This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 11.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit fe4bbfda42e1ac5c5fdde90fa28ea7112a3df065 Author: remm <[email protected]> AuthorDate: Thu Sep 11 21:19:01 2025 +0200 Additional fixes --- java/org/apache/tomcat/util/compat/Jre20Compat.java | 6 +++--- java/org/apache/tomcat/util/net/SecureNio2Channel.java | 15 ++++++++++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/java/org/apache/tomcat/util/compat/Jre20Compat.java b/java/org/apache/tomcat/util/compat/Jre20Compat.java index 79c7aa9329..7a766a75cf 100644 --- a/java/org/apache/tomcat/util/compat/Jre20Compat.java +++ b/java/org/apache/tomcat/util/compat/Jre20Compat.java @@ -39,14 +39,14 @@ public class Jre20Compat extends Jre19Compat { try { c1 = Class.forName("javax.net.ssl.SSLParameters"); m1 = c1.getMethod("setNamedGroups", String[].class); - } catch (ClassNotFoundException e) { + } catch (NoSuchMethodException e) { // Must be pre-Java 20 log.debug(sm.getString("jre20Compat.javaPre20"), e); } catch (ReflectiveOperationException e) { // Should never happen log.error(sm.getString("jre20Compat.unexpected"), e); } - supported = (c1 != null); + supported = (m1 != null); setNamedGroupsMethod = m1; } @@ -57,7 +57,7 @@ public class Jre20Compat extends Jre19Compat { @Override public void setNamedGroupsMethod(Object sslParameters, String[] names) { try { - setNamedGroupsMethod.invoke(sslParameters, (Object[]) names); + setNamedGroupsMethod.invoke(sslParameters, (Object) names); } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { throw new UnsupportedOperationException(e); } diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java b/java/org/apache/tomcat/util/net/SecureNio2Channel.java index ef8a54e596..c1a341a18d 100644 --- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java +++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java @@ -44,6 +44,8 @@ import org.apache.juli.logging.LogFactory; import org.apache.tomcat.util.buf.ByteBufferUtils; import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult; import org.apache.tomcat.util.net.openssl.ciphers.Cipher; +import org.apache.tomcat.util.net.openssl.ciphers.Group; +import org.apache.tomcat.util.net.openssl.ciphers.SignatureScheme; import org.apache.tomcat.util.res.StringManager; /** @@ -97,8 +99,10 @@ public class SecureNio2Channel extends Nio2Channel { } protected void createSSLEngine(String hostName, List<Cipher> clientRequestedCiphers, - List<String> clientRequestedApplicationProtocols) { - sslEngine = endpoint.createSSLEngine(hostName, clientRequestedCiphers, clientRequestedApplicationProtocols); + List<String> clientRequestedApplicationProtocols, List<String> clientRequestedProtocols, + List<Group> clientSupportedGroups, List<SignatureScheme> clientSignatureAlgorithms) { + sslEngine = endpoint.createSSLEngine(hostName, clientRequestedCiphers, clientRequestedApplicationProtocols, + clientRequestedProtocols, clientSupportedGroups, clientSignatureAlgorithms); } @@ -407,6 +411,8 @@ public class SecureNio2Channel extends Nio2Channel { String hostName = null; List<Cipher> clientRequestedCiphers = null; List<String> clientRequestedApplicationProtocols = null; + List<Group> clientSupportedGroups = null; + List<SignatureScheme> clientSignatureSchemes = null; switch (extractor.getResult()) { case COMPLETE: hostName = extractor.getSNIValue(); @@ -414,6 +420,8 @@ public class SecureNio2Channel extends Nio2Channel { //$FALL-THROUGH$ to set the client requested ciphers case NOT_PRESENT: clientRequestedCiphers = extractor.getClientRequestedCiphers(); + clientSupportedGroups = extractor.getClientSupportedGroups(); + clientSignatureSchemes = extractor.getClientSignatureSchemes(); break; case NEED_READ: sc.read(netInBuffer, AbstractEndpoint.toTimeout(endpoint.getConnectionTimeout()), TimeUnit.MILLISECONDS, @@ -439,7 +447,8 @@ public class SecureNio2Channel extends Nio2Channel { log.trace(sm.getString("channel.nio.ssl.sniHostName", sc, hostName)); } - createSSLEngine(hostName, clientRequestedCiphers, clientRequestedApplicationProtocols); + createSSLEngine(hostName, clientRequestedCiphers, clientRequestedApplicationProtocols, + extractor.getClientRequestedProtocols(), clientSupportedGroups, clientSignatureSchemes); // Populate additional TLS attributes obtained from the handshake that // aren't available from the session --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
