA = 3;
+
private static final String BEGIN_KEY = "-BEGIN PRIVATE KEY-\n";
private static final Object END_KEY = "\n-END PRIVATE KEY-";
@@ -136,8 +138,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
private final MemorySegment openSSLCallbackPassword;
private static final ConcurrentHashMap states = new
ConcurrentHashMap<>();
-
-static ContextState getState(MemorySegment ctx) {
+private static ContextState getState(MemorySegment ctx) {
return states.get(Long.valueOf(ctx.address()));
}
@@ -477,8 +478,6 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
return result;
}
-private static final int OPTIONAL_NO_CA = 3;
-
/**
* Setup the SSL_CTX.
*
@@ -564,9 +563,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
// Set int verify_callback(int preverify_ok, X509_STORE_CTX
*x509_ctx) callback
-// Leave this just in case but in Tomcat this is always set again
by the engine
SSL_CTX_set_verify(state.sslCtx, value,
-SSL_CTX_set_verify$callback.allocate(new VerifyCallback(),
contextArena));
+SSL_CTX_set_verify$callback.allocate(new
OpenSSLEngine.VerifyCallback(), contextArena));
// Trust and certificate verification
if (tms != null) {
@@ -778,14 +776,6 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
-private static class VerifyCallback implements SSL_CTX_set_verify$callback
{
-@Override
-public int apply(int preverify_ok, MemorySegment /*X509_STORE_CTX*/
x509ctx) {
-return OpenSSLEngine.openSSLCallbackVerify(preverify_ok, x509ctx);
-}
-}
-
-
private static class CertVerifyCallback implements
SSL_CTX_set_cert_verify_callback$cb {
@Override
public int apply(MemorySegment /*X509_STORE_CTX*/ x509_ctx,
MemorySegment param) {
@@ -942,7 +932,6 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
-@SuppressWarnings("deprecation")
private boolean addCertificate(SSLHostConfigCertificate certificate, Arena
localArena) throws Exception {
int index = getCertificateIndex(certificate);
// Load Server key and certificate
@@ -1375,10 +1364,26 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
private static void logLastError(SegmentAllocator allocator, String
string) {
-var buf = allocator.allocate(ValueLayout.JAVA_BYTE, 128);
-ERR_error_string(ERR_get_error(), buf);
-String err = buf.getString(0);
-log.error(sm.getString(string, err));
+String sslError = null;
+long error = ERR_get_error();
+if (error != SSL_ERROR_NONE()) {
+do {
+// Loop until getLastErrorNumber() returns SSL_ERROR_NONE
+var buf = allocator.allocate(ValueLayout.JAVA_BYTE, 128);
+ERR_error_string(error, buf);
+String err = buf.getString(0);
+if (sslError == null) {
+sslError = err;
+}
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("engine.openSSLError",
Long.toString(error), err));
+}
+}
(tomcat) branch main updated: Cleanups
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new fb382b1552 Cleanups
fb382b1552 is described below
commit fb382b1552d00f4ca5fdc23f66bc1fe347e3965d
Author: remm
AuthorDate: Fri Dec 8 11:26:05 2023 +0100
Cleanups
Remove methods not present in Tomcat 11.
Remove deprecated tags, this is clearly flagged as pre OpenSSL 3.
---
.../tomcat/util/net/openssl/panama/OpenSSLImplementation.java| 9 -
.../apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java| 3 ---
2 files changed, 12 deletions(-)
diff --git
a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLImplementation.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLImplementation.java
index 28d7ae2b8f..260d196b93 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLImplementation.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLImplementation.java
@@ -29,11 +29,6 @@ import org.apache.tomcat.util.net.jsse.JSSESupport;
public class OpenSSLImplementation extends SSLImplementation {
-@Deprecated
-public SSLSupport getSSLSupport(SSLSession session) {
-return new JSSESupport(session, null);
-}
-
@Override
public SSLSupport getSSLSupport(SSLSession session, Map> additionalAttributes) {
return new JSSESupport(session, additionalAttributes);
@@ -44,8 +39,4 @@ public class OpenSSLImplementation extends SSLImplementation {
return new OpenSSLUtil(certificate);
}
-public boolean isAlpnSupported() {
-// OpenSSL supported ALPN
-return true;
-}
}
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
index d184189074..45e3178fc7 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
@@ -95,7 +95,6 @@ public class OpenSSLLibrary {
{ BN_get_rfc3526_prime_2048, NULL, 1025 },
{ BN_get_rfc2409_prime_1024, NULL, 0 }
*/
-@Deprecated
static final class DHParam {
final MemorySegment dh;
final int min;
@@ -106,7 +105,6 @@ public class OpenSSLLibrary {
}
static final DHParam[] dhParameters = new DHParam[6];
-@Deprecated
private static void initDHParameters() {
var dh = DH_new();
var p = BN_get_rfc3526_prime_8192(MemorySegment.NULL);
@@ -146,7 +144,6 @@ public class OpenSSLLibrary {
dhParameters[5] = new DHParam(dh, 0);
}
-@Deprecated
private static void freeDHParameters() {
for (int i = 0; i < dhParameters.length; i++) {
if (dhParameters[i] != null) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Cleanups
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a96d03b81b Cleanups
a96d03b81b is described below
commit a96d03b81be9f4ba196279eac75dc5bbaeb93eef
Author: remm
AuthorDate: Tue Dec 5 14:22:11 2023 +0100
Cleanups
---
.../tomcat/util/openssl/openssl_h_Macros.java | 92 +++---
1 file changed, 63 insertions(+), 29 deletions(-)
diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
b/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
index 627bc004be..2f7c4f33ee 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -33,8 +33,10 @@ public class openssl_h_Macros {
/**
- * Set maximum protocol version on the given context. # define
SSL_CTX_set_max_proto_version(sslCtx, version) \
- * SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+ * Set maximum protocol version on the given context.
+ * {@snippet lang = c : # define SSL_CTX_set_max_proto_version(sslCtx,
version) \
+ *SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+ * }
*
* @param sslCtx the SSL context
* @param version the maximum version
@@ -47,8 +49,10 @@ public class openssl_h_Macros {
/**
- * Set minimum protocol version on the given context. # define
SSL_CTX_set_min_proto_version(sslCtx, version) \
- * SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+ * Set minimum protocol version on the given context.
+ * {@snippet lang = c : # define SSL_CTX_set_min_proto_version(sslCtx,
version) \
+ *SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+ * }
*
* @param sslCtx the SSL context
* @param version the maximum version
@@ -61,8 +65,10 @@ public class openssl_h_Macros {
/**
- * Get the session cache size. # define
SSL_CTX_sess_get_cache_size(sslCtx) \ SSL_CTX_ctrl(sslCtx,
- * SSL_CTRL_GET_SESS_CACHE_SIZE, 0, NULL)
+ * Get the session cache size.
+ * {@snippet lang = c : # define SSL_CTX_sess_get_cache_size(sslCtx) \
+ *SSL_CTX_ctrl(sslCtx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, NULL)
+ * }
*
* @param sslCtx the SSL context
*
@@ -74,8 +80,10 @@ public class openssl_h_Macros {
/**
- * Set the session cache size. # define
SSL_CTX_sess_set_cache_size(sslCtx, t) \ SSL_CTX_ctrl(sslCtx,
- * SSL_CTRL_SET_SESS_CACHE_SIZE, t, NULL)
+ * Set the session cache size.
+ * {@snippet lang = c : # define SSL_CTX_sess_set_cache_size(sslCtx, t) \
+ *SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, NULL)
+ * }
*
* @param sslCtxthe SSL context
* @param cacheSize the session cache size
@@ -88,8 +96,10 @@ public class openssl_h_Macros {
/**
- * Get the session cache mode. # define
SSL_CTX_get_session_cache_mode(sslCtx) \ SSL_CTX_ctrl(sslCtx,
- * SSL_CTRL_GET_SESS_CACHE_MODE, 0, NULL)
+ * Get the session cache mode.
+ * {@snippet lang = c : # define SSL_CTX_get_session_cache_mode(sslCtx) \
+ *SSL_CTX_ctrl(sslCtx, SSL_CTRL_GET_SESS_CACHE_MODE, 0, NULL)
+ * }
*
* @param sslCtx the SSL context
*
@@ -101,8 +111,10 @@ public class openssl_h_Macros {
/**
- * Set the session cache mode. # define
SSL_CTX_set_session_cache_mode(sslCtx, m) \ SSL_CTX_ctrl(sslCtx,
- * SSL_CTRL_SET_SESS_CACHE_MODE, m, NULL)
+ * Set the session cache mode.
+ * {@snippet lang = c : # define SSL_CTX_set_session_cache_mode(sslCtx, m)
\
+ *SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_SESS_CACHE_MODE, m, NULL)
+ * }
*
* @param sslCtxthe SSL context
* @param cacheMode the cache mode, SSL_SESS_CACHE_OFF to disable
@@ -115,8 +127,10 @@ public class openssl_h_Macros {
/**
- * Set the certificate. # define SSL_CTX_add0_chain_cert(sslCtx,x509) \
SSL_CTX_ctrl(sslCtx, SSL_CTRL_CHAIN_CERT, 0,
- * (char *)(x509))
+ * Set the certificate.
+ * {@snippet lang = c : # define SSL_CTX_add0_chain_cert(sslCtx,x509) \
+ *SSL_CTX_ctrl(sslCtx, SSL_CTRL_CHAIN_CERT, 0, (char *)(x509))
+ * }
*
* @param sslCtx the SSL context
* @param x509 the certificate
@@ -129,8 +143,10 @@ public class openssl_h_Macros {
/**
- * Set ticket keys. # define SSL_CTX_set_tlsext_ticket_keys(ctx, keys,
keylen) \
- * SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys))
+ * Set ticket keys.
+ * {@snippet lang = c : # define SSL_CTX_set_tlsext_ticket_keys(ctx, keys,
keylen) \
+ *SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys))
+ * }
*
* @param sslCtxthe SSL context
* @param keys
[tomcat] branch main updated: Cleanups
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a862247 Cleanups
a862247 is described below
commit a862247ef8442ebec536b15f0588040550376c49
Author: remm
AuthorDate: Fri Nov 5 23:12:18 2021 +0100
Cleanups
---
.../util/net/openssl/panama/OpenSSLContext.java| 22 --
.../util/net/openssl/panama/OpenSSLEngine.java | 13 +
2 files changed, 21 insertions(+), 14 deletions(-)
diff --git
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index ee65359..27b9efc 100644
---
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -872,11 +872,11 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
|| certificateVerifyMode == SSL_VERIFY_NONE()) {
return 1;
}
-/*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum ==
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
-|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
-|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
-|| (errnum == X509_V_ERR_CERT_UNTRUSTED) \
-|| (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))*/
+/*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum ==
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
+|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
+|| (errnum == X509_V_ERR_CERT_UNTRUSTED)
+|| (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))*/
boolean verifyErrorIsOptional = (errnum ==
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT())
|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN())
|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY())
@@ -1173,7 +1173,17 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
cert = PEM_read_bio_X509_AUX(bio, MemoryAddress.NULL,
openSSLCallbackPassword, MemoryAddress.NULL);
if (MemoryAddress.NULL.equals(cert) &&
-// FIXME: Unfortunately jextract doesn't convert
this ERR_GET_REASON(ERR_peek_last_error())
+// Missing ERR_GET_REASON(ERR_peek_last_error())
+/*int ERR_GET_REASON(unsigned long errcode) {
+ *if (ERR_SYSTEM_ERROR(errcode))
+ *return errcode & ERR_SYSTEM_MASK;
+ *return errcode & ERR_REASON_MASK;
+ *}
+ *# define ERR_SYSTEM_ERROR(errcode)
(((errcode) & ERR_SYSTEM_FLAG) != 0)
+ *# define ERR_SYSTEM_FLAG
((unsigned int)INT_MAX + 1)
+ *# define ERR_SYSTEM_MASK
((unsigned int)INT_MAX)
+ *# define ERR_REASON_MASK0X7F
+ */
((ERR_peek_last_error() & 0X7F) ==
PEM_R_NO_START_LINE())) {
ERR_clear_error();
BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemoryAddress.NULL);
diff --git
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 29c4ce7..7b920ae 100644
---
a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++
b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -1302,10 +1302,10 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
if (certificateVerifyMode == -1 /*SSL_CVERIFY_UNSET*/ ||
certificateVerifyMode == SSL_VERIFY_NONE()) {
return 1;
}
-/*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum ==
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
-|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
-|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
-|| (errnum == X509_V_ERR_CERT_UNTRUSTED) \
+/*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum ==
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
+
