(tomcat) branch 10.1.x updated: Fix compilation with Java < 25

Thu, 15 Jan 2026 03:38:43 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new a1b9febfe2 Fix compilation with Java < 25
a1b9febfe2 is described below

commit a1b9febfe2ce8dde49c5eaefe7912854bbbc4dd2
Author: remm <[email protected]>
AuthorDate: Thu Jan 15 09:53:35 2026 +0100

    Fix compilation with Java < 25
---
 .../tomcat/util/net/openssl/OpenSSLStatus.java     | 45 +++++++++++++++++++++-
 .../util/net/openssl/panama/OpenSSLLibrary.java    |  2 +
 .../tomcat/security/TestSecurity2017Ocsp.java      |  4 +-
 .../tomcat/util/net/TestSSLHostConfigCipher.java   | 12 +++---
 .../apache/tomcat/util/net/ocsp/OcspBaseTest.java  |  4 +-
 5 files changed, 56 insertions(+), 11 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
index 1ad7d3dc84..749813bc38 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
@@ -38,9 +38,10 @@ public class OpenSSLStatus {
     private static volatile boolean useOpenSSL = true;
     private static volatile boolean instanceCreated = false;
     private static volatile long version = 0;
+    private static volatile int majorVersion = 0;
+    private static volatile int minorVersion = 0;
     private static volatile Name name = Name.UNKNOWN;
 
-
     public static boolean isLibraryInitialized() {
         return libraryInitialized;
     }
@@ -95,6 +96,34 @@ public class OpenSSLStatus {
         OpenSSLStatus.version = version;
     }
 
+    /**
+     * @return the majorVersion
+     */
+    public static int getMajorVersion() {
+        return majorVersion;
+    }
+
+    /**
+     * @param majorVersion the majorVersion to set
+     */
+    public static void setMajorVersion(int majorVersion) {
+        OpenSSLStatus.majorVersion = majorVersion;
+    }
+
+    /**
+     * @return the minorVersion
+     */
+    public static int getMinorVersion() {
+        return minorVersion;
+    }
+
+    /**
+     * @param minorVersion the minorVersion to set
+     */
+    public static void setMinorVersion(int minorVersion) {
+        OpenSSLStatus.minorVersion = minorVersion;
+    }
+
     /**
      * @return the library name
      */
@@ -116,4 +145,18 @@ public class OpenSSLStatus {
         return Name.OPENSSL3.equals(name);
     }
 
+    /**
+     * @return true if running with BoringSSL
+     */
+    public static boolean isBoringSSL() {
+        return Name.BORINGSSL.equals(name);
+    }
+
+    /**
+     * @return true if running with LibreSSL < 3.5
+     */
+    public static boolean isLibreSSLPre35() {
+        return Name.LIBRESSL.equals(name) && ((majorVersion == 3 && 
minorVersion < 5) || majorVersion < 3);
+    }
+
 }
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
index 7272db9cf2..c1bb2cb664 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
@@ -178,6 +178,8 @@ public class OpenSSLLibrary {
                 initLibrary();
 
                 OpenSSLStatus.setVersion(OpenSSL_version_num());
+                OpenSSLStatus.setMajorVersion(openssl_h_Compatibility.MAJOR);
+                OpenSSLStatus.setMinorVersion(openssl_h_Compatibility.MINOR);
                 if (openssl_h_Compatibility.OPENSSL3) {
                     OpenSSLStatus.setName(OpenSSLStatus.Name.OPENSSL3);
                 } else if (openssl_h_Compatibility.OPENSSL) {
diff --git a/test/org/apache/tomcat/security/TestSecurity2017Ocsp.java 
b/test/org/apache/tomcat/security/TestSecurity2017Ocsp.java
index d8b23449d5..cd69cd218c 100644
--- a/test/org/apache/tomcat/security/TestSecurity2017Ocsp.java
+++ b/test/org/apache/tomcat/security/TestSecurity2017Ocsp.java
@@ -39,7 +39,7 @@ import org.apache.tomcat.util.net.TesterSupport;
 import org.apache.tomcat.util.net.TesterSupport.SimpleServlet;
 import org.apache.tomcat.util.net.ocsp.OcspBaseTest;
 import org.apache.tomcat.util.net.ocsp.TesterOcspResponder;
-import org.apache.tomcat.util.openssl.openssl_h_Compatibility;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
 
 @RunWith(Parameterized.class)
 public class TestSecurity2017Ocsp extends OcspBaseTest {
@@ -72,7 +72,7 @@ public class TestSecurity2017Ocsp extends OcspBaseTest {
     @Test(expected=SSLHandshakeException.class)
     public void testCVE_2017_15698() throws Exception {
         if ("OpenSSL-FFM".equals(connectorName)) {
-            Assume.assumeFalse(openssl_h_Compatibility.BORINGSSL || 
openssl_h_Compatibility.isLibreSSLPre35());
+            Assume.assumeFalse(OpenSSLStatus.isBoringSSL() || 
OpenSSLStatus.isLibreSSLPre35());
         }
         Assume.assumeNotNull(ocspResponder);
 
diff --git a/test/org/apache/tomcat/util/net/TestSSLHostConfigCipher.java 
b/test/org/apache/tomcat/util/net/TestSSLHostConfigCipher.java
index e9e0547b8f..75c8e90d00 100644
--- a/test/org/apache/tomcat/util/net/TestSSLHostConfigCipher.java
+++ b/test/org/apache/tomcat/util/net/TestSSLHostConfigCipher.java
@@ -35,7 +35,7 @@ import org.apache.catalina.startup.TesterServlet;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.startup.TomcatBaseTest;
 import org.apache.tomcat.util.buf.ByteChunk;
-import org.apache.tomcat.util.openssl.openssl_h_Compatibility;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
 
 @RunWith(Parameterized.class)
 public class TestSSLHostConfigCipher extends TomcatBaseTest {
@@ -95,7 +95,7 @@ public class TestSSLHostConfigCipher extends TomcatBaseTest {
     public void testTls12CipherAvailable() throws Exception {
         if ("OpenSSL-FFM".equals(connectorName)) {
             // The functionality works, but the two ciphers used are not 
available
-            Assume.assumeFalse(openssl_h_Compatibility.BORINGSSL);
+            Assume.assumeFalse(OpenSSLStatus.isBoringSSL());
         }
         // Client-side TLS configuration
         TesterSupport.configureClientSsl(true, new String[] { 
CIPHER_12_AVAILABLE } );
@@ -107,7 +107,7 @@ public class TestSSLHostConfigCipher extends TomcatBaseTest 
{
     @Test(expected=SSLHandshakeException.class)
     public void testTls12CipherNotAvailable() throws Exception {
         if ("OpenSSL-FFM".equals(connectorName)) {
-            Assume.assumeFalse(openssl_h_Compatibility.BORINGSSL);
+            Assume.assumeFalse(OpenSSLStatus.isBoringSSL());
         }
         // Client-side TLS configuration
         TesterSupport.configureClientSsl(true, new String[] { 
CIPHER_12_NOT_AVAILABLE } );
@@ -119,7 +119,7 @@ public class TestSSLHostConfigCipher extends TomcatBaseTest 
{
     @Test
     public void testTls13CipherAvailable() throws Exception {
         if ("OpenSSL-FFM".equals(connectorName)) {
-            Assume.assumeFalse(openssl_h_Compatibility.BORINGSSL);
+            Assume.assumeFalse(OpenSSLStatus.isBoringSSL());
         }
         // Client-side TLS configuration
         TesterSupport.configureClientSsl(new String[] { CIPHER_13_AVAILABLE } 
);
@@ -132,8 +132,8 @@ public class TestSSLHostConfigCipher extends TomcatBaseTest 
{
     public void testTls13CipherNotAvailable() throws Exception {
         if ("OpenSSL-FFM".equals(connectorName)) {
             // The TLS 1.3 call might not be present
-            Assume.assumeFalse(openssl_h_Compatibility.isLibreSSLPre35());
-            Assume.assumeFalse(openssl_h_Compatibility.BORINGSSL);
+            Assume.assumeFalse(OpenSSLStatus.isLibreSSLPre35());
+            Assume.assumeFalse(OpenSSLStatus.isBoringSSL());
         }
         // Client-side TLS configuration
         TesterSupport.configureClientSsl(new String[] { 
CIPHER_13_NOT_AVAILABLE } );
diff --git a/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java 
b/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java
index 293f6aa1b8..69b59c93cc 100644
--- a/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java
+++ b/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java
@@ -40,7 +40,7 @@ import org.apache.tomcat.util.buf.ByteChunk;
 import org.apache.tomcat.util.net.SSLHostConfig;
 import org.apache.tomcat.util.net.TesterSupport;
 import org.apache.tomcat.util.net.TesterSupport.SimpleServlet;
-import org.apache.tomcat.util.openssl.openssl_h_Compatibility;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
 
 public class OcspBaseTest extends TomcatBaseTest {
 
@@ -110,7 +110,7 @@ public class OcspBaseTest extends TomcatBaseTest {
             boolean verifyServerCert, Boolean softFail) throws Exception {
 
         if ("OpenSSL-FFM".equals(connectorName)) {
-            Assume.assumeFalse(openssl_h_Compatibility.BORINGSSL || 
openssl_h_Compatibility.isLibreSSLPre35());
+            Assume.assumeFalse(OpenSSLStatus.isBoringSSL() || 
OpenSSLStatus.isLibreSSLPre35());
         }
         Assume.assumeFalse(!useOpenSSLTrust && verifyClientCert == 
ClientCertificateVerification.OPTIONAL_NO_CA);
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to