svn commit: r1770952 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ java/org/apache/tomcat/util/net/openssl/ webapps/docs/

Wed, 23 Nov 2016 04:24:00 -0800 

Author: markt
Date: Wed Nov 23 12:23:37 2016
New Revision: 1770952

URL: http://svn.apache.org/viewvc?rev=1770952&view=rev
Log:
Ensure that the availability of configured upgrade protocols that require ALPN 
is correctly reported during Tomcat start.

Modified:
    tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
    tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties
    tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
    
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1770952&r1=1770951&r2=1770952&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Wed 
Nov 23 12:23:37 2016
@@ -58,11 +58,11 @@ public abstract class AbstractHttp11Prot
 
     @Override
     public void init() throws Exception {
+        super.init();
+
         for (UpgradeProtocol upgradeProtocol : upgradeProtocols) {
             configureUpgradeProtocol(upgradeProtocol);
         }
-
-        super.init();
     }
 
 
@@ -322,9 +322,8 @@ public abstract class AbstractHttp11Prot
      */
     private final Map<String,UpgradeProtocol> negotiatedProtocols = new 
HashMap<>();
     private void configureUpgradeProtocol(UpgradeProtocol upgradeProtocol) {
-        boolean isSSLEnabled = getEndpoint().isSSLEnabled();
         // HTTP Upgrade
-        String httpUpgradeName = 
upgradeProtocol.getHttpUpgradeName(isSSLEnabled);
+        String httpUpgradeName = 
upgradeProtocol.getHttpUpgradeName(getEndpoint().isSSLEnabled());
         boolean httpUpgradeConfigured = false;
         if (httpUpgradeName != null && httpUpgradeName.length() > 0) {
             httpUpgradeProtocols.put(httpUpgradeName, upgradeProtocol);
@@ -333,21 +332,22 @@ public abstract class AbstractHttp11Prot
                     getName(), httpUpgradeName));
         }
 
+
         // ALPN
         String alpnName = upgradeProtocol.getAlpnName();
         if (alpnName != null && alpnName.length() > 0) {
-            // ALPN requires SSL
-            if (isSSLEnabled) {
+            if (getEndpoint().isAlpnSupported()) {
                 negotiatedProtocols.put(alpnName, upgradeProtocol);
                 getEndpoint().addNegotiatedProtocol(alpnName);
                 
getLog().info(sm.getString("abstractHttp11Protocol.alpnConfigured",
                         getName(), alpnName));
             } else {
                 if (!httpUpgradeConfigured) {
-                    // HTTP Upgrade is not available for this protocol so it
-                    // requires ALPN. It has been configured on a non-secure
-                    // connector where ALPN is not available.
-                    
getLog().error(sm.getString("abstractHttp11Protocol.alpnWithNoTls",
+                    // ALPN is not supported by this connector and the upgrade
+                    // protocol implementation does not support standard HTTP
+                    // upgrade so there is no way available to enable support
+                    // for this protocol.
+                    
getLog().error(sm.getString("abstractHttp11Protocol.alpnWithNoAlpn",
                             upgradeProtocol.getClass().getName(), alpnName, 
getName()));
                 }
             }

Modified: tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties?rev=1770952&r1=1770951&r2=1770952&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties Wed Nov 
23 12:23:37 2016
@@ -14,7 +14,7 @@
 # limitations under the License.
 
 abstractHttp11Protocol.alpnConfigured=The [{0}] connector has been configured 
to support negotiation to [{1}] via ALPN
-abstractHttp11Protocol.alpnWithNoTls=The upgrade handler [{0}] for [{1}] only 
supports upgrade via ALPN but has been configured for the [{2}] connector that 
is not enabled for TLS.
+abstractHttp11Protocol.alpnWithNoAlpn=The upgrade handler [{0}] for [{1}] only 
supports upgrade via ALPN but has been configured for the [{2}] connector that 
does not support ALPN.
 abstractHttp11Protocol.httpUpgradeConfigured=The [{0}] connector has been 
configured to support HTTP upgrade to [{1}]
 
 http11processor.fallToDebug=\n Note: further occurrences of HTTP header 
parsing errors will be logged at DEBUG level.

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1770952&r1=1770951&r2=1770952&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Wed Nov 
23 12:23:37 2016
@@ -459,6 +459,15 @@ public abstract class AbstractEndpoint<S
     public boolean isSSLEnabled() { return SSLEnabled; }
     public void setSSLEnabled(boolean SSLEnabled) { this.SSLEnabled = 
SSLEnabled; }
 
+    /**
+     * Identifies if the endpoint supports ALPN. Note that a return value of
+     * <code>true</code> implies that {@link #isSSLEnabled()} will also return
+     * <code>true</code>.
+     *
+     * @return <code>true</true> if the endpoint supports ALPN in its current
+     *         configuration, otherwise <code>false</code>.
+     */
+    public abstract boolean isAlpnSupported();
 
     private int minSpareThreads = 10;
     public void setMinSpareThreads(int minSpareThreads) {

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1770952&r1=1770951&r2=1770952&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Wed 
Nov 23 12:23:37 2016
@@ -206,6 +206,20 @@ public abstract class AbstractJsseEndpoi
     }
 
 
+
+    @Override
+    public boolean isAlpnSupported() {
+        // ALPN requires TLS so if there is no SSLImplementation, or if TLS is
+        // not enabled, ALPN cannot be supported
+        if (sslImplementation == null || !isSSLEnabled()) {
+            return false;
+        }
+
+        // Depends on the SSLImplementation
+        return sslImplementation.isAlpnSupported();
+    }
+
+
     @Override
     public void unbind() throws Exception {
         for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1770952&r1=1770951&r2=1770952&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Wed Nov 23 
12:23:37 2016
@@ -539,6 +539,16 @@ public class AprEndpoint extends Abstrac
     }
 
 
+
+    @Override
+    public boolean isAlpnSupported() {
+        // The APR/native connector always supports ALPN if TLS is in use
+        // because OpenSSL supports ALPN. Therefore, this is equivalent to
+        // testing of SSL is enabled.
+        return isSSLEnabled();
+    }
+
+
     /**
      * Start the APR endpoint, creating acceptor, poller and sendfile threads.
      */

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java?rev=1770952&r1=1770951&r2=1770952&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java Wed Nov 
23 12:23:37 2016
@@ -67,4 +67,6 @@ public abstract class SSLImplementation
     public abstract SSLSupport getSSLSupport(SSLSession session);
 
     public abstract SSLUtil getSSLUtil(SSLHostConfigCertificate certificate);
+
+    public abstract boolean isAlpnSupported();
 }

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java?rev=1770952&r1=1770951&r2=1770952&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java 
Wed Nov 23 12:23:37 2016
@@ -48,4 +48,10 @@ public class JSSEImplementation extends
     public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) {
         return new JSSEUtil(certificate);
     }
+
+    @Override
+    public boolean isAlpnSupported() {
+        // JSSE does not (yet) support ALPN
+        return false;
+    }
 }

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java?rev=1770952&r1=1770951&r2=1770952&view=diff
==============================================================================
--- 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java 
(original)
+++ 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java 
Wed Nov 23 12:23:37 2016
@@ -36,4 +36,9 @@ public class OpenSSLImplementation exten
         return new OpenSSLUtil(certificate);
     }
 
+    @Override
+    public boolean isAlpnSupported() {
+        // OpenSSL supportd ALPN
+        return true;
+    }
 }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1770952&r1=1770951&r2=1770952&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Nov 23 12:23:37 2016
@@ -103,6 +103,10 @@
         the capacity of this buffer when IOException occurs while writing the
         headers to the socket. (violetagg)
       </fix>
+      <fix>
+        Ensure that the availability of configured upgrade protocols that
+        require ALPN is correctly reported during Tomcat start. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to