This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 48104efaad Better handling of out of date Tomcat Native
48104efaad is described below
commit 48104efaad82681a4bc796a658b6ca3bf6d599f2
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 22 16:33:31 2026 +0100
Better handling of out of date Tomcat Native
---
.../apache/tomcat/util/net/openssl/LocalStrings.properties | 2 ++
.../tomcat/util/net/openssl/OpenSSLImplementation.java | 13 +++++++++++++
webapps/docs/changelog.xml | 9 +++++++++
3 files changed, 24 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 61d88c2959..04dedbbf71 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -65,4 +65,6 @@ opensslconf.finishFailed=OpenSSLConf finish failed with
result [{0}]
opensslconf.noCommandName=OpenSSLConf no command name - will be ignored
(command value [{0}])
opensslconf.resultCommand=OpenSSLConf command (name [{0}], value [{1}])
returned [{2}]
+opensslImplementation.notAvailable=A suitable Tomcat Native implementation is
not available
+
sessionContext.nullTicketKeys=Null keys
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
index 45a9c8c338..2bd402e5d3 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
@@ -21,17 +21,21 @@ import java.util.Map;
import javax.net.ssl.SSLSession;
+import org.apache.tomcat.jni.AprStatus;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.jsse.JSSESupport;
+import org.apache.tomcat.util.res.StringManager;
/**
* OpenSSL implementation of SSLImplementation.
*/
public class OpenSSLImplementation extends SSLImplementation {
+ private static final StringManager sm =
StringManager.getManager(OpenSSLImplementation.class);
+
@Deprecated
@Override
public SSLSupport getSSLSupport(SSLSession session) {
@@ -40,11 +44,13 @@ public class OpenSSLImplementation extends
SSLImplementation {
@Override
public SSLSupport getSSLSupport(SSLSession session,
Map<String,List<String>> additionalAttributes) {
+ ensureAvailable();
return new JSSESupport(session, additionalAttributes);
}
@Override
public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) {
+ ensureAvailable();
return new OpenSSLUtil(certificate);
}
@@ -53,4 +59,11 @@ public class OpenSSLImplementation extends SSLImplementation
{
// OpenSSL supported ALPN
return true;
}
+
+ private void ensureAvailable() {
+ // Avoid a core dump if and older than minimum version is installed
+ if (!AprStatus.isAprAvailable()) {
+ throw new
IllegalStateException(sm.getString("opensslImplementation.notAvailable"));
+ }
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2370a9ca45..37b40061e4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,15 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Avoid a potential JVM crash if a suitable version of Tomcat Native is
+ not available when the connector is explicitly configured to use Tomcat
+ Native with OpenSSL for TLS. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 9.0.119 (remm)" rtext="release in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
