Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libtcnative-1-0 for openSUSE:Factory
checked in at 2026-06-16 18:30:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libtcnative-1-0 (Old)
and /work/SRC/openSUSE:Factory/.libtcnative-1-0.new.1981 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libtcnative-1-0"
Tue Jun 16 18:30:15 2026 rev:45 rq:1359699 version:1.3.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/libtcnative-1-0/libtcnative-1-0.changes
2026-04-13 23:23:02.234400608 +0200
+++
/work/SRC/openSUSE:Factory/.libtcnative-1-0.new.1981/libtcnative-1-0.changes
2026-06-16 18:30:24.736077806 +0200
@@ -1,0 +2,13 @@
+Tue Jun 16 05:31:05 UTC 2026 - Fridrich Strba <[email protected]>
+
+- Update to 1.3.8
+ * Changes
+ + Fix a memory leak when parsing certificates
+ + Fix two potential memory leaks on error paths identified by
+ Copilot
+ + Fix post handshake authentication when Tomcat is configured
+ with a trust store using JSSE style configuration
+ + Correct expected size of tickets when calling
+ SSLContext.setSessionTicketKeys
+
+-------------------------------------------------------------------
Old:
----
tomcat-native-1.3.7-src.tar.gz
tomcat-native-1.3.7-src.tar.gz.asc
New:
----
tomcat-native-1.3.8-src.tar.gz
tomcat-native-1.3.8-src.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libtcnative-1-0.spec ++++++
--- /var/tmp/diff_new_pack.V0ZqmQ/_old 2026-06-16 18:30:28.576238783 +0200
+++ /var/tmp/diff_new_pack.V0ZqmQ/_new 2026-06-16 18:30:28.576238783 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libtcnative-1-0
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%{!?make_build:%global make_build make %{?_smp_mflags}}
Name: libtcnative-1-0
-Version: 1.3.7
+Version: 1.3.8
Release: 0
Summary: Tomcat resources for performance, compatibility, etc
License: Apache-2.0
++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.V0ZqmQ/_old 2026-06-16 18:30:28.640241465 +0200
+++ /var/tmp/diff_new_pack.V0ZqmQ/_new 2026-06-16 18:30:28.640241465 +0200
@@ -1,6 +1,6 @@
-mtime: 1775732649
-commit: 5eacdc16566a74b371d8a11642482e969c9430342f154d7e928e3d37194dffb0
-url: https://src.opensuse.org/java-packages/libtcnative-1-0.git
-revision: 5eacdc16566a74b371d8a11642482e969c9430342f154d7e928e3d37194dffb0
+mtime: 1781588023
+commit: b2a09b5da6fe5e7c5df4a3a8be9b01dce96c4af0d40f8086d75ca4b9cfce4103
+url: https://src.opensuse.org/java-packages/libtcnative-1-0
+revision: b2a09b5da6fe5e7c5df4a3a8be9b01dce96c4af0d40f8086d75ca4b9cfce4103
projectscmsync: https://src.opensuse.org/java-packages/_ObsPrj
++++++ build.specials.obscpio ++++++
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2026-06-16 07:33:43.000000000 +0200
@@ -0,0 +1 @@
+.osc
++++++ tomcat-native-1.3.7-src.tar.gz -> tomcat-native-1.3.8-src.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tomcat-native-1.3.7-src/CHANGELOG.txt
new/tomcat-native-1.3.8-src/CHANGELOG.txt
--- old/tomcat-native-1.3.7-src/CHANGELOG.txt 2026-03-06 18:22:01.000000000
+0100
+++ new/tomcat-native-1.3.8-src/CHANGELOG.txt 2026-06-12 10:13:55.000000000
+0200
@@ -3,7 +3,18 @@
This is the Changelog for Tomcat Native 1.3.x. The Tomcat Native 1.3.x
branch started from the 1.2.39 tag.
- 1.3.7
+ 1.3.8
+
+ * Fix: Fix a memory leak when parsing certificates. Pull request #44
+ provided by chenjp. (markt)
+ * Fix: Fix two potential memory leaks on error paths identified by
+ Copilot. (markt)
+ * Fix: 69988: Fix post handshake authentication when Tomcat is
+ configured with a trust store using JSSE style configuration. (markt)
+ * Fix: 70102: Correct expected size of tickets when calling
+ SSLContext.setSessionTicketKeys. (markt)
+
+ 2026-03-10 1.3.7
* Code: Refactor access to ASN1_OCTET_STRING to use setters to fix
errors when building against the latest OpenSSL 4.0.x code. (markt)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tomcat-native-1.3.7-src/build.properties.default
new/tomcat-native-1.3.8-src/build.properties.default
--- old/tomcat-native-1.3.7-src/build.properties.default 2026-03-06
18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/build.properties.default 2026-06-11
22:01:29.000000000 +0200
@@ -18,7 +18,7 @@
# ----- Version Control Flags -----
version.major=1
version.minor=3
-version.build=7
+version.build=8
version.patch=0
version.suffix=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tomcat-native-1.3.7-src/docs/index.html
new/tomcat-native-1.3.8-src/docs/index.html
--- old/tomcat-native-1.3.7-src/docs/index.html 2026-03-06 18:22:01.000000000
+0100
+++ new/tomcat-native-1.3.8-src/docs/index.html 2026-06-12 10:13:55.000000000
+0200
@@ -28,10 +28,10 @@
</div><h3 id="Headlines">Headlines</h3><div class="text">
<ul>
-<li><a href="news/2026.html#20260211">11 February 2026 - <b>Tomcat-Native-1.3.6
+<li><a href="news/2026.html#20260310">10 March 2026 - <b>Tomcat-Native-1.3.7
released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability of
-Tomcat Native 1.3.6 Stable.</p>
+Tomcat Native 1.3.7 Stable.</p>
<p>
The sources and the binaries for selected platforms are available from the
<a href="../download-native.cgi">Download page</a>.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/docs/miscellaneous/changelog.html
new/tomcat-native-1.3.8-src/docs/miscellaneous/changelog.html
--- old/tomcat-native-1.3.7-src/docs/miscellaneous/changelog.html
2026-03-06 18:22:01.000000000 +0100
+++ new/tomcat-native-1.3.8-src/docs/miscellaneous/changelog.html
2026-06-12 10:13:55.000000000 +0200
@@ -4,7 +4,26 @@
This is the Changelog for Tomcat Native 1.3.x. The Tomcat Native 1.3.x branch
started from the 1.2.39 tag.
</p>
-</div><h3 id="1.3.7"><span style="float: right;"></span> 1.3.7</h3><div
class="text">
+</div><h3 id="1.3.8"><span style="float: right;"></span> 1.3.8</h3><div
class="text">
+ <ul class="changelog">
+ <li><img alt="Fix: " class="icon" src="../images/fix.gif">
+ Fix a memory leak when parsing certificates. Pull request <a
href="https://github.com/apache/tomcat-native/pull/44";>#44</a>
+ provided by chenjp. (markt)
+ </li>
+ <li><img alt="Fix: " class="icon" src="../images/fix.gif">
+ Fix two potential memory leaks on error paths identified by Copilot.
+ (markt)
+ </li>
+ <li><img alt="Fix: " class="icon" src="../images/fix.gif">
+ <a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=69988";>69988</a>: Fix post
handshake authentication when Tomcat is
+ configured with a trust store using JSSE style configuration. (markt)
+ </li>
+ <li><img alt="Fix: " class="icon" src="../images/fix.gif">
+ <a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=70102";>70102</a>: Correct
expected size of tickets when calling
+ <code>SSLContext.setSessionTicketKeys</code>. (markt)
+ </li>
+ </ul>
+</div><h3 id="1.3.7"><span style="float: right;">2026-03-10</span>
1.3.7</h3><div class="text">
<ul class="changelog">
<li><img alt="Code: " class="icon" src="../images/code.gif">
Refactor access to ASN1_OCTET_STRING to use setters to fix errors when
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tomcat-native-1.3.7-src/docs/news/2026.html
new/tomcat-native-1.3.8-src/docs/news/2026.html
--- old/tomcat-native-1.3.7-src/docs/news/2026.html 2026-03-06
18:22:01.000000000 +0100
+++ new/tomcat-native-1.3.8-src/docs/news/2026.html 2026-06-12
10:13:55.000000000 +0200
@@ -1,6 +1,11 @@
<!DOCTYPE html SYSTEM "about:legacy-compat">
<html lang="en"><head><META http-equiv="Content-Type" content="text/html;
charset=UTF-8"><link href="../images/docs-stylesheet.css" rel="stylesheet"
type="text/css"><link href="../images/style.css" rel="stylesheet"
type="text/css"><title>The Apache Tomcat Native Library 1.3 - News - 2026 News
and Status</title></head><body><div id="wrapper"><header><div
id="header"><div><div><div class="logo noPrint"><a
href="https://tomcat.apache.org/";><img alt="Tomcat Home"
src="../images/tomcat.png"></a></div><div style="height: 1px;"></div><div
class="asfLogo noPrint"><a href="http://www.apache.org/"; target="_blank"><img
src="../images/asf-logo.svg" alt="The Apache Software Foundation" style="width:
266px; height: 83px;"></a></div><h1>The Apache Tomcat Native Library 1.3 -
News</h1><div style="height: 1px;"></div><div style="clear:
left;"></div></div></div></div></header><div id="middle"><div><div
id="mainLeft"
class="noprint"><div><nav><div><h2><strong>Links</strong></h2><ul><li><a
href="../ind
ex.html">Docs Home</a></li></ul></div><div><h2><strong>Miscellaneous
Documentation</strong></h2><ul><li><a
href="../miscellaneous/changelog.html">Changelog</a></li><li><a
href="../miscellaneous/tls-renegotiation.html">TLS
renegotiation</a></li></ul></div><div><h2><strong>News</strong></h2><ul><li><a
href="../news/2026.html">2026</a></li><li><a
href="../news/2024.html">2024</a></li></ul></div></nav></div></div><div
id="mainRight"><div id="content"><h2>2026 News and Status</h2><h3
id="2026_News_&_Status">2026 News & Status</h3><div class="text">
+ <div class="subsection"><h4 id="20260310">10 March 2026 -
Tomcat-Native-1.3.7 released</h4><div class="text">
+ <p>The Apache Tomcat team is proud to announce the immediate
+ availability of Tomcat Native 1.3.7.</p>
+ </div></div>
+
<div class="subsection"><h4 id="20260211">11 February 2026 -
Tomcat-Native-1.3.6 released</h4><div class="text">
<p>The Apache Tomcat team is proud to announce the immediate
availability of Tomcat Native 1.3.6.</p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/AprStatus.java
new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/AprStatus.java
--- old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/AprStatus.java
2026-03-06 18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/AprStatus.java
2026-06-11 22:01:29.000000000 +0200
@@ -27,10 +27,26 @@
private static volatile boolean instanceCreated = false;
private static volatile int openSSLVersion = 0;
+ /**
+ * Prevents instantiation.
+ */
+ private AprStatus() {
+ }
+
+ /**
+ * Returns whether APR has been initialized.
+ *
+ * @return {@code true} if APR has been initialized
+ */
public static boolean isAprInitialized() {
return aprInitialized;
}
+ /**
+ * Returns whether APR is available.
+ *
+ * @return {@code true} if APR is available
+ */
public static boolean isAprAvailable() {
return aprAvailable;
}
@@ -39,18 +55,38 @@
return useAprConnector;
}
+ /**
+ * Returns whether OpenSSL is in use.
+ *
+ * @return {@code true} if OpenSSL is in use
+ */
public static boolean getUseOpenSSL() {
return useOpenSSL;
}
+ /**
+ * Returns whether an APR instance has been created.
+ *
+ * @return {@code true} if an APR instance has been created
+ */
public static boolean isInstanceCreated() {
return instanceCreated;
}
+ /**
+ * Sets the APR initialized status.
+ *
+ * @param aprInitialized the APR initialized status to set
+ */
public static void setAprInitialized(boolean aprInitialized) {
AprStatus.aprInitialized = aprInitialized;
}
+ /**
+ * Sets the APR available status.
+ *
+ * @param aprAvailable the APR available status to set
+ */
public static void setAprAvailable(boolean aprAvailable) {
AprStatus.aprAvailable = aprAvailable;
}
@@ -59,15 +95,27 @@
AprStatus.useAprConnector = useAprConnector;
}
+ /**
+ * Sets whether to use OpenSSL.
+ *
+ * @param useOpenSSL the use OpenSSL status to set
+ */
public static void setUseOpenSSL(boolean useOpenSSL) {
AprStatus.useOpenSSL = useOpenSSL;
}
+ /**
+ * Sets the instance created status.
+ *
+ * @param instanceCreated the instance created status to set
+ */
public static void setInstanceCreated(boolean instanceCreated) {
AprStatus.instanceCreated = instanceCreated;
}
/**
+ * Returns the OpenSSL version.
+ *
* @return the openSSLVersion
*/
public static int getOpenSSLVersion() {
@@ -75,6 +123,8 @@
}
/**
+ * Sets the OpenSSL version.
+ *
* @param openSSLVersion the openSSLVersion to set
*/
public static void setOpenSSLVersion(int openSSLVersion) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/Buffer.java
new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/Buffer.java
--- old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/Buffer.java
2026-03-06 18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/Buffer.java
2026-06-11 22:01:29.000000000 +0200
@@ -23,6 +23,9 @@
*/
public class Buffer {
+ /** Utility class - do not instantiate. */
+ private Buffer() { }
+
/**
* Allocate a new ByteBuffer from memory
*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/Library.java
new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/Library.java
--- old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/Library.java
2026-03-06 18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/Library.java
2026-06-11 22:01:29.000000000 +0200
@@ -22,6 +22,9 @@
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
+/**
+ * Manages loading of the Tomcat Native (tcnative) library.
+ */
public final class Library {
/*
@@ -144,27 +147,51 @@
/* Internal function for loading APR sizes */
private static native int size(int what);
- /* TCN_MAJOR_VERSION */
+ /**
+ * TCN major version.
+ */
public static int TCN_MAJOR_VERSION = 0;
- /* TCN_MINOR_VERSION */
+ /**
+ * TCN minor version.
+ */
public static int TCN_MINOR_VERSION = 0;
- /* TCN_PATCH_VERSION */
+ /**
+ * TCN patch version.
+ */
public static int TCN_PATCH_VERSION = 0;
- /* TCN_IS_DEV_VERSION */
+ /**
+ * TCN is development version flag.
+ */
public static int TCN_IS_DEV_VERSION = 0;
- /* APR_MAJOR_VERSION */
+ /**
+ * APR major version.
+ */
public static int APR_MAJOR_VERSION = 0;
- /* APR_MINOR_VERSION */
+ /**
+ * APR minor version.
+ */
public static int APR_MINOR_VERSION = 0;
- /* APR_PATCH_VERSION */
+ /**
+ * APR patch version.
+ */
public static int APR_PATCH_VERSION = 0;
- /* APR_IS_DEV_VERSION */
+ /**
+ * APR is development version flag.
+ */
public static int APR_IS_DEV_VERSION = 0;
- /* TCN_VERSION_STRING */
+ /**
+ * Returns the TCN version string.
+ *
+ * @return the TCN version string
+ */
public static native String versionString();
- /* APR_VERSION_STRING */
+ /**
+ * Returns the APR version string.
+ *
+ * @return the APR version string
+ */
public static native String aprVersionString();
/* APR Feature Macros */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/LibraryNotFoundError.java
new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/LibraryNotFoundError.java
---
old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/LibraryNotFoundError.java
2026-03-06 18:21:34.000000000 +0100
+++
new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/LibraryNotFoundError.java
2026-06-11 22:01:29.000000000 +0200
@@ -16,21 +16,34 @@
*/
package org.apache.tomcat.jni;
+/**
+ * Exception thrown when a required native library cannot be found.
+ */
public class LibraryNotFoundError extends UnsatisfiedLinkError {
private static final long serialVersionUID = 1L;
+ /**
+ * The names of the libraries that failed to load.
+ */
private final String libraryNames;
/**
+ * Constructs an instance with the given library names and error messages.
+ *
* @param libraryNames A list of the file names of the native libraries
that failed to load
- * @param errors A list of the error messages received when trying
to load each of the libraries
+ * @param errors A list of the error messages received when trying to load
each of the libraries
*/
public LibraryNotFoundError(String libraryNames, String errors) {
super(errors);
this.libraryNames = libraryNames;
}
+ /**
+ * Returns the names of the libraries that failed to load.
+ *
+ * @return the library names
+ */
public String getLibraryNames() {
return libraryNames;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/Pool.java
new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/Pool.java
--- old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/Pool.java
2026-03-06 18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/Pool.java
2026-06-11 22:01:29.000000000 +0200
@@ -19,11 +19,17 @@
import java.nio.ByteBuffer;
/**
- * Provides access to APR memory pools which are used to manage memory
allocations for natively created instances.
- */
+ * Provides access to APR memory pools which are used to manage memory
allocations for natively created instances.
+ */
public class Pool {
/**
+ * Default constructor required by JNI.
+ */
+ public Pool() {
+ }
+
+ /**
* Create a new pool.
*
* @param parent The parent pool. If this is 0, the new pool is a root
pool. If it is non-zero, the new pool will
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/SSL.java
new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/SSL.java
--- old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/SSL.java
2026-03-06 18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/SSL.java
2026-06-11 22:01:29.000000000 +0200
@@ -16,60 +16,168 @@
*/
package org.apache.tomcat.jni;
+/**
+ * JNI bindings for OpenSSL SSL functionality.
+ */
public final class SSL {
+ /**
+ * Private constructor to prevent instantiation.
+ */
+ private SSL() {
+ }
+
/*
* Type definitions mostly from mod_ssl
*/
+ /**
+ * Unset value.
+ */
public static final int UNSET = -1;
/*
* Define the certificate algorithm types
*/
+ /**
+ * Unknown algorithm type.
+ */
public static final int SSL_ALGO_UNKNOWN = 0;
+ /**
+ * RSA algorithm type.
+ */
public static final int SSL_ALGO_RSA = (1 << 0);
+ /**
+ * DSA algorithm type.
+ */
public static final int SSL_ALGO_DSA = (1 << 1);
+ /**
+ * All algorithm types.
+ */
public static final int SSL_ALGO_ALL = (SSL_ALGO_RSA | SSL_ALGO_DSA);
+ /**
+ * RSA algorithm index.
+ */
public static final int SSL_AIDX_RSA = 0;
+ /**
+ * DSA algorithm index.
+ */
public static final int SSL_AIDX_DSA = 1;
+ /**
+ * ECC algorithm index.
+ */
public static final int SSL_AIDX_ECC = 3;
+ /**
+ * Maximum algorithm index.
+ */
public static final int SSL_AIDX_MAX = 4;
/*
* Define IDs for the temporary RSA keys and DH params
*/
+ /**
+ * 512-bit temporary RSA key.
+ */
public static final int SSL_TMP_KEY_RSA_512 = 0;
+ /**
+ * 1024-bit temporary RSA key.
+ */
public static final int SSL_TMP_KEY_RSA_1024 = 1;
+ /**
+ * 2048-bit temporary RSA key.
+ */
public static final int SSL_TMP_KEY_RSA_2048 = 2;
+ /**
+ * 4096-bit temporary RSA key.
+ */
public static final int SSL_TMP_KEY_RSA_4096 = 3;
+ /**
+ * 512-bit temporary DH key.
+ */
public static final int SSL_TMP_KEY_DH_512 = 4;
+ /**
+ * 1024-bit temporary DH key.
+ */
public static final int SSL_TMP_KEY_DH_1024 = 5;
+ /**
+ * 2048-bit temporary DH key.
+ */
public static final int SSL_TMP_KEY_DH_2048 = 6;
+ /**
+ * 4096-bit temporary DH key.
+ */
public static final int SSL_TMP_KEY_DH_4096 = 7;
+ /**
+ * Maximum temporary key ID.
+ */
public static final int SSL_TMP_KEY_MAX = 8;
/*
* Define the SSL options
*/
+ /**
+ * No SSL options.
+ */
public static final int SSL_OPT_NONE = 0;
+ /**
+ * SSL option for relative settings.
+ */
public static final int SSL_OPT_RELSET = (1 << 0);
+ /**
+ * SSL option for standard environment variables.
+ */
public static final int SSL_OPT_STDENVVARS = (1 << 1);
+ /**
+ * SSL option for exporting certificate data.
+ */
public static final int SSL_OPT_EXPORTCERTDATA = (1 << 3);
+ /**
+ * SSL option for fake basic authentication.
+ */
public static final int SSL_OPT_FAKEBASICAUTH = (1 << 4);
+ /**
+ * SSL option for strict require.
+ */
public static final int SSL_OPT_STRICTREQUIRE = (1 << 5);
+ /**
+ * SSL option for optional renegotiation.
+ */
public static final int SSL_OPT_OPTRENEGOTIATE = (1 << 6);
+ /**
+ * All SSL options combined.
+ */
public static final int SSL_OPT_ALL = (SSL_OPT_STDENVVARS |
SSL_OPT_EXPORTCERTDATA | SSL_OPT_FAKEBASICAUTH |
SSL_OPT_STRICTREQUIRE | SSL_OPT_OPTRENEGOTIATE);
/*
* Define the SSL Protocol options
*/
+ /**
+ * No protocol options.
+ */
public static final int SSL_PROTOCOL_NONE = 0;
+ /**
+ * SSLv2 protocol.
+ */
public static final int SSL_PROTOCOL_SSLV2 = (1 << 0);
+ /**
+ * SSLv3 protocol.
+ */
public static final int SSL_PROTOCOL_SSLV3 = (1 << 1);
+ /**
+ * TLSv1.0 protocol.
+ */
public static final int SSL_PROTOCOL_TLSV1 = (1 << 2);
+ /**
+ * TLSv1.1 protocol.
+ */
public static final int SSL_PROTOCOL_TLSV1_1 = (1 << 3);
+ /**
+ * TLSv1.2 protocol.
+ */
public static final int SSL_PROTOCOL_TLSV1_2 = (1 << 4);
+ /**
+ * TLSv1.3 protocol.
+ */
public static final int SSL_PROTOCOL_TLSV1_3 = (1 << 5);
public static final int SSL_PROTOCOL_ALL;
@@ -86,30 +194,87 @@
/*
* Define the SSL verify levels
*/
+ /**
+ * Client verification unset.
+ */
public static final int SSL_CVERIFY_UNSET = UNSET;
+ /**
+ * No client certificate verification.
+ */
public static final int SSL_CVERIFY_NONE = 0;
+ /**
+ * Optional client certificate verification.
+ */
public static final int SSL_CVERIFY_OPTIONAL = 1;
+ /**
+ * Required client certificate verification.
+ */
public static final int SSL_CVERIFY_REQUIRE = 2;
+ /**
+ * Optional client certificate verification without CA requirement.
+ */
public static final int SSL_CVERIFY_OPTIONAL_NO_CA = 3;
/*
* Use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are
'ored' with SSL_VERIFY_PEER if they are
* desired
*/
+ /**
+ * No peer verification.
+ */
public static final int SSL_VERIFY_NONE = 0;
+ /**
+ * Verify peer certificate.
+ */
public static final int SSL_VERIFY_PEER = 1;
+ /**
+ * Fail if no peer certificate is presented.
+ */
public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2;
+ /**
+ * Only verify client certificate once per session.
+ */
public static final int SSL_VERIFY_CLIENT_ONCE = 4;
+ /**
+ * Strict peer verification including certificate requirement.
+ */
public static final int SSL_VERIFY_PEER_STRICT = (SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
+ /**
+ * Workaround for Microsoft session ID bug.
+ */
public static final int SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001;
+ /**
+ * Workaround for Netscape challenge bug.
+ */
public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002;
+ /**
+ * Workaround for Netscape cipher change bug.
+ */
public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG =
0x00000008;
+ /**
+ * Workaround for SSLREF2 certificate type reuse bug.
+ */
public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000010;
+ /**
+ * Workaround for Microsoft SSLv3 buffer bug.
+ */
public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000020;
+ /**
+ * Workaround for MSIE SSLv2 RSA padding bug.
+ */
public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000040;
+ /**
+ * Workaround for SSLeay 0.8.0 client DH bug.
+ */
public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000080;
+ /**
+ * Workaround for TLS D5 bug.
+ */
public static final int SSL_OP_TLS_D5_BUG = 0x00000100;
+ /**
+ * Workaround for TLS block padding bug.
+ */
public static final int SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000200;
/*
@@ -117,43 +282,91 @@
* application protocol) the workaround is not needed. Unfortunately some
broken SSL/TLS implementations cannot
* handle it at all, which is why we include it in SSL_OP_ALL.
*/
+ /**
+ * Disable empty fragment insertion for CBC vulnerability workaround.
+ */
public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00000800;
/*
* SSL_OP_ALL: various bug workarounds that should be rather harmless.
This used to be 0x000FFFFFL before 0.9.7.
*/
+ /**
+ * All bug workaround options combined.
+ */
public static final int SSL_OP_ALL = 0x00000FFF;
- /* As server, disallow session resumption on renegotiation */
+/* As server, disallow session resumption on renegotiation */
+ /**
+ * Disallow session resumption on renegotiation.
+ */
public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION =
0x00010000;
/* Don't use compression even if supported */
+ /**
+ * Disable compression.
+ */
public static final int SSL_OP_NO_COMPRESSION = 0x00020000;
/* Permit unsafe legacy renegotiation */
+ /**
+ * Allow unsafe legacy renegotiation.
+ */
public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION =
0x00040000;
/* If set, always create a new key when using tmp_eddh parameters */
+ /**
+ * Always create a new key when using ECDH parameters.
+ */
public static final int SSL_OP_SINGLE_ECDH_USE = 0x00080000;
/* If set, always create a new key when using tmp_dh parameters */
+ /**
+ * Always create a new key when using DH parameters.
+ */
public static final int SSL_OP_SINGLE_DH_USE = 0x00100000;
/*
* Set to always use the tmp_rsa key when doing RSA operations, even when
this violates protocol specs
*/
+ /**
+ * Always use ephemeral RSA key for RSA operations.
+ */
public static final int SSL_OP_EPHEMERAL_RSA = 0x00200000;
/*
* Set on servers to choose the cipher according to the server's
preferences
*/
+ /**
+ * Server prefers its own cipher order.
+ */
public static final int SSL_OP_CIPHER_SERVER_PREFERENCE = 0x00400000;
/*
* If set, a server will allow a client to issue an SSLv3.0 version number
as latest version supported in the
* premaster secret, even when TLSv1.0 (version 3.1) was announced in the
client hello. Normally this is forbidden
* to prevent version rollback attacks.
*/
+ /**
+ * Allow TLS rollback bug workaround.
+ */
public static final int SSL_OP_TLS_ROLLBACK_BUG = 0x00800000;
+ /**
+ * Disable SSLv2 protocol.
+ */
public static final int SSL_OP_NO_SSLv2 = 0x01000000;
+ /**
+ * Disable SSLv3 protocol.
+ */
public static final int SSL_OP_NO_SSLv3 = 0x02000000;
+ /**
+ * Disable TLSv1.0 protocol.
+ */
public static final int SSL_OP_NO_TLSv1 = 0x04000000;
+ /**
+ * Disable TLSv1.2 protocol.
+ */
public static final int SSL_OP_NO_TLSv1_2 = 0x08000000;
+ /**
+ * Disable TLSv1.1 protocol.
+ */
public static final int SSL_OP_NO_TLSv1_1 = 0x10000000;
+ /**
+ * Disable TLS session tickets.
+ */
public static final int SSL_OP_NO_TICKET = 0x00004000;
// SSL_OP_PKCS1_CHECK_1 and SSL_OP_PKCS1_CHECK_2 flags are unsupported
@@ -169,101 +382,322 @@
*/
@Deprecated
public static final int SSL_OP_PKCS1_CHECK_2 = 0x10000000;
+ /**
+ * Workaround for Netscape CA DN bug.
+ */
public static final int SSL_OP_NETSCAPE_CA_DN_BUG = 0x20000000;
+ /**
+ * Workaround for Netscape demo cipher change bug.
+ */
public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG =
0x40000000;
+ /**
+ * Undefined certificate format.
+ */
public static final int SSL_CRT_FORMAT_UNDEF = 0;
+ /**
+ * ASN.1 certificate format.
+ */
public static final int SSL_CRT_FORMAT_ASN1 = 1;
+ /**
+ * Text certificate format.
+ */
public static final int SSL_CRT_FORMAT_TEXT = 2;
+ /**
+ * PEM certificate format.
+ */
public static final int SSL_CRT_FORMAT_PEM = 3;
+ /**
+ * Netscape certificate format.
+ */
public static final int SSL_CRT_FORMAT_NETSCAPE = 4;
+ /**
+ * PKCS12 certificate format.
+ */
public static final int SSL_CRT_FORMAT_PKCS12 = 5;
+ /**
+ * S/MIME certificate format.
+ */
public static final int SSL_CRT_FORMAT_SMIME = 6;
+ /**
+ * Engine certificate format.
+ */
public static final int SSL_CRT_FORMAT_ENGINE = 7;
+ /**
+ * Client SSL mode.
+ */
public static final int SSL_MODE_CLIENT = 0;
+ /**
+ * Server SSL mode.
+ */
public static final int SSL_MODE_SERVER = 1;
+ /**
+ * Combined client and server SSL mode.
+ */
public static final int SSL_MODE_COMBINED = 2;
+ /**
+ * Configuration flag for command line.
+ */
public static final int SSL_CONF_FLAG_CMDLINE = 0x0001;
+ /**
+ * Configuration flag for file.
+ */
public static final int SSL_CONF_FLAG_FILE = 0x0002;
+ /**
+ * Configuration flag for client.
+ */
public static final int SSL_CONF_FLAG_CLIENT = 0x0004;
+ /**
+ * Configuration flag for server.
+ */
public static final int SSL_CONF_FLAG_SERVER = 0x0008;
+ /**
+ * Configuration flag to show errors.
+ */
public static final int SSL_CONF_FLAG_SHOW_ERRORS = 0x0010;
+ /**
+ * Configuration flag for certificate context.
+ */
public static final int SSL_CONF_FLAG_CERTIFICATE = 0x0020;
+ /**
+ * Unknown configuration type.
+ */
public static final int SSL_CONF_TYPE_UNKNOWN = 0x0000;
+ /**
+ * String configuration type.
+ */
public static final int SSL_CONF_TYPE_STRING = 0x0001;
+ /**
+ * File configuration type.
+ */
public static final int SSL_CONF_TYPE_FILE = 0x0002;
+ /**
+ * Directory configuration type.
+ */
public static final int SSL_CONF_TYPE_DIR = 0x0003;
+ /**
+ * Shutdown type unset.
+ */
public static final int SSL_SHUTDOWN_TYPE_UNSET = 0;
+ /**
+ * Standard shutdown type.
+ */
public static final int SSL_SHUTDOWN_TYPE_STANDARD = 1;
+ /**
+ * Unclean shutdown type.
+ */
public static final int SSL_SHUTDOWN_TYPE_UNCLEAN = 2;
+ /**
+ * Accurate shutdown type.
+ */
public static final int SSL_SHUTDOWN_TYPE_ACCURATE = 3;
+ /**
+ * Info flag for session ID.
+ */
public static final int SSL_INFO_SESSION_ID = 0x0001;
+ /**
+ * Info flag for cipher name.
+ */
public static final int SSL_INFO_CIPHER = 0x0002;
+ /**
+ * Info flag for cipher effective key size.
+ */
public static final int SSL_INFO_CIPHER_USEKEYSIZE = 0x0003;
+ /**
+ * Info flag for cipher algorithm key size.
+ */
public static final int SSL_INFO_CIPHER_ALGKEYSIZE = 0x0004;
+ /**
+ * Info flag for cipher version.
+ */
public static final int SSL_INFO_CIPHER_VERSION = 0x0005;
+ /**
+ * Info flag for cipher description.
+ */
public static final int SSL_INFO_CIPHER_DESCRIPTION = 0x0006;
+ /**
+ * Info flag for protocol version.
+ */
public static final int SSL_INFO_PROTOCOL = 0x0007;
/*
* To obtain the CountryName of the Client Certificate Issuer use the
SSL_INFO_CLIENT_I_DN + SSL_INFO_DN_COUNTRYNAME
*/
+ /**
+ * Info flag for client subject distinguished name.
+ */
public static final int SSL_INFO_CLIENT_S_DN = 0x0010;
+ /**
+ * Info flag for client issuer distinguished name.
+ */
public static final int SSL_INFO_CLIENT_I_DN = 0x0020;
+ /**
+ * Info flag for server subject distinguished name.
+ */
public static final int SSL_INFO_SERVER_S_DN = 0x0040;
+ /**
+ * Info flag for server issuer distinguished name.
+ */
public static final int SSL_INFO_SERVER_I_DN = 0x0080;
+ /**
+ * DN field for country name.
+ */
public static final int SSL_INFO_DN_COUNTRYNAME = 0x0001;
+ /**
+ * DN field for state or province name.
+ */
public static final int SSL_INFO_DN_STATEORPROVINCENAME = 0x0002;
+ /**
+ * DN field for locality name.
+ */
public static final int SSL_INFO_DN_LOCALITYNAME = 0x0003;
+ /**
+ * DN field for organization name.
+ */
public static final int SSL_INFO_DN_ORGANIZATIONNAME = 0x0004;
+ /**
+ * DN field for organizational unit name.
+ */
public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME = 0x0005;
+ /**
+ * DN field for common name.
+ */
public static final int SSL_INFO_DN_COMMONNAME = 0x0006;
+ /**
+ * DN field for title.
+ */
public static final int SSL_INFO_DN_TITLE = 0x0007;
+ /**
+ * DN field for initials.
+ */
public static final int SSL_INFO_DN_INITIALS = 0x0008;
+ /**
+ * DN field for given name.
+ */
public static final int SSL_INFO_DN_GIVENNAME = 0x0009;
+ /**
+ * DN field for surname.
+ */
public static final int SSL_INFO_DN_SURNAME = 0x000A;
+ /**
+ * DN field for description.
+ */
public static final int SSL_INFO_DN_DESCRIPTION = 0x000B;
+ /**
+ * DN field for unique identifier.
+ */
public static final int SSL_INFO_DN_UNIQUEIDENTIFIER = 0x000C;
+ /**
+ * DN field for email address.
+ */
public static final int SSL_INFO_DN_EMAILADDRESS = 0x000D;
+ /**
+ * Info flag for client certificate version.
+ */
public static final int SSL_INFO_CLIENT_M_VERSION = 0x0101;
+ /**
+ * Info flag for client certificate serial number.
+ */
public static final int SSL_INFO_CLIENT_M_SERIAL = 0x0102;
+ /**
+ * Info flag for client certificate validity start.
+ */
public static final int SSL_INFO_CLIENT_V_START = 0x0103;
+ /**
+ * Info flag for client certificate validity end.
+ */
public static final int SSL_INFO_CLIENT_V_END = 0x0104;
+ /**
+ * Info flag for client certificate signature algorithm.
+ */
public static final int SSL_INFO_CLIENT_A_SIG = 0x0105;
+ /**
+ * Info flag for client certificate public key algorithm.
+ */
public static final int SSL_INFO_CLIENT_A_KEY = 0x0106;
+ /**
+ * Info flag for client certificate data.
+ */
public static final int SSL_INFO_CLIENT_CERT = 0x0107;
+ /**
+ * Info flag for client certificate validity remaining.
+ */
public static final int SSL_INFO_CLIENT_V_REMAIN = 0x0108;
+ /**
+ * Info flag for server certificate version.
+ */
public static final int SSL_INFO_SERVER_M_VERSION = 0x0201;
+ /**
+ * Info flag for server certificate serial number.
+ */
public static final int SSL_INFO_SERVER_M_SERIAL = 0x0202;
+ /**
+ * Info flag for server certificate validity start.
+ */
public static final int SSL_INFO_SERVER_V_START = 0x0203;
+ /**
+ * Info flag for server certificate validity end.
+ */
public static final int SSL_INFO_SERVER_V_END = 0x0204;
+ /**
+ * Info flag for server certificate signature algorithm.
+ */
public static final int SSL_INFO_SERVER_A_SIG = 0x0205;
+ /**
+ * Info flag for server certificate public key algorithm.
+ */
public static final int SSL_INFO_SERVER_A_KEY = 0x0206;
+ /**
+ * Info flag for server certificate data.
+ */
public static final int SSL_INFO_SERVER_CERT = 0x0207;
/*
* Return client certificate chain. Add certificate chain number to that
flag (0 ... verify depth)
*/
+ /**
+ * Info flag for client certificate chain.
+ */
public static final int SSL_INFO_CLIENT_CERT_CHAIN = 0x0400;
/* Only support OFF and SERVER for now */
+ /**
+ * Session cache disabled.
+ */
public static final long SSL_SESS_CACHE_OFF = 0x0000;
+ /**
+ * Session cache enabled for server.
+ */
public static final long SSL_SESS_CACHE_SERVER = 0x0002;
+ /**
+ * Do not advertise protocol on selector failure.
+ */
public static final int SSL_SELECTOR_FAILURE_NO_ADVERTISE = 0;
+ /**
+ * Choose last protocol on selector failure.
+ */
public static final int SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL = 1;
- /* Return OpenSSL version number (compile time version, if version <
1.1.0) */
+ /**
+ * Return OpenSSL version number (compile time version, if version <
1.1.0).
+ *
+ * @return OpenSSL version number
+ */
public static native int version();
- /* Return OpenSSL version string (run time version) */
+ /**
+ * Return OpenSSL version string (run time version).
+ *
+ * @return OpenSSL version string
+ */
public static native String versionString();
/**
@@ -436,17 +870,50 @@
* Begin Twitter API additions
*/
+ /**
+ * Shutdown has been sent.
+ */
public static final int SSL_SENT_SHUTDOWN = 1;
+ /**
+ * Shutdown has been received.
+ */
public static final int SSL_RECEIVED_SHUTDOWN = 2;
+ /**
+ * No SSL error.
+ */
public static final int SSL_ERROR_NONE = 0;
+ /**
+ * SSL library error.
+ */
public static final int SSL_ERROR_SSL = 1;
+ /**
+ * SSL operation would block reading.
+ */
public static final int SSL_ERROR_WANT_READ = 2;
+ /**
+ * SSL operation would block writing.
+ */
public static final int SSL_ERROR_WANT_WRITE = 3;
+ /**
+ * SSL operation wants X.509 lookup.
+ */
public static final int SSL_ERROR_WANT_X509_LOOKUP = 4;
+ /**
+ * SSL syscall error.
+ */
public static final int SSL_ERROR_SYSCALL = 5; /* look at error
stack/return value/errno */
+ /**
+ * SSL connection closed cleanly (zero return).
+ */
public static final int SSL_ERROR_ZERO_RETURN = 6;
+ /**
+ * SSL operation wants connect.
+ */
public static final int SSL_ERROR_WANT_CONNECT = 7;
+ /**
+ * SSL operation wants accept.
+ */
public static final int SSL_ERROR_WANT_ACCEPT = 8;
/**
@@ -674,6 +1141,8 @@
*/
public static native int getPostHandshakeAuthInProgress(long ssl);
+ public static native void markPostHandshakeAuthComplete(long ssl);
+
/**
* SSL_in_init.
*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/SSLConf.java
new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/SSLConf.java
--- old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/SSLConf.java
2026-03-06 18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/SSLConf.java
2026-06-11 22:01:29.000000000 +0200
@@ -16,9 +16,19 @@
*/
package org.apache.tomcat.jni;
+/**
+ * JNI bindings for OpenSSL SSL_CONF operations.
+ */
public final class SSLConf {
/**
+ * Default constructor. This class provides only static methods.
+ */
+ public SSLConf() {
+ super();
+ }
+
+ /**
* Create a new SSL_CONF context.
*
* @param pool The pool to use.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/SSLContext.java
new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/SSLContext.java
--- old/tomcat-native-1.3.7-src/java/org/apache/tomcat/jni/SSLContext.java
2026-03-06 18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/java/org/apache/tomcat/jni/SSLContext.java
2026-06-11 22:01:29.000000000 +0200
@@ -20,8 +20,21 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+/**
+ * JNI bindings for OpenSSL SSL_CTX operations.
+ */
public final class SSLContext {
+ /**
+ * Default constructor. This class provides only static methods.
+ */
+ public SSLContext() {
+ super();
+ }
+
+ /**
+ * Default session ID context value.
+ */
public static final byte[] DEFAULT_SESSION_ID_CONTEXT = new byte[] { 'd',
'e', 'f', 'a', 'u', 'l', 't' };
/**
@@ -302,28 +315,114 @@
/*
* Session resumption statistics methods.
http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html
*/
+
+ /**
+ * Returns the total number of session attempts accepted by the server.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of accepted sessions
+ */
public static native long sessionAccept(long ctx);
+ /**
+ * Returns the number of sessions actually reused on the server side.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of good session accepts
+ */
public static native long sessionAcceptGood(long ctx);
+ /**
+ * Returns the number of session renegotiations on the server side.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session renegotiations accepted
+ */
public static native long sessionAcceptRenegotiate(long ctx);
+ /**
+ * Returns the number of times the session cache grew to the maximum
allowed size and therefore further entries
+ * could not be inserted.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of times the session cache was full
+ */
public static native long sessionCacheFull(long ctx);
+ /**
+ * Returns the number of sessions that were resumed by the callback.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session callback hits
+ */
public static native long sessionCbHits(long ctx);
+ /**
+ * Returns the total number of session connection attempts by the client.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session connects
+ */
public static native long sessionConnect(long ctx);
+ /**
+ * Returns the number of sessions that were actually reused on the client
side.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of good session connects
+ */
public static native long sessionConnectGood(long ctx);
+ /**
+ * Returns the number of session renegotiations on the client side.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session renegotiations connected
+ */
public static native long sessionConnectRenegotiate(long ctx);
+ /**
+ * Returns the number of sessions that were actually reused (hits).
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session hits
+ */
public static native long sessionHits(long ctx);
+ /**
+ * Returns the number of sessions that were not found in the cache
(misses).
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session misses
+ */
public static native long sessionMisses(long ctx);
+ /**
+ * Returns the total number of sessions currently in the cache.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The total number of sessions
+ */
public static native long sessionNumber(long ctx);
+ /**
+ * Returns the number of sessions that have timed out.
+ *
+ * @param ctx Server or Client context to use.
+ *
+ * @return The number of session timeouts
+ */
public static native long sessionTimeouts(long ctx);
/**
@@ -428,7 +527,10 @@
*
* @return The Java representation of the pointer to the OpenSSL
SSLContext to use for the given host or zero if no
* SSLContext could be identified
+ *
+ * @deprecated Unused. Will be removed in Tomcat 12
*/
+ @Deprecated
public static long sniCallBack(long currentCtx, String sniHostName) {
SNICallBack sniCallBack = sniCallBacks.get(Long.valueOf(currentCtx));
if (sniCallBack == null) {
@@ -483,7 +585,10 @@
/**
* Interface implemented by components that will receive the call back to
select an OpenSSL SSLContext based on the
* host name requested by the client.
+ *
+ * @deprecated Unused. Will be removed in Tomcat 12
*/
+ @Deprecated
public interface SNICallBack {
/**
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tomcat-native-1.3.7-src/native/include/tcn_version.h
new/tomcat-native-1.3.8-src/native/include/tcn_version.h
--- old/tomcat-native-1.3.7-src/native/include/tcn_version.h 2026-03-06
18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/native/include/tcn_version.h 2026-06-11
22:01:29.000000000 +0200
@@ -63,7 +63,7 @@
#define TCN_MINOR_VERSION 3
/** patch level */
-#define TCN_PATCH_VERSION 7
+#define TCN_PATCH_VERSION 8
/**
* This symbol is defined for internal, "development" copies of TCN. This
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/native/os/win32/libtcnative.rc
new/tomcat-native-1.3.8-src/native/os/win32/libtcnative.rc
--- old/tomcat-native-1.3.7-src/native/os/win32/libtcnative.rc 2026-03-06
18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/native/os/win32/libtcnative.rc 2026-06-11
22:01:29.000000000 +0200
@@ -19,7 +19,7 @@
"See the License for the specific language governing " \
"permissions and limitations under the License."
-#define TCN_VERSION "1.3.7"
+#define TCN_VERSION "1.3.8"
1000 ICON "apache.ico"
1001 DIALOGEX 0, 0, 252, 51
@@ -35,8 +35,8 @@
END
1 VERSIONINFO
- FILEVERSION 1,3,7,0
- PRODUCTVERSION 1,3,7,0
+ FILEVERSION 1,3,8,0
+ PRODUCTVERSION 1,3,8,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tomcat-native-1.3.7-src/native/src/ssl.c
new/tomcat-native-1.3.8-src/native/src/ssl.c
--- old/tomcat-native-1.3.7-src/native/src/ssl.c 2026-03-06
18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/native/src/ssl.c 2026-06-11
22:01:29.000000000 +0200
@@ -1390,6 +1390,25 @@
/*** End Twitter API Additions ***/
+TCN_IMPLEMENT_CALL(void, SSL, markPostHandshakeAuthComplete)(TCN_STDARGS,
+ jlong ssl /* SSL
* */) {
+#if defined(SSL_OP_NO_TLSv1_3)
+ SSL *ssl_ = J2P(ssl, SSL *);
+ tcn_ssl_conn_t *con;
+
+ if (ssl_ == NULL) {
+ tcn_ThrowException(e, "ssl is null");
+ return;
+ }
+
+ UNREFERENCED(o);
+
+ con = (tcn_ssl_conn_t *)SSL_get_app_data(ssl_);
+
+ con->pha_state = PHA_COMPLETE;
+#endif
+}
+
/*** Apple API Additions ***/
TCN_IMPLEMENT_CALL(jstring, SSL, getAlpnSelected)(TCN_STDARGS,
@@ -2084,6 +2103,12 @@
/*** End Twitter 1:1 API addition ***/
+TCN_IMPLEMENT_CALL(jint, SSL, markPostHandshakeAuthComplete)(TCN_STDARGS,
jlong ssl) {
+ UNREFERENCED(o);
+ UNREFERENCED(ssl);
+ tcn_ThrowException(e, "Not implemented");
+}
+
/*** Begin Apple 1:1 API addition ***/
TCN_IMPLEMENT_CALL(jstring, SSL, getAlpnSelected)(TCN_STDARGS, jlong ssl) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tomcat-native-1.3.7-src/native/src/sslcontext.c
new/tomcat-native-1.3.8-src/native/src/sslcontext.c
--- old/tomcat-native-1.3.7-src/native/src/sslcontext.c 2026-03-06
18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/native/src/sslcontext.c 2026-06-11
22:01:29.000000000 +0200
@@ -1297,6 +1297,7 @@
} else if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) {
ERR_error_string_n(SSL_ERR_get(), err,
TCN_OPENSSL_ERROR_STRING_LENGTH);
tcn_Throw(e, "Error adding certificate to chain (%s)", err);
+ X509_free(certs);
rv = JNI_FALSE;
}
@@ -1338,6 +1339,9 @@
rv = JNI_FALSE;
}
+ if (cert != NULL) {
+ X509_free(cert);
+ }
free(charCert);
return rv;
}
@@ -1532,14 +1536,21 @@
// delimited by ','.
p_data_len += 1 + proto_chars_len;
if (p_data_len > p_data_size) {
+ // Find start of buffer
+ unsigned char *p_data_start = p_data - (p_data_len - (1 +
proto_chars_len));
+ unsigned char *p_data_tmp;
// double size
p_data_size <<= 1;
- p_data = realloc(p_data, p_data_size);
- if (p_data == NULL) {
- // Not enough memory?
+ p_data_tmp = realloc(p_data_start, p_data_size);
+ if (p_data_tmp == NULL) {
+ // Not enough memory? Free the original buffer.
+ free(p_data_start);
+ p_data = NULL;
(*e)->ReleaseStringUTFChars(e, proto_string, proto_chars);
break;
}
+ // Set position in buffer as realloc may have moved the buffer
+ p_data = p_data_tmp + (p_data_len - (1 + proto_chars_len));
}
// Write the length of the protocol and then increment before
memcpy the protocol itself.
*p_data = proto_chars_len;
@@ -1719,7 +1730,7 @@
return rv;
}
-#define TICKET_KEYS_SIZE 48
+#define TICKET_KEYS_SIZE 80
TCN_IMPLEMENT_CALL(void, SSLContext, setSessionTicketKeys)(TCN_STDARGS, jlong
ctx, jbyteArray keys)
{
tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tomcat-native-1.3.7-src/native/tcnative.spec
new/tomcat-native-1.3.8-src/native/tcnative.spec
--- old/tomcat-native-1.3.7-src/native/tcnative.spec 2026-03-06
18:22:03.000000000 +0100
+++ new/tomcat-native-1.3.8-src/native/tcnative.spec 2026-06-12
10:13:57.000000000 +0200
@@ -21,7 +21,7 @@
Summary: Tomcat Native Java library
Name: tcnative
-Version: 1.3.7
+Version: 1.3.8
Release: 1
License: Apache Software License
Group: System Environment/Libraries
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tomcat-native-1.3.7-src/xdocs/index.xml
new/tomcat-native-1.3.8-src/xdocs/index.xml
--- old/tomcat-native-1.3.7-src/xdocs/index.xml 2026-03-06 18:21:34.000000000
+0100
+++ new/tomcat-native-1.3.8-src/xdocs/index.xml 2026-06-11 22:01:29.000000000
+0200
@@ -60,10 +60,10 @@
<section name="Headlines">
<ul>
-<li><a href="news/2026.html#20260211">11 February 2026 - <b>Tomcat-Native-1.3.6
+<li><a href="news/2026.html#20260310">10 March 2026 - <b>Tomcat-Native-1.3.7
released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability of
-Tomcat Native 1.3.6 Stable.</p>
+Tomcat Native 1.3.7 Stable.</p>
<p>
The sources and the binaries for selected platforms are available from the
<a href="../download-native.cgi">Download page</a>.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tomcat-native-1.3.7-src/xdocs/miscellaneous/changelog.xml
new/tomcat-native-1.3.8-src/xdocs/miscellaneous/changelog.xml
--- old/tomcat-native-1.3.7-src/xdocs/miscellaneous/changelog.xml
2026-03-06 18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/xdocs/miscellaneous/changelog.xml
2026-06-11 22:01:29.000000000 +0200
@@ -31,7 +31,27 @@
started from the 1.2.39 tag.
</p>
</section>
-<section name="1.3.7" rtext="">
+<section name="1.3.8" rtext="">
+ <changelog>
+ <fix>
+ Fix a memory leak when parsing certificates. Pull request <pr>44</pr>
+ provided by chenjp. (markt)
+ </fix>
+ <fix>
+ Fix two potential memory leaks on error paths identified by Copilot.
+ (markt)
+ </fix>
+ <fix>
+ <bug>69988</bug>: Fix post handshake authentication when Tomcat is
+ configured with a trust store using JSSE style configuration. (markt)
+ </fix>
+ <fix>
+ <bug>70102</bug>: Correct expected size of tickets when calling
+ <code>SSLContext.setSessionTicketKeys</code>. (markt)
+ </fix>
+ </changelog>
+</section>
+<section name="1.3.7" rtext="2026-03-10">
<changelog>
<scode>
Refactor access to ASN1_OCTET_STRING to use setters to fix errors when
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tomcat-native-1.3.7-src/xdocs/news/2026.xml
new/tomcat-native-1.3.8-src/xdocs/news/2026.xml
--- old/tomcat-native-1.3.7-src/xdocs/news/2026.xml 2026-03-06
18:21:34.000000000 +0100
+++ new/tomcat-native-1.3.8-src/xdocs/news/2026.xml 2026-06-11
22:01:29.000000000 +0200
@@ -30,6 +30,11 @@
<section name="2026 News & Status">
+ <subsection anchor="20260310" name="10 March 2026 - Tomcat-Native-1.3.7
released">
+ <p>The Apache Tomcat team is proud to announce the immediate
+ availability of Tomcat Native 1.3.7.</p>
+ </subsection>
+
<subsection anchor="20260211" name="11 February 2026 -
Tomcat-Native-1.3.6 released">
<p>The Apache Tomcat team is proud to announce the immediate
availability of Tomcat Native 1.3.6.</p>
