This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit bd53daf734713bef4392571e98acbb97c73a026b Author: remm <[email protected]> AuthorDate: Thu Sep 11 21:19:01 2025 +0200 Additional fixes --- java/org/apache/tomcat/util/compat/Jre20Compat.java | 6 +++--- java/org/apache/tomcat/util/net/SecureNio2Channel.java | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/java/org/apache/tomcat/util/compat/Jre20Compat.java b/java/org/apache/tomcat/util/compat/Jre20Compat.java index 79c7aa9329..7a766a75cf 100644 --- a/java/org/apache/tomcat/util/compat/Jre20Compat.java +++ b/java/org/apache/tomcat/util/compat/Jre20Compat.java @@ -39,14 +39,14 @@ public class Jre20Compat extends Jre19Compat { try { c1 = Class.forName("javax.net.ssl.SSLParameters"); m1 = c1.getMethod("setNamedGroups", String[].class); - } catch (ClassNotFoundException e) { + } catch (NoSuchMethodException e) { // Must be pre-Java 20 log.debug(sm.getString("jre20Compat.javaPre20"), e); } catch (ReflectiveOperationException e) { // Should never happen log.error(sm.getString("jre20Compat.unexpected"), e); } - supported = (c1 != null); + supported = (m1 != null); setNamedGroupsMethod = m1; } @@ -57,7 +57,7 @@ public class Jre20Compat extends Jre19Compat { @Override public void setNamedGroupsMethod(Object sslParameters, String[] names) { try { - setNamedGroupsMethod.invoke(sslParameters, (Object[]) names); + setNamedGroupsMethod.invoke(sslParameters, (Object) names); } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { throw new UnsupportedOperationException(e); } diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java b/java/org/apache/tomcat/util/net/SecureNio2Channel.java index 5b487b51d4..fc7fb00770 100644 --- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java +++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java @@ -45,6 +45,8 @@ import org.apache.tomcat.util.buf.ByteBufferUtils; import org.apache.tomcat.util.compat.JreCompat; import org.apache.tomcat.util.net.TLSClientHelloExtractor.ExtractorResult; import org.apache.tomcat.util.net.openssl.ciphers.Cipher; +import org.apache.tomcat.util.net.openssl.ciphers.Group; +import org.apache.tomcat.util.net.openssl.ciphers.SignatureScheme; import org.apache.tomcat.util.res.StringManager; /** @@ -404,6 +406,8 @@ public class SecureNio2Channel extends Nio2Channel { String hostName = null; List<Cipher> clientRequestedCiphers = null; List<String> clientRequestedApplicationProtocols = null; + List<Group> clientSupportedGroups = null; + List<SignatureScheme> clientSignatureSchemes = null; switch (extractor.getResult()) { case COMPLETE: hostName = extractor.getSNIValue(); @@ -411,6 +415,8 @@ public class SecureNio2Channel extends Nio2Channel { //$FALL-THROUGH$ to set the client requested ciphers case NOT_PRESENT: clientRequestedCiphers = extractor.getClientRequestedCiphers(); + clientSupportedGroups = extractor.getClientSupportedGroups(); + clientSignatureSchemes = extractor.getClientSignatureSchemes(); break; case NEED_READ: sc.read(netInBuffer, AbstractEndpoint.toTimeout(endpoint.getConnectionTimeout()), TimeUnit.MILLISECONDS, @@ -436,7 +442,16 @@ public class SecureNio2Channel extends Nio2Channel { log.trace(sm.getString("channel.nio.ssl.sniHostName", sc, hostName)); } - sslEngine = endpoint.createSSLEngine(hostName, clientRequestedCiphers, clientRequestedApplicationProtocols); + try { + AbstractJsseEndpoint.clientRequestedProtocolsThreadLocal.set(extractor.getClientRequestedProtocols()); + AbstractJsseEndpoint.clientSupportedGroupsThreadLocal.set(clientSupportedGroups); + AbstractJsseEndpoint.clientSignatureSchemesThreadLocal.set(clientSignatureSchemes); + sslEngine = endpoint.createSSLEngine(hostName, clientRequestedCiphers, clientRequestedApplicationProtocols); + } finally { + AbstractJsseEndpoint.clientRequestedProtocolsThreadLocal.set(null); + AbstractJsseEndpoint.clientSupportedGroupsThreadLocal.set(null); + AbstractJsseEndpoint.clientSignatureSchemesThreadLocal.set(null); + } // Populate additional TLS attributes obtained from the handshake that // aren't available from the session --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
