This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b79827b6d3 Apply standard code formatting
b79827b6d3 is described below
commit b79827b6d30237237722acdcbd8a58e1bb4b61a6
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Mar 18 08:43:22 2026 +0000
Apply standard code formatting
(to minimise differences between versions)
---
.../util/net/openssl/panama/OpenSSLContext.java | 14 +++++++------
.../util/net/openssl/panama/OpenSSLEngine.java | 23 ++++++++++++----------
.../util/net/openssl/panama/OpenSSLUtil.java | 2 --
3 files changed, 21 insertions(+), 18 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 66d1f08db7..28818a7ba9 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -265,8 +265,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
// Set server groups
// Note: It is also possible to override setSSLParameters in
OpenSSLEngine to set the final
- // list of groups per connection, but this is less efficient than
setting the configured
- // group list on the SSL context and letting OpenSSL figure it
out.
+ // list of groups per connection, but this is less efficient than
setting the configured
+ // group list on the SSL context and letting OpenSSL figure it out.
if (sslHostConfig.getGroupList() != null) {
StringBuilder sb = new StringBuilder();
boolean first = true;
@@ -532,7 +532,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
if (maxTlsVersion >= TLS1_3_VERSION()) {
try {
- if (SSL_CTX_set_ciphersuites(state.sslCtx,
localArena.allocateFrom(sslHostConfig.getCipherSuites())) <= 0) {
+ if (SSL_CTX_set_ciphersuites(state.sslCtx,
+
localArena.allocateFrom(sslHostConfig.getCipherSuites())) <= 0) {
tls13Warning =
sm.getString("engine.failedCipherSuite", sslHostConfig.getCipherSuites());
} else {
ciphersSet = true;
@@ -611,7 +612,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
localArena
.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()))
:
MemorySegment.NULL;
- if (SSL_CTX_load_verify_locations(state.sslCtx,
caCertificateFileNative, caCertificatePathNative) <= 0) {
+ if (SSL_CTX_load_verify_locations(state.sslCtx,
caCertificateFileNative,
+ caCertificatePathNative) <= 0) {
logLastError("openssl.errorConfiguringLocations");
} else {
var caCerts = SSL_CTX_get_client_CA_list(state.sslCtx);
@@ -1368,8 +1370,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
public SSLEngine createSSLEngine() {
return new OpenSSLEngine(cleaner, state.sslCtx, defaultProtocol,
false, sessionContext, alpn, initialized,
sslHostConfig.getCertificateVerificationDepth(),
- sslHostConfig.getCertificateVerification() ==
CertificateVerification.OPTIONAL_NO_CA,
- noOcspCheck, ocspSoftFail, ocspTimeout, ocspVerifyFlags);
+ sslHostConfig.getCertificateVerification() ==
CertificateVerification.OPTIONAL_NO_CA, noOcspCheck,
+ ocspSoftFail, ocspTimeout, ocspVerifyFlags);
}
@Override
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 3e8ef3698d..cd529e0fb4 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -87,9 +87,9 @@ public final class OpenSSLEngine extends SSLEngine implements
SSLUtil.ProtocolIn
final Set<String> availableCipherSuites = new LinkedHashSet<>(128);
availableCipherSuites.addAll(OpenSSLLibrary.findCiphers("ALL"));
AVAILABLE_CIPHER_SUITES =
Collections.unmodifiableSet(availableCipherSuites);
- IMPLEMENTED_PROTOCOLS_SET = Set.of(Constants.SSL_PROTO_SSLv2Hello,
Constants.SSL_PROTO_SSLv3,
- Constants.SSL_PROTO_TLSv1, Constants.SSL_PROTO_TLSv1_1,
Constants.SSL_PROTO_TLSv1_2,
- Constants.SSL_PROTO_TLSv1_3);
+ IMPLEMENTED_PROTOCOLS_SET =
+ Set.of(Constants.SSL_PROTO_SSLv2Hello,
Constants.SSL_PROTO_SSLv3, Constants.SSL_PROTO_TLSv1,
+ Constants.SSL_PROTO_TLSv1_1,
Constants.SSL_PROTO_TLSv1_2, Constants.SSL_PROTO_TLSv1_3);
}
private static final int MAX_PLAINTEXT_LENGTH = 16 * 1024; // 2^14
@@ -185,8 +185,8 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
*/
OpenSSLEngine(Cleaner cleaner, MemorySegment sslCtx, String
fallbackApplicationProtocol, boolean clientMode,
OpenSSLSessionContext sessionContext, boolean alpn, boolean
initialized, int certificateVerificationDepth,
- boolean certificateVerificationOptionalNoCA, boolean noOcspCheck,
boolean ocspSoftFail,
- int ocspTimeout, int ocspVerifyFlags) {
+ boolean certificateVerificationOptionalNoCA, boolean noOcspCheck,
boolean ocspSoftFail, int ocspTimeout,
+ int ocspVerifyFlags) {
if (sslCtx == null) {
throw new
IllegalArgumentException(sm.getString("engine.noSSLContext"));
}
@@ -832,8 +832,8 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
try (var localArena = Arena.ofConfined()) {
// Use the new SSL_get0_peer_certificate call for OpenSSL 3+ to
avoid having to call free
MemorySegment/* (X509*) */ x509 =
- (openssl_h_Compatibility.OPENSSL3) ?
SSL_get0_peer_certificate(state.ssl)
- :
openssl_h_Compatibility.SSL_get_peer_certificate(state.ssl);
+ (openssl_h_Compatibility.OPENSSL3) ?
SSL_get0_peer_certificate(state.ssl) :
+
openssl_h_Compatibility.SSL_get_peer_certificate(state.ssl);
MemorySegment bufPointer =
localArena.allocateFrom(ValueLayout.ADDRESS, MemorySegment.NULL);
int length = i2d_X509(x509, bufPointer);
if (length <= 0) {
@@ -1145,7 +1145,8 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
(errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN()) ||
(errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY())
||
(errnum == X509_V_ERR_CERT_UNTRUSTED()) || (errnum ==
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE());
- if ((verifyErrorIsOptional || errnum == X509_V_OK()) &&
(state.certificateVerifyMode == OpenSSLContext.OPTIONAL_NO_CA)) {
+ if ((verifyErrorIsOptional || errnum == X509_V_OK()) &&
+ (state.certificateVerifyMode ==
OpenSSLContext.OPTIONAL_NO_CA)) {
ok = 1;
openssl_h_Compatibility.SSL_set_verify_result(state.ssl,
X509_V_OK());
}
@@ -1247,7 +1248,8 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
for (String urlString : urls) {
try {
URL url = (new
URI(urlString)).toURL();
- ocspResponse =
processOCSPRequest(state, url, issuer, x509, x509ctx, localArena);
+ ocspResponse =
+ processOCSPRequest(state,
url, issuer, x509, x509ctx, localArena);
if (log.isDebugEnabled()) {
log.debug(sm.getString("engine.ocspResponse", urlString,
Integer.toString(ocspResponse)));
@@ -1376,7 +1378,8 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
return V_OCSP_CERTSTATUS_UNKNOWN();
}
MemorySegment certStack =
OCSP_resp_get0_certs(basicResponse);
- if (OCSP_basic_verify(basicResponse, certStack,
X509_STORE_CTX_get0_store(x509ctx), state.ocspVerifyFlags) <= 0) {
+ if (OCSP_basic_verify(basicResponse, certStack,
X509_STORE_CTX_get0_store(x509ctx),
+ state.ocspVerifyFlags) <= 0) {
X509_STORE_CTX_set_error(x509ctx,
X509_V_ERR_OCSP_SIGNATURE_FAILURE());
return V_OCSP_CERTSTATUS_UNKNOWN();
}
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
index df278a62dc..1d7e768271 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
@@ -105,6 +105,4 @@ public class OpenSSLUtil extends SSLUtilBase {
throw e;
}
}
-
-
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
