This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new bee88194d3 Better handling of out of date Tomcat Native
bee88194d3 is described below
commit bee88194d3e016229ce19bb8d5de0e4631981c27
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 22 16:33:31 2026 +0100
Better handling of out of date Tomcat Native
---
.../tomcat/util/net/openssl/LocalStrings.properties | 2 ++
.../tomcat/util/net/openssl/OpenSSLImplementation.java | 15 +++++++++++++++
webapps/docs/changelog.xml | 5 +++++
3 files changed, 22 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 7823c29050..333a84b3cc 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -64,4 +64,6 @@ opensslconf.finishFailed=OpenSSLConf finish failed with
result [{0}]
opensslconf.noCommandName=OpenSSLConf no command name - will be ignored
(command value [{0}])
opensslconf.resultCommand=OpenSSLConf command (name [{0}], value [{1}])
returned [{2}]
+opensslImplementation.notAvailable=A suitable Tomcat Native implementation is
not available
+
sessionContext.nullTicketKeys=Null keys
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
index 87ec2ad7ae..7aa83baf94 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
@@ -21,17 +21,22 @@ import java.util.Map;
import javax.net.ssl.SSLSession;
+import org.apache.tomcat.jni.AprStatus;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.jsse.JSSESupport;
+import org.apache.tomcat.util.res.StringManager;
/**
* OpenSSL implementation of SSLImplementation.
*/
public class OpenSSLImplementation extends SSLImplementation {
+ private static final StringManager sm =
StringManager.getManager(OpenSSLImplementation.class);
+
+
/**
* Constructs an OpenSSLImplementation.
*/
@@ -40,11 +45,21 @@ public class OpenSSLImplementation extends
SSLImplementation {
@Override
public SSLSupport getSSLSupport(SSLSession session,
Map<String,List<String>> additionalAttributes) {
+ ensureAvailable();
return new JSSESupport(session, additionalAttributes);
}
@Override
public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) {
+ ensureAvailable();
return new OpenSSLUtil(certificate);
}
+
+
+ private void ensureAvailable() {
+ // Avoid a core dump if and older than minimum version is installed
+ if (!AprStatus.isAprAvailable()) {
+ throw new
IllegalStateException(sm.getString("opensslImplementation.notAvailable"));
+ }
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3c5028fdbb..8c0734370b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -261,6 +261,11 @@
Remove support for HTTP 0.9. (markt)
</update>
<!-- Entries for backport and removal before 12.0.0-M1 below this line
-->
+ <fix>
+ Avoid a potential JVM crash if a suitable version of Tomcat Native is
+ not available when the connector is explicitly configured to use Tomcat
+ Native with OpenSSL for TLS. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
