[Bug 62389] Add ipv6 loopback address to the default internalProxies
https://bz.apache.org/bugzilla/show_bug.cgi?id=62389 --- Comment #3 from Konstantin Kolinko --- ::1 should be added to the list as well, like we do for RemoteAddrValve. When Tomcat runs with APR connector, request.getRemoteAddr() returns "::1" when accessed from localhost. This value can be seen in access logs. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-7-trunk
The Buildbot has detected a restored build on builder tomcat-7-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-7-trunk/builds/1113 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' triggered this build Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1832895 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832895 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/valves/RemoteIpValve.java test/org/apache/catalina/valves/TestRemoteIpValve.java
Author: markt Date: Mon Jun 4 21:00:34 2018 New Revision: 1832895 URL: http://svn.apache.org/viewvc?rev=1832895=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57926 Restore the original X-Forwarded-By and X-Forwarded-For headers after processing along with the other original values. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java tomcat/tc7.0.x/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 4 21:00:34 2018 @@ -1,3 +1,3 @@ /tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1 725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1758563,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,180281
buildbot failure in on tomcat-7-trunk
The Buildbot has detected a new failure on builder tomcat-7-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-7-trunk/builds/1112 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' triggered this build Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1832885 Blamelist: markt BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832885 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ test/org/apache/catalina/filters/ test/org/apache/catalina/valves/ webapps/docs/
Author: markt Date: Mon Jun 4 19:02:26 2018 New Revision: 1832885 URL: http://svn.apache.org/viewvc?rev=1832885=rev Log: Correctly handle the case when the request passes through one or more trustedProxies but no internalProxies. Based on a patch by zhanhb Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java tomcat/tc7.0.x/trunk/test/org/apache/catalina/filters/TestRemoteIpFilter.java tomcat/tc7.0.x/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 4 19:02:26 2018 @@ -1,3 +1,3 @@ /tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1 725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1758563,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,180281
svn commit: r1832884 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ test/org/apache/catalina/filters/ test/org/apache/catalina/valves/ webapps/docs/
Author: markt Date: Mon Jun 4 19:01:26 2018 New Revision: 1832884 URL: http://svn.apache.org/viewvc?rev=1832884=rev Log: Correctly handle the case when the request passes through one or more trustedProxies but no internalProxies. Based on a patch by zhanhb Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java tomcat/tc8.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TestRemoteIpFilter.java tomcat/tc8.0.x/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 4 19:01:26 2018 @@ -1,2 +1,2 @@ /tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1779898,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880,1809831,1812093,1812143,1812145,1812319,1814975,1815945,1815956,1820207,1822186,1823164,1823497,1824960,1826872-1826873,1827862,1829310,1829777,1829796,1829935,1830215,1830991,1831042,1831557,1831569,1832269,1832271,1832693 -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
svn commit: r1832883 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ test/org/apache/catalina/filters/ test/org/apache/catalina/valves/ webapps/docs/
Author: markt Date: Mon Jun 4 18:59:46 2018 New Revision: 1832883 URL: http://svn.apache.org/viewvc?rev=1832883=rev Log: Correctly handle the case when the request passes through one or more trustedProxies but no internalProxies. Based on a patch by zhanhb Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java tomcat/tc8.5.x/trunk/test/org/apache/catalina/filters/TestRemoteIpFilter.java tomcat/tc8.5.x/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 4 18:59:46 2018 @@ -1,2 +1,2 @@ /tomcat/tc8.0.x/trunk:1809644 -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409 ,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747 404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1 756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
[GitHub] tomcat pull request #45: Update RemoteIpValve.java
Github user asfgit closed the pull request at: https://github.com/apache/tomcat/pull/45 --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832882 - in /tomcat/trunk: java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ test/org/apache/catalina/filters/ test/org/apache/catalina/valves/ webapps/docs/
Author: markt Date: Mon Jun 4 18:57:59 2018 New Revision: 1832882 URL: http://svn.apache.org/viewvc?rev=1832882=rev Log: Correctly handle the case when the request passes through one or more trustedProxies but no internalProxies. Based on a patch by zhanhb This closes #45 Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java tomcat/trunk/test/org/apache/catalina/filters/TestRemoteIpFilter.java tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1832882=1832881=1832882=diff == --- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original) +++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Mon Jun 4 18:57:59 2018 @@ -67,7 +67,8 @@ import org.apache.juli.logging.LogFactor * This servlet filter proceeds as follows: * * - * If the incoming request.getRemoteAddr() matches the servlet filter's list of internal proxies : + * If the incoming request.getRemoteAddr() matches the servlet + * filter's list of internal or trusted proxies: * * * Loop on the comma delimited list of IPs and hostnames passed by the preceding load balancer or proxy in the given request's Http @@ -761,8 +762,11 @@ public class RemoteIpFilter extends Gene public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { -if (internalProxies != null && -internalProxies.matcher(request.getRemoteAddr()).matches()) { +boolean isInternal = internalProxies != null && +internalProxies.matcher(request.getRemoteAddr()).matches(); + +if (isInternal || (trustedProxies != null && +trustedProxies.matcher(request.getRemoteAddr()).matches())) { String remoteIp = null; // In java 6, proxiesHeaderValue should be declared as a java.util.Deque LinkedList proxiesHeaderValue = new LinkedList<>(); @@ -778,11 +782,14 @@ public class RemoteIpFilter extends Gene String[] remoteIpHeaderValue = commaDelimitedListToStringArray(concatRemoteIpHeaderValue.toString()); int idx; +if (!isInternal) { +proxiesHeaderValue.addFirst(request.getRemoteAddr()); +} // loop on remoteIpHeaderValue to find the first trusted remote ip and to build the proxies chain for (idx = remoteIpHeaderValue.length - 1; idx >= 0; idx--) { String currentRemoteIp = remoteIpHeaderValue[idx]; remoteIp = currentRemoteIp; -if (internalProxies.matcher(currentRemoteIp).matches()) { +if (internalProxies !=null && internalProxies.matcher(currentRemoteIp).matches()) { // do nothing, internalProxies IPs are not appended to the } else if (trustedProxies != null && trustedProxies.matcher(currentRemoteIp).matches()) { Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1832882=1832881=1832882=diff == --- tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original) +++ tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Mon Jun 4 18:57:59 2018 @@ -47,7 +47,8 @@ import org.apache.tomcat.util.http.MimeH * This valve proceeds as follows: * * - * If the incoming request.getRemoteAddr() matches the valve's list of internal proxies : + * If the incoming request.getRemoteAddr() matches the valve's list + * of internal or trusted proxies: * * * Loop on the comma delimited list of IPs and hostnames passed by the preceding load balancer or proxy in the given request's Http @@ -572,9 +573,11 @@ public class RemoteIpValve extends Valve final int originalServerPort = request.getServerPort(); final String originalProxiesHeader = request.getHeader(proxiesHeader); final String originalRemoteIpHeader = request.getHeader(remoteIpHeader); +boolean isInternal = internalProxies != null && +internalProxies.matcher(originalRemoteAddr).matches(); -if (internalProxies !=null && -internalProxies.matcher(originalRemoteAddr).matches()) { +if (isInternal || (trustedProxies != null && +trustedProxies.matcher(originalRemoteAddr).matches())) { String remoteIp = null; // In java 6,
[Bug 56148] support (multiple) ocsp stapling
https://bz.apache.org/bugzilla/show_bug.cgi?id=56148 --- Comment #3 from Christopher Schultz --- Looks like Java 9 has OCSP stapling[1]. See slide 47. Looks like you can just set a system preference and magically you get OCSP stapling. [1] https://cdn.app.compendium.com/uploads/user/e7c690e8-6ff9-102a-ac6d-e4aebca50425/f4a5b21d-66fa-4885-92bf-c4e81c06d916/File/3c93ea22f64e8a22f67d65c46613c466/j1_2015_con6710.pdf -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62122] undefined symbol: SSL_COMP_free_compression_methods
https://bz.apache.org/bugzilla/show_bug.cgi?id=62122 Christopher Schultz changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID |--- -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62122] undefined symbol: SSL_COMP_free_compression_methods
https://bz.apache.org/bugzilla/show_bug.cgi?id=62122 --- Comment #3 from Christopher Schultz --- Re-opening original BZ issue. Seems like this needs to be fixed by capping the OpenSSL version number used in the #ifdef. jballon, would you mind actually testing your proposed solution? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62428] undefined symbol: SSL_COMP_free_compression_methods
https://bz.apache.org/bugzilla/show_bug.cgi?id=62428 Christopher Schultz changed: What|Removed |Added Resolution|--- |DUPLICATE Status|NEW |RESOLVED --- Comment #1 from Christopher Schultz --- *** This bug has been marked as a duplicate of bug 62122 *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62122] undefined symbol: SSL_COMP_free_compression_methods
https://bz.apache.org/bugzilla/show_bug.cgi?id=62122 --- Comment #2 from Christopher Schultz --- *** Bug 62428 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62428] undefined symbol: SSL_COMP_free_compression_methods
https://bz.apache.org/bugzilla/show_bug.cgi?id=62428 jbal...@akamai.com changed: What|Removed |Added OS|Mac OS X 10.1 |Linux -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62428] New: undefined symbol: SSL_COMP_free_compression_methods
https://bz.apache.org/bugzilla/show_bug.cgi?id=62428 Bug ID: 62428 Summary: undefined symbol: SSL_COMP_free_compression_methods Product: Tomcat Native Version: 1.2.14 Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: normal Priority: P2 Component: Library Assignee: dev@tomcat.apache.org Reporter: jbal...@akamai.com Target Milestone: --- Refiling ticket since it was "RESOLVED INVALID" which I disagree with. As per Bug 62122, the SSL_COMP_free_compression_methods was deprecated and the use of needs to be removed from Tomcat Native or needs to restricted to specific versions of OpenSSL if it is not going to be removed. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62420] Documents
https://bz.apache.org/bugzilla/show_bug.cgi?id=62420 Coty Sutherland changed: What|Removed |Added Resolution|WORKSFORME |INVALID -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62420] Documents
https://bz.apache.org/bugzilla/show_bug.cgi?id=62420 jfclere changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW |RESOLVED -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62122] undefined symbol: SSL_COMP_free_compression_methods
https://bz.apache.org/bugzilla/show_bug.cgi?id=62122 jfclere changed: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from jfclere --- per openssl doc it says it is deprecated and do nothing, so I close the bug. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62094] Certificate verification using CRL with Tomcat APR connector does not work
https://bz.apache.org/bugzilla/show_bug.cgi?id=62094 --- Comment #2 from jfclere --- a diff -u would be more easy to review... I can't find CRL FIX in the attachement -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62221] OCSP response processing uses always the first entry in the response
https://bz.apache.org/bugzilla/show_bug.cgi?id=62221 jfclere changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from jfclere --- Fixed in trunk will in 1.2.17 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832863 - /tomcat/native/trunk/native/src/sslutils.c
Author: jfclere Date: Mon Jun 4 16:02:26 2018 New Revision: 1832863 URL: http://svn.apache.org/viewvc?rev=1832863=rev Log: follow up for r1832832... more mod_ssl arrangements. Modified: tomcat/native/trunk/native/src/sslutils.c Modified: tomcat/native/trunk/native/src/sslutils.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1832863=1832862=1832863=diff == --- tomcat/native/trunk/native/src/sslutils.c (original) +++ tomcat/native/trunk/native/src/sslutils.c Mon Jun 4 16:02:26 2018 @@ -532,7 +532,7 @@ static int ssl_verify_OCSP(int ok, X509_ break; case OCSP_STATUS_UNKNOWN: /* correct error code for application errors? */ -// X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); +X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); break; } } @@ -1010,11 +1010,12 @@ end: /* Process the OCSP_RESPONSE and returns the corresponding answert according to the status. */ -static int process_ocsp_response(OCSP_RESPONSE *ocsp_resp) +static int process_ocsp_response(OCSP_RESPONSE *ocsp_resp, X509 *cert, X509 *issuer) { int r, o = V_OCSP_CERTSTATUS_UNKNOWN, i; OCSP_BASICRESP *bs; OCSP_SINGLERESP *ss; +OCSP_CERTID *certid; r = OCSP_response_status(ocsp_resp); @@ -1024,7 +1025,13 @@ static int process_ocsp_response(OCSP_RE } bs = OCSP_response_get1_basic(ocsp_resp); -ss = OCSP_resp_get0(bs,0); /* we know we have only 1 request */ +certid = OCSP_cert_to_id(NULL, cert, issuer); +if (certid == NULL) { +OCSP_RESPONSE_free(ocsp_resp); +return OCSP_STATUS_UNKNOWN; +} +ss = OCSP_resp_get0(bs, OCSP_resp_find(bs, certid, -1)); /* find by serial number and get the matching response */ + i = OCSP_single_get0_status(ss, NULL, NULL, NULL, NULL); if (i == V_OCSP_CERTSTATUS_GOOD) @@ -1035,6 +1042,7 @@ static int process_ocsp_response(OCSP_RE o = OCSP_STATUS_UNKNOWN; /* we clean up */ +OCSP_CERTID_free(certid); OCSP_RESPONSE_free(ocsp_resp); return o; } @@ -1067,7 +1075,7 @@ static int ssl_ocsp_request(X509 *cert, approach is to iterate for all the possible ocsp urls */ resp = get_ocsp_response(cert, issuer, ocsp_urls[0]); if (resp != NULL) { -rv = process_ocsp_response(resp); +rv = process_ocsp_response(resp, cert, issuer); } else { /* correct error code for application errors? */ X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832857 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/digester/Digester.java webapps/docs/changelog.xml
Author: csutherl Date: Mon Jun 4 15:09:26 2018 New Revision: 1832857 URL: http://svn.apache.org/viewvc?rev=1832857=rev Log: Fix potential NullPointerException in replaceSystemProperties() seemingly caused by changing StringManager sm declaration to static Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/digester/Digester.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 4 15:09:26 2018 @@ -1,2 +1,2 @@ /tomcat/tc8.0.x/trunk:1809644 -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409 ,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747 404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1 756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
svn commit: r1832856 - in /tomcat/trunk: java/org/apache/tomcat/util/digester/Digester.java webapps/docs/changelog.xml
Author: csutherl Date: Mon Jun 4 15:07:57 2018 New Revision: 1832856 URL: http://svn.apache.org/viewvc?rev=1832856=rev Log: Fix potential NullPointerException in replaceSystemProperties() seemingly caused by changing StringManager sm declaration to static Modified: tomcat/trunk/java/org/apache/tomcat/util/digester/Digester.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/digester/Digester.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/digester/Digester.java?rev=1832856=1832855=1832856=diff == --- tomcat/trunk/java/org/apache/tomcat/util/digester/Digester.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/digester/Digester.java Mon Jun 4 15:07:57 2018 @@ -84,6 +84,7 @@ public class Digester extends DefaultHan protected static IntrospectionUtils.PropertySource propertySource; private static boolean propertySourceSet = false; +protected static final StringManager sm = StringManager.getManager(Digester.class); static { String className = System.getProperty("org.apache.tomcat.util.digester.PROPERTY_SOURCE"); @@ -309,7 +310,6 @@ public class Digester extends DefaultHan * The Log to which most logging calls will be made. */ protected Log log = LogFactory.getLog(Digester.class); -protected static final StringManager sm = StringManager.getManager(Digester.class); /** * The Log to which all SAX event related logging calls will be made. Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1832856=1832855=1832856=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 4 15:07:57 2018 @@ -191,6 +191,10 @@ not contain leading zeros in the IPv4 part. Based on a patch by Katya Stoycheva. (markt) + +Fix NullPointerException thrown from +replaceSystemProperties() when trying to log messages. (csutherl) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat issue #77: Removed findbugs bad practice warnings by making classes f...
Github user markt-asf commented on the issue: https://github.com/apache/tomcat/pull/77 These have been resolved since this PR was opened. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat pull request #77: Removed findbugs bad practice warnings by making cl...
Github user markt-asf closed the pull request at: https://github.com/apache/tomcat/pull/77 --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat issue #49: Fix parser to fail if leading zeros in IPv4 part of IPv6 a...
Github user markt-asf commented on the issue: https://github.com/apache/tomcat/pull/49 Thanks for the patch. Sorry it took a while to apply it. Due to our delays I had to adapt things a little. Fixed in: - trunk for 9.0.9 onwards - 8.5.x for 8.5.32 onwards - 8.0.x for 8.0.53 onwards - 7.0.x for 7.0.89 onwards --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat pull request #49: Fix parser to fail if leading zeros in IPv4 part of...
Github user markt-asf closed the pull request at: https://github.com/apache/tomcat/pull/49 --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832846 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/http/parser/ test/org/apache/tomcat/util/http/parser/ webapps/docs/
Author: markt Date: Mon Jun 4 13:20:53 2018 New Revision: 1832846 URL: http://svn.apache.org/viewvc?rev=1832846=rev Log: Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do not contain leading zeros in the IPv4 part. Based on a patch by Katya Stoycheva. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 4 13:20:53 2018 @@ -1,3 +1,3 @@ /tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1 725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1758563,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,180281
svn commit: r1832845 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/tomcat/util/http/parser/ test/org/apache/tomcat/util/http/parser/ webapps/docs/
Author: markt Date: Mon Jun 4 13:20:20 2018 New Revision: 1832845 URL: http://svn.apache.org/viewvc?rev=1832845=rev Log: Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do not contain leading zeros in the IPv4 part. Based on a patch by Katya Stoycheva. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 4 13:20:20 2018 @@ -1,2 +1,2 @@ /tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1779898,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880,1809831,1812093,1812143,1812145,1812319,1814975,1815945,1815956,1820207,1822186,1823164,1823497,1824960,1826872-1826873,1827862,1829310,1829777,1829796,1829935,1830215,1830991,1831042,1831557,1831569,1832269,1832271,1832693 -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
svn commit: r1832844 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/http/parser/ test/org/apache/tomcat/util/http/parser/ webapps/docs/
Author: markt Date: Mon Jun 4 13:19:52 2018 New Revision: 1832844 URL: http://svn.apache.org/viewvc?rev=1832844=rev Log: Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do not contain leading zeros in the IPv4 part. Based on a patch by Katya Stoycheva. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 4 13:19:52 2018 @@ -1,2 +1,2 @@ /tomcat/tc8.0.x/trunk:1809644 -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409 ,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747 404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1 756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
svn commit: r1832843 - in /tomcat/trunk: java/org/apache/tomcat/util/http/parser/HttpParser.java java/org/apache/tomcat/util/http/parser/LocalStrings.properties test/org/apache/tomcat/util/http/parser
Author: markt Date: Mon Jun 4 13:18:54 2018 New Revision: 1832843 URL: http://svn.apache.org/viewvc?rev=1832843=rev Log: Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do not contain leading zeros in the IPv4 part. Based on a patch by Katya Stoycheva. Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java?rev=1832843=1832842=1832843=diff == --- tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java Mon Jun 4 13:18:54 2018 @@ -661,6 +661,15 @@ public class HttpParser { } else if (isNumeric(c)) { if (octet == -1) { octet = c - '0'; +} else if (octet == 0) { +// Leading zero in non-zero octet. Not valid (ambiguous). +if (inIPv6) { +throw new IllegalArgumentException(sm.getString("http.invalidLeadingZero")); +} else { +// Could be a host/FQDN +reader.reset(); +return readHostDomainName(reader); +} } else { octet = octet * 10 + c - '0'; } Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties?rev=1832843=1832842=1832843=diff == --- tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties Mon Jun 4 13:18:54 2018 @@ -26,6 +26,7 @@ http.illegalCharacterIpv6=The character http.invalidCharacterDomain=The character [{0}] is not valid{1} a domain name. http.invalidHextet=Invalid hextet. A hextet must consist of 4 or less hex characters. http.invalidIpv4Location=The IPv6 address contains an embedded IPv4 address at an invalid location. +http.invalidLeadingZero=An non-zero IPv4 octet may not contain a leading zero. http.invalidOctet=Invalid octet [{0}]. The valid range for IPv4 octets is 0 to 255. http.invalidSegmentEndState=The state [{0}] is not valid for the end of a segment. http.noClosingBracket=The IPv6 address is missing a closing bracket. Modified: tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java?rev=1832843=1832842=1832843=diff == --- tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java (original) +++ tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java Mon Jun 4 13:18:54 2018 @@ -54,17 +54,19 @@ public class TestHttpParserHost { result.add(new Object[] { TestType.IPv4, "127.0.0.1:8080", Integer.valueOf(9), null} ); result.add(new Object[] { TestType.IPv4, "0.0.0.0", Integer.valueOf(-1), null} ); result.add(new Object[] { TestType.IPv4, "0.0.0.0:8080", Integer.valueOf(7), null} ); -result.add(new Object[] { TestType.IPv4, "0", Integer.valueOf(-1), null} ); // IPv4 - invalid result.add(new Object[] { TestType.IPv4, ".0.0.0", Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv4, "0.0.0.", Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv4, "0..0.0", Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv4, "0]", Integer.valueOf(-1), IAE} ); // Domain Name - valid +result.add(new Object[] { TestType.IPv4, "0", Integer.valueOf(-1), null} ); result.add(new Object[] { TestType.IPv4, "0.0", Integer.valueOf(-1), null} ); result.add(new Object[] { TestType.IPv4, "0.0:8080", Integer.valueOf(3), null} ); result.add(new Object[] { TestType.IPv4, "0.0.0", Integer.valueOf(-1), null} ); result.add(new Object[] { TestType.IPv4, "0.0.0:8080", Integer.valueOf(5), null} ); +result.add(new Object[] { TestType.IPv4, "0.00.0.0", Integer.valueOf(-1), null} ); +result.add(new Object[] { TestType.IPv4, "0.00.0.0:8080", Integer.valueOf(8), null} ); result.add(new Object[] { TestType.IPv4, "256.0.0.0",
svn commit: r1832832 - /tomcat/native/trunk/native/src/sslutils.c
Author: jfclere Date: Mon Jun 4 12:47:18 2018 New Revision: 1832832 URL: http://svn.apache.org/viewvc?rev=1832832=rev Log: adjust the X509_STORE_CTX_get1_issuer() to X509_STORE_CTX_get0_current_issuer() like in mod_ssl httpd. Modified: tomcat/native/trunk/native/src/sslutils.c Modified: tomcat/native/trunk/native/src/sslutils.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1832832=1832831=1832832=diff == --- tomcat/native/trunk/native/src/sslutils.c (original) +++ tomcat/native/trunk/native/src/sslutils.c Mon Jun 4 12:47:18 2018 @@ -35,7 +35,7 @@ extern int WIN32_SSL_password_prompt(tcn #define ASN1_OID 0x06 #define ASN1_STRING 0x86 static int ssl_verify_OCSP(int ok, X509_STORE_CTX *ctx); -static int ssl_ocsp_request(X509 *cert, X509 *issuer); +static int ssl_ocsp_request(X509 *cert, X509 *issuer, X509_STORE_CTX *ctx); #endif /* _ @@ -519,21 +519,22 @@ static int ssl_verify_OCSP(int ok, X509_ } /* if we can't get the issuer, we cannot perform OCSP verification */ -if (X509_STORE_CTX_get1_issuer(, ctx, cert) == 1 ) { -r = ssl_ocsp_request(cert, issuer); -if (r == OCSP_STATUS_REVOKED) { +issuer = X509_STORE_CTX_get0_current_issuer(ctx); +if (issuer != NULL) { +r = ssl_ocsp_request(cert, issuer, ctx); +switch (r) { +case OCSP_STATUS_OK: +X509_STORE_CTX_set_error(ctx, X509_V_OK); +break; +case OCSP_STATUS_REVOKED: /* we set the error if we know that it is revoked */ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED); +break; +case OCSP_STATUS_UNKNOWN: +/* correct error code for application errors? */ +// X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); +break; } -else { -/* else we return unknown */ -r = OCSP_STATUS_UNKNOWN; -} -X509_free(issuer); /* It appears that we should free issuer since -* X509_STORE_CTX_get1_issuer() calls X509_OBJECT_up_ref_count() -* on the issuer object (unline X509_STORE_CTX_get_current_cert() -* that just returns the pointer -*/ } return r; } @@ -1038,7 +1039,7 @@ static int process_ocsp_response(OCSP_RE return o; } -static int ssl_ocsp_request(X509 *cert, X509 *issuer) +static int ssl_ocsp_request(X509 *cert, X509 *issuer, X509_STORE_CTX *ctx) { char **ocsp_urls = NULL; int nid; @@ -1061,13 +1062,20 @@ static int ssl_ocsp_request(X509 *cert, the ocsp status. Otherwise, return OCSP_STATUS_UNKNOWN */ if (ocsp_urls != NULL) { OCSP_RESPONSE *resp; +int rv = OCSP_STATUS_UNKNOWN; /* for the time being just check for the fist response .. a better approach is to iterate for all the possible ocsp urls */ resp = get_ocsp_response(cert, issuer, ocsp_urls[0]); +if (resp != NULL) { +rv = process_ocsp_response(resp); +} else { +/* correct error code for application errors? */ +X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); +} if (resp != NULL) { apr_pool_destroy(p); -return process_ocsp_response(resp); +return rv; } } apr_pool_destroy(p); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62146] Support to add customized KeyManager like "trustManagerClassName" did.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62146 Mark Thomas changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #7 from Mark Thomas --- The patch looks OK. I don't see any reason why it wouldn't be safe to use in production. One minor comment is that it refers to local String "jsse.invalidKeyManagerClassName" that doesn't exist. Back-porting the reloading from 8.5.x isn't an option as it depends on some major factoring that took place in 8.5.x. I don't think we should add this feature to 7.0.x. Adding the feature to 7.0.x would create the expectation that the feature would also exist in 8.5.x onwards and there is - currently - no use case for this feature in 8.5.x onwards. I am therefore resolving this as WONTFIX. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [GUMP@vmgump-vm3]: Project tomcat-trunk-test-nio (in module tomcat-trunk) failed
On 04/06/18 10:06, Mark Thomas wrote: > Rather than just apply the fix, I'm going to take another look at how > bnd is integrated into the build process. I want to see if there is a > better way to do it. What I was looking for was a way to generate the manifest independently of re-packaging the JAR. That option doesn't seem to exist. We could: - build a temporary JAR - generate the manifest - remove the temporary JAR - build the real JAR but that doesn't seem any better than the current approach. Therefore, I have added the system property to vmgump. We should see if it has worked on the next run. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [GUMP@vmgump-vm3]: Project tomcat-trunk-test-nio (in module tomcat-trunk) failed
On 04/06/18 04:06, Bill Barker wrote: > To whom it may engage... > > This is an automated request, but not an unsolicited one. For > more information please visit http://gump.apache.org/nagged.html, > and/or contact the folk at gene...@gump.apache.org. > > Project tomcat-trunk-test-nio has an issue affecting its community > integration. > This issue affects 1 projects, > and has been outstanding for 5 runs. > The current state of this project is 'Failed', with reason 'Build Failed'. > For reference only, the following projects are affected by this: > - tomcat-trunk-test-nio : Tomcat 9.x, a web server implementing the Java > Servlet 4.0, > ... Got to the bottom of this JvM crash thanks to [1]. It is a know bug in Java [2], fixed in Java 9. The fix is to use-Dsun.zip.disableMemoryMapping=true Rather than just apply the fix, I'm going to take another look at how bnd is integrated into the build process. I want to see if there is a better way to do it. Mark [1] https://stackoverflow.com/questions/38326183/jvm-crashed-in-java-util-zip-zipfile-getentry [2] https://bugs.openjdk.java.net/browse/JDK-8142508 > > Full details are available at: > http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-test-nio/index.html > > That said, some information snippets are provided here. > > The following annotations (debug/informational/warning/error messages) were > provided: > -DEBUG- Dependency on bnd exists, no need to add for property bndlib.jar. > -INFO- Failed with reason build failed > -INFO- Project Reports in: > /srv/gump/public/workspace/tomcat-trunk/output/logs-NIO > -WARNING- No directory > [/srv/gump/public/workspace/tomcat-trunk/output/logs-NIO] > -INFO- Project Reports in: > /srv/gump/public/workspace/tomcat-trunk/output/test-tmp-NIO/logs > -WARNING- No directory > [/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-NIO/logs] > > > > The following work was performed: > http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-test-nio/gump_work/build_tomcat-trunk_tomcat-trunk-test-nio.html > Work Name: build_tomcat-trunk_tomcat-trunk-test-nio (Type: Build) > Work ended in a state of : Failed > Elapsed: 12 secs > Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true > -Dbuild.sysclasspath=only org.apache.tools.ant.Main > -Dgump.merge=/srv/gump/public/gump/work/merge.xml > -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar > -Djava.net.preferIPv4Stack=/srv/gump/public/workspace/tomcat-trunk/true > -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.7-SNAPSHOT.jar > -Dtest.reports=output/logs-NIO -Dexecute.test.nio2=false > -Dexamples.sources.skip=true > -Dbase.path=/srv/gump/public/workspace/tomcat-trunk/tomcat-build-libs > -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.7.3a-201803300640/ecj-4.7.3a.jar > -Dbndlib.jar=/srv/gump/packages/bnd/bndlib-4.0.0/biz.aQute.bndlib-4.0.0.jar > -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/target/commons-daemon-1.1.1-SNAPSHOT.jar > > -Dtest.openssl.path=/srv/gump/public/workspace/openssl-master/dest-20180604/bin/openssl > -Dtest.temp=output/test-tmp-NIO -Dtest.accesslog=true -Dexecute.test > .nio=true -Dbnd.jar=/srv/gump/packages/bnd/bnd-4.0.0/biz.aQute.bnd-4.0.0.jar > -Dexecute.test.apr=false -Dtest.excludePerformance=true > -Dtest.relaxTiming=true > -Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.7-SNAPSHOT.jar > -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar > -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test > [Working Directory: /srv/gump/public/workspace/tomcat-trunk] > CLASSPATH: > /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja > > r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/worksp