This is an automated email from the ASF dual-hosted git repository.
zrhoffman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 05eda4e Upgrade Tomcat to 8.5.57 (#5013)
05eda4e is described below
commit 05eda4ea305e77aa8ead692b34a3cf87f151657d
Author: Joshua Zenn <[email protected]>
AuthorDate: Thu Sep 24 12:42:38 2020 -0400
Upgrade Tomcat to 8.5.57 (#5013)
* Update to latest version
Updated all references to Tomcat packages to 8.5.57 (newest 8.5.x as of
8/24/2020).
* Fixed missing method names
* Fixed issue with Tomcat changing how default certificates are initialized
* Documented changes and removed unneeded code
---
traffic_router/build/build_rpm.sh | 2 +-
traffic_router/connector/pom.xml | 4 ++--
.../traffic_router/protocol/RouterNioEndpoint.java | 5 ++---
.../traffic_control/traffic_router/protocol/RouterSslUtil.java | 9 ++++++++-
traffic_router/core/pom.xml | 6 +++---
5 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/traffic_router/build/build_rpm.sh
b/traffic_router/build/build_rpm.sh
index a6908e9..6eaf498 100755
--- a/traffic_router/build/build_rpm.sh
+++ b/traffic_router/build/build_rpm.sh
@@ -76,7 +76,7 @@ adaptEnvironment() {
RPM="${PACKAGE}-${TC_VERSION}-${BUILD_NUMBER}.x86_64.rpm"
RPM_TARGET_OS="${RPM_TARGET_OS:-linux}"
TOMCAT_VERSION=8.5
- TOMCAT_RELEASE=32
+ TOMCAT_RELEASE=57
export PACKAGE TC_VERSION BUILD_NUMBER BUILD_LOCK WORKSPACE RPMBUILD
DIST RPM RPM_TARGET_OS TOMCAT_VERSION TOMCAT_RELEASE
echo "=================================================="
diff --git a/traffic_router/connector/pom.xml b/traffic_router/connector/pom.xml
index e58695e..3637e94 100644
--- a/traffic_router/connector/pom.xml
+++ b/traffic_router/connector/pom.xml
@@ -85,13 +85,13 @@
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-coyote</artifactId>
- <version>8.5.32</version>
+ <version>8.5.57</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
- <version>8.5.32</version>
+ <version>8.5.57</version>
<scope>provided</scope>
</dependency>
<dependency>
diff --git
a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterNioEndpoint.java
b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterNioEndpoint.java
index 810027d..28147af 100644
---
a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterNioEndpoint.java
+++
b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterNioEndpoint.java
@@ -68,9 +68,8 @@ public class RouterNioEndpoint extends NioEndpoint {
sslHostConfig.setHostName(sslHostsData.get(alias).getHostname());
cert.setCertificateKeyAlias(alias);
sslHostConfig.addCertificate(cert);
- sslHostConfig.setCertificateKeyAlias(alias);
sslHostConfig.setProtocols(protocols != null ?
protocols : "all");
- sslHostConfig.setConfigType(getSslConfigType());
+
sslHostConfig.setSslProtocol(sslHostConfig.getSslProtocol());
sslHostConfig.setCertificateVerification("none");
LOGGER.info("sslHostConfig:
"+sslHostConfig.getHostName() + " " + sslHostConfig.getTruststoreAlgorithm());
@@ -106,7 +105,7 @@ public class RouterNioEndpoint extends NioEndpoint {
try{
final HandshakeData data = cr.get(alias);
final SSLHostConfig sslHostConfig =
sslHostConfigs.get(data.getHostname());
- sslHostConfig.setConfigType(getSslConfigType());
+
sslHostConfig.setSslProtocol(sslHostConfig.getSslProtocol());
createSSLContext(sslHostConfig);
}
catch (Exception rfubar) {
diff --git
a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterSslUtil.java
b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterSslUtil.java
index 2fec42d..3c66733 100644
---
a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterSslUtil.java
+++
b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterSslUtil.java
@@ -56,12 +56,19 @@ public class RouterSslUtil extends SSLUtilBase {
@Override
@SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
- public SSLContext createSSLContext(final List<String> negotiableProtocols)
throws Exception {
+ public SSLContext createSSLContextInternal(final List<String>
negotiableProtocols) throws Exception {
return new OpenSSLContext(certificate, negotiableProtocols);
}
@Override
@SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
+ public boolean isTls13RenegAuthAvailable() {
+ // As per the Tomcat 8.5.57 source, this should be false for JSSE, and
true for openSSL implementations.
+ return true;
+ }
+
+ @Override
+ @SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
public javax.net.ssl.KeyManager[] getKeyManagers() throws Exception {
return new javax.net.ssl.KeyManager[] { new
com.comcast.cdn.traffic_control.traffic_router.secure.KeyManager() };
}
diff --git a/traffic_router/core/pom.xml b/traffic_router/core/pom.xml
index 781b416..bda1813 100644
--- a/traffic_router/core/pom.xml
+++ b/traffic_router/core/pom.xml
@@ -341,19 +341,19 @@
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
- <version>8.5.32</version>
+ <version>8.5.57</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-coyote</artifactId>
- <version>8.5.32</version>
+ <version>8.5.57</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jni</artifactId>
- <version>8.5.32</version>
+ <version>8.5.57</version>
<scope>provided</scope>
</dependency>
<dependency>
