svn commit: r1838527 - in /tomcat/native/trunk: native/Makefile.in xdocs/miscellaneous/changelog.xml
Author: michaelo Date: Tue Aug 21 08:16:42 2018 New Revision: 1838527 URL: http://svn.apache.org/viewvc?rev=1838527&view=rev Log: BZ-62641: libbtool invocations should use --tag=CC When using the provided libtool from APR on a different platform/compiler libtool does not properly link against libapr. Passing an external one it complains about the missing tag because a proper configuration for the current one isn't present and cannot be derived. Always pass '--tag=CC' for maximum portability. Modified: tomcat/native/trunk/native/Makefile.in tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Modified: tomcat/native/trunk/native/Makefile.in URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/Makefile.in?rev=1838527&r1=1838526&r2=1838527&view=diff == --- tomcat/native/trunk/native/Makefile.in (original) +++ tomcat/native/trunk/native/Makefile.in Tue Aug 21 08:16:42 2018 @@ -57,7 +57,7 @@ ifneq ($(LIBTOOL_OLD),$(LIBTOOL)) LIBTOOL=$(LIBTOOL_OLD) endif -LINK = $(LIBTOOL) $(LTFLAGS) --mode=link $(LT_LDFLAGS) $(COMPILE) -version-info $(TCNATIVE_LIBTOOL_VERSION) $(ALL_LDFLAGS) -o $@ +LINK = $(LIBTOOL) $(LTFLAGS) --mode=link --tag=CC $(LT_LDFLAGS) $(COMPILE) -version-info $(TCNATIVE_LIBTOOL_VERSION) $(ALL_LDFLAGS) -o $@ CLEAN_SUBDIRS = test CLEAN_TARGETS = .make.dirs Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1838527&r1=1838526&r2=1838527&view=diff == --- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original) +++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Tue Aug 21 08:16:42 2018 @@ -34,6 +34,13 @@ This is the Changelog for Tomcat Native 1.2. + + + + 62641: libtool invocations should use --tag=CC. (michaelo) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch wrong-http2-version created (now 0e1de0d)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch wrong-http2-version in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 0e1de0d Fix wrong protocol version usage This branch includes the following new commits: new 0e1de0d Fix wrong protocol version usage The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: Fix wrong protocol version usage
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch wrong-http2-version in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 0e1de0d34302cdea6b3c2a47b03dcca4c7e2f9b7 Author: Michael Osipov AuthorDate: Sun Mar 31 10:03:29 2019 +0200 Fix wrong protocol version usage When serving a HTTP/2 request the protocol version was set as "HTTP/2.0" which does not exist. --- java/org/apache/coyote/http2/Stream.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/coyote/http2/Stream.java b/java/org/apache/coyote/http2/Stream.java index 3e64329..437279a 100644 --- a/java/org/apache/coyote/http2/Stream.java +++ b/java/org/apache/coyote/http2/Stream.java @@ -126,7 +126,7 @@ class Stream extends AbstractStream implements HeaderEmitter { this.coyoteRequest.setSendfile(handler.hasAsyncIO() && handler.getProtocol().getUseSendfile()); this.coyoteResponse.setOutputBuffer(http2OutputBuffer); this.coyoteRequest.setResponse(coyoteResponse); -this.coyoteRequest.protocol().setString("HTTP/2.0"); +this.coyoteRequest.protocol().setString("HTTP/2"); if (this.coyoteRequest.getStartTime() < 0) { this.coyoteRequest.setStartTime(System.currentTimeMillis()); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Fix APR version check in M4 macro
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 49d1a3a5b Fix APR version check in M4 macro 49d1a3a5b is described below commit 49d1a3a5baf3bd50a3d4761ceb96d3efa9c05159 Author: Michael Osipov AuthorDate: Thu Apr 18 08:20:08 2024 +0200 Fix APR version check in M4 macro --- native/build/tcnative.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/native/build/tcnative.m4 b/native/build/tcnative.m4 index 272eac47f..11789e5b5 100644 --- a/native/build/tcnative.m4 +++ b/native/build/tcnative.m4 @@ -38,9 +38,9 @@ AC_DEFUN([TCN_FIND_APR],[ set $sapr_version IFS=$tc_save_IFS decimal_apr_version=`printf %02d%02d%03d ${1} ${2} ${3}` - if test "${decimal_apr_version}" -lt "0104003" + if test "${decimal_apr_version}" -lt "0107000" then -AC_MSG_ERROR(Found APR $sapr_version. You need version 1.4.3 or newer installed.) +AC_MSG_ERROR(Found APR $sapr_version. You need version 1.7.0 or newer installed.) fi AC_MSG_NOTICE(APR $sapr_version detected.) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Fix comment
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 43ddd1e80 Fix comment 43ddd1e80 is described below commit 43ddd1e8059528454110198ca0d7d191322beeaf Author: Michael Osipov AuthorDate: Thu Apr 18 08:24:42 2024 +0200 Fix comment --- native/src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/native/src/ssl.c b/native/src/ssl.c index 7f4ca7e78..7624a4e67 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -405,7 +405,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeGet)(TCN_STDARGS) const char *name; UNREFERENCED(o); -// Maps the OpenSSL 3. x onwards behaviour to theOpenSSL 1.x API +// Maps the OpenSSL 3.x onwards behaviour to the OpenSSL 1.x API // Checks that FIPS is the default provider md = EVP_MD_fetch(NULL, "SHA-512", NULL); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch 1.3.x updated: Fix comment
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.3.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.3.x by this push: new 5998cbf84 Fix comment 5998cbf84 is described below commit 5998cbf8484e0b65dbb4a1fc17a5da9f5190b8b1 Author: Michael Osipov AuthorDate: Thu Apr 18 08:24:42 2024 +0200 Fix comment --- native/src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/native/src/ssl.c b/native/src/ssl.c index 56304ee29..5ca7c0781 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -653,7 +653,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeGet)(TCN_STDARGS) const char *name; UNREFERENCED(o); -// Maps the OpenSSL 3. x onwards behaviour to theOpenSSL 1.x API +// Maps the OpenSSL 3.x onwards behaviour to the OpenSSL 1.x API // Checks that FIPS is the default provider md = EVP_MD_fetch(NULL, "SHA-512", NULL); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Add missing newlines to printf statements
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 6a6a6b239 Add missing newlines to printf statements 6a6a6b239 is described below commit 6a6a6b2395036c6a6cabb2b8af22aa329e438436 Author: Michael Osipov AuthorDate: Thu May 16 16:35:38 2024 +0200 Add missing newlines to printf statements --- native/src/sslcontext.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index a7951f53f..9fbe7a19b 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -720,13 +720,13 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCACertificate)(TCN_STDARGS, BIO_printf(c->bio_os, "[WARN] Oops, you want to request client " "authentication, but no CAs are known for " -"verification!?"); +"verification!?\n"); } else { fprintf(stderr, "[WARN] Oops, you want to request client " "authentication, but no CAs are known for " -"verification!?"); +"verification!?\n"); } } @@ -1679,10 +1679,10 @@ TCN_IMPLEMENT_CALL(void, SSLContext, setSessionTicketKeys)(TCN_STDARGS, jlong ct if ((*e)->GetArrayLength(e, keys) != TICKET_KEYS_SIZE) { if (c->bio_os) { -BIO_printf(c->bio_os, "[ERROR] Session ticket keys provided were wrong size."); +BIO_printf(c->bio_os, "[ERROR] Session ticket keys provided were wrong size.\n"); } else { -fprintf(stderr, "[ERROR] Session ticket keys provided were wrong size."); +fprintf(stderr, "[ERROR] Session ticket keys provided were wrong size.\n"); } exit(1); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch 1.3.x updated: Add missing newlines to printf statements
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.3.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.3.x by this push: new 6ddbab7fe Add missing newlines to printf statements 6ddbab7fe is described below commit 6ddbab7fe4ac9e5c82ec26c5a2ba66ead8b405bd Author: Michael Osipov AuthorDate: Thu May 16 16:35:38 2024 +0200 Add missing newlines to printf statements --- native/src/sslcontext.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 660aed768..e3d67131d 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -721,13 +721,13 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCACertificate)(TCN_STDARGS, BIO_printf(c->bio_os, "[WARN] Oops, you want to request client " "authentication, but no CAs are known for " -"verification!?"); +"verification!?\n"); } else { fprintf(stderr, "[WARN] Oops, you want to request client " "authentication, but no CAs are known for " -"verification!?"); +"verification!?\n"); } } @@ -1680,10 +1680,10 @@ TCN_IMPLEMENT_CALL(void, SSLContext, setSessionTicketKeys)(TCN_STDARGS, jlong ct if ((*e)->GetArrayLength(e, keys) != TICKET_KEYS_SIZE) { if (c->bio_os) { -BIO_printf(c->bio_os, "[ERROR] Session ticket keys provided were wrong size."); +BIO_printf(c->bio_os, "[ERROR] Session ticket keys provided were wrong size.\n"); } else { -fprintf(stderr, "[ERROR] Session ticket keys provided were wrong size."); +fprintf(stderr, "[ERROR] Session ticket keys provided were wrong size.\n"); } exit(1); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Fix a crash on Windows in SSLContext.setCACertificate()
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 745455f12 Fix a crash on Windows in SSLContext.setCACertificate() 745455f12 is described below commit 745455f127e3181c75f694d5821eead9d5ab4c00 Author: Michael Osipov AuthorDate: Thu May 16 17:48:26 2024 +0200 Fix a crash on Windows in SSLContext.setCACertificate() --- native/src/sslcontext.c | 2 +- xdocs/miscellaneous/changelog.xml | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 9fbe7a19b..72feb4324 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -708,7 +708,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCACertificate)(TCN_STDARGS, SSL_CTX_set_client_CA_list(c->ctx, ca_certs); } else { -if (!SSL_add_file_cert_subjects_to_stack(ca_certs, J2S(file))) +if (file != NULL && !SSL_add_file_cert_subjects_to_stack(ca_certs, J2S(file))) ca_certs = NULL; } if (ca_certs == NULL && c->verify_mode == SSL_CVERIFY_REQUIRE) { diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 5d16781b6..5ee7eacf0 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -33,6 +33,13 @@ + + Fix a crash on Windows when SSLContext.setCACertificate() + is invoked with a null value for caCertificateFile + and a non-null value for caCertificatePath + until properly addressed with + https://github.com/openssl/openssl/issues/24416. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch 1.3.x updated: Fix a crash on Windows in SSLContext.setCACertificate()
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.3.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.3.x by this push: new e77dcb05d Fix a crash on Windows in SSLContext.setCACertificate() e77dcb05d is described below commit e77dcb05d395e7dec6ed071a332af0e7287e0c35 Author: Michael Osipov AuthorDate: Thu May 16 17:48:26 2024 +0200 Fix a crash on Windows in SSLContext.setCACertificate() --- native/src/sslcontext.c | 2 +- xdocs/miscellaneous/changelog.xml | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index e3d67131d..76662cc09 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -709,7 +709,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCACertificate)(TCN_STDARGS, SSL_CTX_set_client_CA_list(c->ctx, ca_certs); } else { -if (!SSL_add_file_cert_subjects_to_stack(ca_certs, J2S(file))) +if (file != NULL && !SSL_add_file_cert_subjects_to_stack(ca_certs, J2S(file))) ca_certs = NULL; } if (ca_certs == NULL && c->verify_mode == SSL_CVERIFY_REQUIRE) { diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 027f715f7..d88705ed6 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -33,6 +33,13 @@ + + Fix a crash on Windows when SSLContext.setCACertificate() + is invoked with a null value for caCertificateFile + and a non-null value for caCertificatePath + until properly addressed with + https://github.com/openssl/openssl/issues/24416. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 956c4577ca Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) 956c4577ca is described below commit 956c4577caedca7d77c5eb996a83ebafdf80b889 Author: Michael Osipov AuthorDate: Tue Jun 11 11:11:29 2024 +0200 Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) A realm might want to access extended/additional information from an established GSS context to properly build an authenticated princpal. One prominent example is com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType). --- java/org/apache/catalina/realm/RealmBase.java | 16 +++- webapps/docs/changelog.xml| 5 + 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java index c0aaa49068..c441d51ecf 100644 --- a/java/org/apache/catalina/realm/RealmBase.java +++ b/java/org/apache/catalina/realm/RealmBase.java @@ -484,7 +484,7 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm { } } -return getPrincipal(gssName, gssCredential); +return getPrincipal(gssName, gssCredential, gssContext); } } else { log.error(sm.getString("realmBase.gssContextNotEstablished")); @@ -1201,6 +1201,20 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm { protected abstract Principal getPrincipal(String username); +/** + * Get the principal associated with the specified {@link GSSName}. + * + * @param gssName The GSS name + * @param gssCredential the GSS credential of the principal + * @param gssContext the established GSS context + * + * @return the principal associated with the given user name. + */ +protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential, GSSContext gssContext) { +return getPrincipal(gssName, gssCredential); +} + + /** * Get the principal associated with the specified {@link GSSName}. * diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index cd704f988c..1273c41722 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -118,6 +118,11 @@ 69066: Fix regression in SPNEGO authenticator when processing Base64. Submitted by Daniel Lyko. (remm) + +Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) +for retrieving extended/additional information from an established +GSS context. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 2f0187e02b Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) 2f0187e02b is described below commit 2f0187e02b571c67e7d124bd21fb28e02721c98c Author: Michael Osipov AuthorDate: Tue Jun 11 11:11:29 2024 +0200 Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) A realm might want to access extended/additional information from an established GSS context to properly build an authenticated princpal. One prominent example is com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType). --- java/org/apache/catalina/realm/RealmBase.java | 16 +++- webapps/docs/changelog.xml| 5 + 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java index 438b7296df..0021696b50 100644 --- a/java/org/apache/catalina/realm/RealmBase.java +++ b/java/org/apache/catalina/realm/RealmBase.java @@ -492,7 +492,7 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm { } } -return getPrincipal(gssName, gssCredential); +return getPrincipal(gssName, gssCredential, gssContext); } } else { log.error(sm.getString("realmBase.gssContextNotEstablished")); @@ -1225,6 +1225,20 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm { protected abstract Principal getPrincipal(String username); +/** + * Get the principal associated with the specified {@link GSSName}. + * + * @param gssName The GSS name + * @param gssCredential the GSS credential of the principal + * @param gssContext the established GSS context + * + * @return the principal associated with the given user name. + */ +protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential, GSSContext gssContext) { +return getPrincipal(gssName, gssCredential); +} + + /** * Get the principal associated with the specified {@link GSSName}. * diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 390870161c..3e238ff8b4 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -118,6 +118,11 @@ 69066: Fix regression in SPNEGO authenticator when processing Base64. Submitted by Daniel Lyko. (remm) + +Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) +for retrieving extended/additional information from an established +GSS context. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 9cace36b99 Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) 9cace36b99 is described below commit 9cace36b9917d978cc6760ed41d81bb1bb95d17f Author: Michael Osipov AuthorDate: Tue Jun 11 11:11:29 2024 +0200 Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) A realm might want to access extended/additional information from an established GSS context to properly build an authenticated princpal. One prominent example is com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType). --- java/org/apache/catalina/realm/RealmBase.java | 16 +++- webapps/docs/changelog.xml| 5 + 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java index 45082831ab..471bc6e896 100644 --- a/java/org/apache/catalina/realm/RealmBase.java +++ b/java/org/apache/catalina/realm/RealmBase.java @@ -492,7 +492,7 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm { } } -return getPrincipal(gssName, gssCredential); +return getPrincipal(gssName, gssCredential, gssContext); } } else { log.error(sm.getString("realmBase.gssContextNotEstablished")); @@ -1247,6 +1247,20 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm { } +/** + * Get the principal associated with the specified {@link GSSName}. + * + * @param gssName The GSS name + * @param gssCredential the GSS credential of the principal + * @param gssContext the established GSS context + * + * @return the principal associated with the given user name. + */ +protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential, GSSContext gssContext) { +return getPrincipal(gssName, gssCredential); +} + + /** * Get the principal associated with the specified {@link GSSName}. * diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 27569bd081..611c596507 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -130,6 +130,11 @@ attribute, thus causing facade objects to be discarded by default. (remm) + +Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) +for retrieving extended/additional information from an established +GSS context. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch apache-main created (now 7929f10)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch apache-main in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 7929f10 AprLifecycleListener does not show dev version suffix for libtcnative and libapr This branch includes the following new commits: new 7929f10 AprLifecycleListener does not show dev version suffix for libtcnative and libapr The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: AprLifecycleListener does not show dev version suffix for libtcnative and libapr
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch apache-main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 7929f10f12e7d9e958f16086e28928e9adc9af62 Author: Michael Osipov AuthorDate: Tue May 25 20:14:19 2021 +0200 AprLifecycleListener does not show dev version suffix for libtcnative and libapr --- java/org/apache/catalina/core/AprLifecycleListener.java | 12 +--- webapps/docs/changelog.xml | 4 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index 6b6a8e7..ca6e4cd 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -213,8 +213,8 @@ public class AprLifecycleListener return; } if (apver < rqver) { -log.error(sm.getString("aprListener.tcnInvalid", major + "." -+ minor + "." + patch, +log.error(sm.getString("aprListener.tcnInvalid", +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_REQUIRED_MINOR + "." + TCN_REQUIRED_PATCH)); @@ -230,17 +230,15 @@ public class AprLifecycleListener } if (apver < rcver) { initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", -major + "." + minor + "." + patch, +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_RECOMMENDED_MINOR + "." + TCN_RECOMMENDED_PV)); } initInfoLogMessages.add(sm.getString("aprListener.tcnValid", -major + "." + minor + "." + patch, -Library.APR_MAJOR_VERSION + "." + -Library.APR_MINOR_VERSION + "." + -Library.APR_PATCH_VERSION)); +Library.versionString(), +Library.aprVersionString())); // Log APR flags initInfoLogMessages.add(sm.getString("aprListener.flags", diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 7f8b6ad..6e20426 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -156,6 +156,10 @@ setAttribute(), getAttribute() and getAttributes() introduced in Servlet 5.1. (markt) + +AprLifecycleListener does not show dev version suffix for libtcnative +and libapr. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: AprLifecycleListener does not show dev version suffix for libtcnative and libapr
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 7929f10 AprLifecycleListener does not show dev version suffix for libtcnative and libapr 7929f10 is described below commit 7929f10f12e7d9e958f16086e28928e9adc9af62 Author: Michael Osipov AuthorDate: Tue May 25 20:14:19 2021 +0200 AprLifecycleListener does not show dev version suffix for libtcnative and libapr --- java/org/apache/catalina/core/AprLifecycleListener.java | 12 +--- webapps/docs/changelog.xml | 4 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index 6b6a8e7..ca6e4cd 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -213,8 +213,8 @@ public class AprLifecycleListener return; } if (apver < rqver) { -log.error(sm.getString("aprListener.tcnInvalid", major + "." -+ minor + "." + patch, +log.error(sm.getString("aprListener.tcnInvalid", +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_REQUIRED_MINOR + "." + TCN_REQUIRED_PATCH)); @@ -230,17 +230,15 @@ public class AprLifecycleListener } if (apver < rcver) { initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", -major + "." + minor + "." + patch, +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_RECOMMENDED_MINOR + "." + TCN_RECOMMENDED_PV)); } initInfoLogMessages.add(sm.getString("aprListener.tcnValid", -major + "." + minor + "." + patch, -Library.APR_MAJOR_VERSION + "." + -Library.APR_MINOR_VERSION + "." + -Library.APR_PATCH_VERSION)); +Library.versionString(), +Library.aprVersionString())); // Log APR flags initInfoLogMessages.add(sm.getString("aprListener.flags", diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 7f8b6ad..6e20426 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -156,6 +156,10 @@ setAttribute(), getAttribute() and getAttributes() introduced in Servlet 5.1. (markt) + +AprLifecycleListener does not show dev version suffix for libtcnative +and libapr. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: AprLifecycleListener does not show dev version suffix for libtcnative and libapr
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new f5e5091 AprLifecycleListener does not show dev version suffix for libtcnative and libapr f5e5091 is described below commit f5e50917669f1c102ea9f07bf99dfdba8a63cb9e Author: Michael Osipov AuthorDate: Tue May 25 20:14:19 2021 +0200 AprLifecycleListener does not show dev version suffix for libtcnative and libapr --- java/org/apache/catalina/core/AprLifecycleListener.java | 12 +--- webapps/docs/changelog.xml | 4 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index 6b6a8e7..ca6e4cd 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -213,8 +213,8 @@ public class AprLifecycleListener return; } if (apver < rqver) { -log.error(sm.getString("aprListener.tcnInvalid", major + "." -+ minor + "." + patch, +log.error(sm.getString("aprListener.tcnInvalid", +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_REQUIRED_MINOR + "." + TCN_REQUIRED_PATCH)); @@ -230,17 +230,15 @@ public class AprLifecycleListener } if (apver < rcver) { initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", -major + "." + minor + "." + patch, +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_RECOMMENDED_MINOR + "." + TCN_RECOMMENDED_PV)); } initInfoLogMessages.add(sm.getString("aprListener.tcnValid", -major + "." + minor + "." + patch, -Library.APR_MAJOR_VERSION + "." + -Library.APR_MINOR_VERSION + "." + -Library.APR_PATCH_VERSION)); +Library.versionString(), +Library.aprVersionString())); // Log APR flags initInfoLogMessages.add(sm.getString("aprListener.flags", diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 2ae624f..fd166d2 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -135,6 +135,10 @@ before attempting conversion to String. Pull request provided by tianshuang. (markt) + +AprLifecycleListener does not show dev version suffix for libtcnative +and libapr. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: AprLifecycleListener does not show dev version suffix for libtcnative and libapr
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 9745d4b AprLifecycleListener does not show dev version suffix for libtcnative and libapr 9745d4b is described below commit 9745d4b5eda124a3fc7f843a8d7d99bb164b36ca Author: Michael Osipov AuthorDate: Tue May 25 20:14:19 2021 +0200 AprLifecycleListener does not show dev version suffix for libtcnative and libapr --- java/org/apache/catalina/core/AprLifecycleListener.java | 12 +--- webapps/docs/changelog.xml | 4 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index 51c8308..b8ddb71 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -213,8 +213,8 @@ public class AprLifecycleListener return; } if (apver < rqver) { -log.error(sm.getString("aprListener.tcnInvalid", major + "." -+ minor + "." + patch, +log.error(sm.getString("aprListener.tcnInvalid", +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_REQUIRED_MINOR + "." + TCN_REQUIRED_PATCH)); @@ -230,17 +230,15 @@ public class AprLifecycleListener } if (apver < rcver) { initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", -major + "." + minor + "." + patch, +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_RECOMMENDED_MINOR + "." + TCN_RECOMMENDED_PV)); } initInfoLogMessages.add(sm.getString("aprListener.tcnValid", -major + "." + minor + "." + patch, -Library.APR_MAJOR_VERSION + "." + -Library.APR_MINOR_VERSION + "." + -Library.APR_PATCH_VERSION)); +Library.versionString(), +Library.aprVersionString())); // Log APR flags initInfoLogMessages.add(sm.getString("aprListener.flags", diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 043903f..bfa9611 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -144,6 +144,10 @@ it does not contain a charset. Also remove the outdated workaround for the buggy Adobe Reader 9 plug-in for IE. (markt) + +AprLifecycleListener does not show dev version suffix for libtcnative +and libapr. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: AprLifecycleListener does not show dev version suffix for libtcnative and libapr
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 018083f AprLifecycleListener does not show dev version suffix for libtcnative and libapr 018083f is described below commit 018083f93b0a6ad4fd8290959bebbb40cf1edd75 Author: Michael Osipov AuthorDate: Tue May 25 20:14:19 2021 +0200 AprLifecycleListener does not show dev version suffix for libtcnative and libapr --- java/org/apache/catalina/core/AprLifecycleListener.java | 12 +--- webapps/docs/changelog.xml | 4 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index 0bde68c..1bd2e24 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -218,8 +218,8 @@ public class AprLifecycleListener return; } if (apver < rqver) { -log.error(sm.getString("aprListener.tcnInvalid", major + "." -+ minor + "." + patch, +log.error(sm.getString("aprListener.tcnInvalid", +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_REQUIRED_MINOR + "." + TCN_REQUIRED_PATCH)); @@ -235,17 +235,15 @@ public class AprLifecycleListener } if (apver < rcver) { initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", -major + "." + minor + "." + patch, +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_RECOMMENDED_MINOR + "." + TCN_RECOMMENDED_PV)); } initInfoLogMessages.add(sm.getString("aprListener.tcnValid", -major + "." + minor + "." + patch, -Library.APR_MAJOR_VERSION + "." + -Library.APR_MINOR_VERSION + "." + -Library.APR_PATCH_VERSION)); +Library.versionString(), +Library.aprVersionString())); // Log APR flags initInfoLogMessages.add(sm.getString("aprListener.flags", diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 4e0e299..72311eb 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -144,6 +144,10 @@ it does not contain a charset. Also remove the outdated workaround for the buggy Adobe Reader 9 plug-in for IE. (markt) + +AprLifecycleListener does not show dev version suffix for libtcnative +and libapr. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: AprLifecycleListener does not show dev version suffix for libtcnative and libapr
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new d283a04 AprLifecycleListener does not show dev version suffix for libtcnative and libapr d283a04 is described below commit d283a04f7e63035012183e76ebfa9e7a31eab040 Author: Michael Osipov AuthorDate: Tue May 25 20:14:19 2021 +0200 AprLifecycleListener does not show dev version suffix for libtcnative and libapr --- java/org/apache/catalina/core/AprLifecycleListener.java | 12 +--- webapps/docs/changelog.xml | 4 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index acf4301..4cc0955 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -220,8 +220,8 @@ public class AprLifecycleListener return; } if (apver < rqver) { -log.error(sm.getString("aprListener.tcnInvalid", major + "." -+ minor + "." + patch, +log.error(sm.getString("aprListener.tcnInvalid", +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_REQUIRED_MINOR + "." + TCN_REQUIRED_PATCH)); @@ -237,17 +237,15 @@ public class AprLifecycleListener } if (apver < rcver) { initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", -major + "." + minor + "." + patch, +Library.versionString(), TCN_REQUIRED_MAJOR + "." + TCN_RECOMMENDED_MINOR + "." + TCN_RECOMMENDED_PV)); } initInfoLogMessages.add(sm.getString("aprListener.tcnValid", -major + "." + minor + "." + patch, -Library.APR_MAJOR_VERSION + "." + -Library.APR_MINOR_VERSION + "." + -Library.APR_PATCH_VERSION)); +Library.versionString(), +Library.aprVersionString())); // Log APR flags initInfoLogMessages.add(sm.getString("aprListener.flags", diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 1994d8c..bbfc78a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -125,6 +125,10 @@ 63508: NPE in JNDIRealm when no userRoleAttribute is given. (fschumacher) + +AprLifecycleListener does not show dev version suffix for libtcnative +and libapr. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Simplify AprEndpoint socket bind for all platforms
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new cfcefa0 Simplify AprEndpoint socket bind for all platforms cfcefa0 is described below commit cfcefa0cc132b2442f01adf0ae81ca661cb84ea2 Author: Michael Osipov AuthorDate: Sat May 22 13:36:57 2021 +0200 Simplify AprEndpoint socket bind for all platforms * Unconditionally use APR_UNSPEC on all platforms and especially on *BSD which runs fine on IPv4 and IPv6 hosts. * Apply IPV6_V6ONLY only if libapr has been compiled with IPv6 support and the socket address is of family APR_INET6. This mimics the behavior of HTTPd's listen.c for apr_sockaddr_info_get() along with open_listeners() and make_sock() with IPV6_V6ONLY flag. --- java/org/apache/tomcat/util/net/AprEndpoint.java | 16 test/org/apache/tomcat/util/net/TestXxxEndpoint.java | 8 +--- webapps/docs/changelog.xml | 3 +++ 3 files changed, 8 insertions(+), 19 deletions(-) diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index b388d04..d11d69a 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -351,16 +351,7 @@ public class AprEndpoint extends AbstractEndpoint implements SNICallB if (getAddress() != null) { hostname = getAddress().getHostAddress(); } -family = Socket.APR_INET; -if (Library.APR_HAVE_IPV6) { -if (hostname == null) { -if (!OS.IS_BSD) { -family = Socket.APR_UNSPEC; -} -} else if (hostname.indexOf(':') >= 0) { -family = Socket.APR_UNSPEC; -} -} +family = Socket.APR_UNSPEC; } long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool); @@ -370,13 +361,14 @@ public class AprEndpoint extends AbstractEndpoint implements SNICallB serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool); } else { -serverSock = Socket.create(Address.getInfo(sockAddress).family, +int saFamily = Address.getInfo(sockAddress).family; +serverSock = Socket.create(saFamily, Socket.SOCK_STREAM, Socket.APR_PROTO_TCP, rootPool); if (OS.IS_UNIX) { Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1); } -if (Library.APR_HAVE_IPV6) { +if (Library.APR_HAVE_IPV6 && saFamily == Socket.APR_INET6) { if (getIpv6v6only()) { Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1); } else { diff --git a/test/org/apache/tomcat/util/net/TestXxxEndpoint.java b/test/org/apache/tomcat/util/net/TestXxxEndpoint.java index d77132f..1bdd1b1 100644 --- a/test/org/apache/tomcat/util/net/TestXxxEndpoint.java +++ b/test/org/apache/tomcat/util/net/TestXxxEndpoint.java @@ -68,13 +68,7 @@ public class TestXxxEndpoint extends TomcatBaseTest { String address = InetAddress.getByName("localhost").getHostAddress(); // Create the APR address that will be bound -int family = org.apache.tomcat.jni.Socket.APR_INET; -if (Library.APR_HAVE_IPV6) { -if (!org.apache.tomcat.jni.OS.IS_BSD && !org.apache.tomcat.jni.OS.IS_WIN32 && -!org.apache.tomcat.jni.OS.IS_WIN64) { -family = org.apache.tomcat.jni.Socket.APR_UNSPEC; -} - } +int family = org.apache.tomcat.jni.Socket.APR_UNSPEC; long inetAddress = 0; try { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 6e20426..c190b2c 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -169,6 +169,9 @@ an error occurs on an HTTP/1.1 connection being upgraded to HTTP/2 or on a pushed HTTP/2 stream. (markt) + +Simplify AprEndpoint socket bind for all platforms. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Simplify AprEndpoint socket bind for all platforms
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new f1db089 Simplify AprEndpoint socket bind for all platforms f1db089 is described below commit f1db08931a27f808f4cbe235ee92cc22545e5757 Author: Michael Osipov AuthorDate: Sat May 22 13:36:57 2021 +0200 Simplify AprEndpoint socket bind for all platforms * Unconditionally use APR_UNSPEC on all platforms and especially on *BSD which runs fine on IPv4 and IPv6 hosts. * Apply IPV6_V6ONLY only if libapr has been compiled with IPv6 support and the socket address is of family APR_INET6. This mimics the behavior of HTTPd's listen.c for apr_sockaddr_info_get() along with open_listeners() and make_sock() with IPV6_V6ONLY flag. --- java/org/apache/tomcat/util/net/AprEndpoint.java | 16 test/org/apache/tomcat/util/net/TestXxxEndpoint.java | 8 +--- webapps/docs/changelog.xml | 3 +++ 3 files changed, 8 insertions(+), 19 deletions(-) diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index b388d04..d11d69a 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -351,16 +351,7 @@ public class AprEndpoint extends AbstractEndpoint implements SNICallB if (getAddress() != null) { hostname = getAddress().getHostAddress(); } -family = Socket.APR_INET; -if (Library.APR_HAVE_IPV6) { -if (hostname == null) { -if (!OS.IS_BSD) { -family = Socket.APR_UNSPEC; -} -} else if (hostname.indexOf(':') >= 0) { -family = Socket.APR_UNSPEC; -} -} +family = Socket.APR_UNSPEC; } long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool); @@ -370,13 +361,14 @@ public class AprEndpoint extends AbstractEndpoint implements SNICallB serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool); } else { -serverSock = Socket.create(Address.getInfo(sockAddress).family, +int saFamily = Address.getInfo(sockAddress).family; +serverSock = Socket.create(saFamily, Socket.SOCK_STREAM, Socket.APR_PROTO_TCP, rootPool); if (OS.IS_UNIX) { Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1); } -if (Library.APR_HAVE_IPV6) { +if (Library.APR_HAVE_IPV6 && saFamily == Socket.APR_INET6) { if (getIpv6v6only()) { Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1); } else { diff --git a/test/org/apache/tomcat/util/net/TestXxxEndpoint.java b/test/org/apache/tomcat/util/net/TestXxxEndpoint.java index d77132f..1bdd1b1 100644 --- a/test/org/apache/tomcat/util/net/TestXxxEndpoint.java +++ b/test/org/apache/tomcat/util/net/TestXxxEndpoint.java @@ -68,13 +68,7 @@ public class TestXxxEndpoint extends TomcatBaseTest { String address = InetAddress.getByName("localhost").getHostAddress(); // Create the APR address that will be bound -int family = org.apache.tomcat.jni.Socket.APR_INET; -if (Library.APR_HAVE_IPV6) { -if (!org.apache.tomcat.jni.OS.IS_BSD && !org.apache.tomcat.jni.OS.IS_WIN32 && -!org.apache.tomcat.jni.OS.IS_WIN64) { -family = org.apache.tomcat.jni.Socket.APR_UNSPEC; -} - } +int family = org.apache.tomcat.jni.Socket.APR_UNSPEC; long inetAddress = 0; try { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index c2c3b5a..ba7c4b2 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -148,6 +148,9 @@ an error occurs on an HTTP/1.1 connection being upgraded to HTTP/2 or on a pushed HTTP/2 stream. (markt) + +Simplify AprEndpoint socket bind for all platforms. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Simplify AprEndpoint socket bind for all platforms
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 2ab367a Simplify AprEndpoint socket bind for all platforms 2ab367a is described below commit 2ab367ad34c4381f1daac8e997883a5dbe472e99 Author: Michael Osipov AuthorDate: Sat May 22 13:36:57 2021 +0200 Simplify AprEndpoint socket bind for all platforms * Unconditionally use APR_UNSPEC on all platforms and especially on *BSD which runs fine on IPv4 and IPv6 hosts. * Apply IPV6_V6ONLY only if libapr has been compiled with IPv6 support and the socket address is of family APR_INET6. This mimics the behavior of HTTPd's listen.c for apr_sockaddr_info_get() along with open_listeners() and make_sock() with IPV6_V6ONLY flag. --- java/org/apache/tomcat/util/net/AprEndpoint.java | 16 test/org/apache/tomcat/util/net/TestXxxEndpoint.java | 6 +- webapps/docs/changelog.xml | 3 +++ 3 files changed, 8 insertions(+), 17 deletions(-) diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index 99f8b7c..9de8c0c 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -336,16 +336,7 @@ public class AprEndpoint extends AbstractEndpoint implements SNICallB if (getAddress() != null) { hostname = getAddress().getHostAddress(); } -family = Socket.APR_INET; -if (Library.APR_HAVE_IPV6) { -if (hostname == null) { -if (!OS.IS_BSD) { -family = Socket.APR_UNSPEC; -} -} else if (hostname.indexOf(':') >= 0) { -family = Socket.APR_UNSPEC; -} -} +family = Socket.APR_UNSPEC; } long sockAddress = Address.info(hostname, family, getPortWithOffset(), 0, rootPool); @@ -355,13 +346,14 @@ public class AprEndpoint extends AbstractEndpoint implements SNICallB serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, rootPool); } else { -serverSock = Socket.create(Address.getInfo(sockAddress).family, +int saFamily = Address.getInfo(sockAddress).family; +serverSock = Socket.create(saFamily, Socket.SOCK_STREAM, Socket.APR_PROTO_TCP, rootPool); if (OS.IS_UNIX) { Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1); } -if (Library.APR_HAVE_IPV6) { +if (Library.APR_HAVE_IPV6 && saFamily == Socket.APR_INET6) { if (getIpv6v6only()) { Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1); } else { diff --git a/test/org/apache/tomcat/util/net/TestXxxEndpoint.java b/test/org/apache/tomcat/util/net/TestXxxEndpoint.java index f54723b..6ee9a09 100644 --- a/test/org/apache/tomcat/util/net/TestXxxEndpoint.java +++ b/test/org/apache/tomcat/util/net/TestXxxEndpoint.java @@ -65,11 +65,7 @@ public class TestXxxEndpoint extends TomcatBaseTest { String address = InetAddress.getByName("localhost").getHostAddress(); // Create the APR address that will be bound -int family = Socket.APR_INET; -if (Library.APR_HAVE_IPV6) { -if (!OS.IS_BSD && !OS.IS_WIN32 && !OS.IS_WIN64) -family = Socket.APR_UNSPEC; - } +int family = Socket.APR_UNSPEC; long inetAddress = 0; try { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index c86d65a..1855d4a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -167,6 +167,9 @@ NioBlockingSelector that could cause a delay to select operations. (markt) + +Simplify AprEndpoint socket bind for all platforms. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Simplify AprEndpoint socket bind for all platforms
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new cf8b603 Simplify AprEndpoint socket bind for all platforms cf8b603 is described below commit cf8b6035ef7a3349a6fbf971dbbf73263a030036 Author: Michael Osipov AuthorDate: Sat May 22 13:36:57 2021 +0200 Simplify AprEndpoint socket bind for all platforms * Unconditionally use APR_UNSPEC on all platforms and especially on *BSD which runs fine on IPv4 and IPv6 hosts. * Apply IPV6_V6ONLY only if libapr has been compiled with IPv6 support and the socket address is of family APR_INET6. This mimics the behavior of HTTPd's listen.c for apr_sockaddr_info_get() along with open_listeners() and make_sock() with IPV6_V6ONLY flag. --- java/org/apache/tomcat/util/net/AprEndpoint.java | 16 test/org/apache/tomcat/util/net/TestXxxEndpoint.java | 6 +- webapps/docs/changelog.xml | 3 +++ 3 files changed, 8 insertions(+), 17 deletions(-) diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index b03c797..3e3b2c9 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -304,27 +304,19 @@ public class AprEndpoint extends AbstractEndpoint implements SNICallBack { if (getAddress() != null) { addressStr = getAddress().getHostAddress(); } -int family = Socket.APR_INET; -if (Library.APR_HAVE_IPV6) { -if (addressStr == null) { -if (!OS.IS_BSD) { -family = Socket.APR_UNSPEC; -} -} else if (addressStr.indexOf(':') >= 0) { -family = Socket.APR_UNSPEC; -} - } +int family = Socket.APR_UNSPEC; long inetAddress = Address.info(addressStr, family, getPort(), 0, rootPool); // Create the APR server socket -serverSock = Socket.create(Address.getInfo(inetAddress).family, +int saFamily = Address.getInfo(inetAddress).family; +serverSock = Socket.create(saFamily, Socket.SOCK_STREAM, Socket.APR_PROTO_TCP, rootPool); if (OS.IS_UNIX) { Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1); } -if (Library.APR_HAVE_IPV6) { +if (Library.APR_HAVE_IPV6 && saFamily == Socket.APR_INET6) { if (getIpv6v6only()) { Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1); } else { diff --git a/test/org/apache/tomcat/util/net/TestXxxEndpoint.java b/test/org/apache/tomcat/util/net/TestXxxEndpoint.java index ab08bf7..c27f588 100644 --- a/test/org/apache/tomcat/util/net/TestXxxEndpoint.java +++ b/test/org/apache/tomcat/util/net/TestXxxEndpoint.java @@ -60,11 +60,7 @@ public class TestXxxEndpoint extends TomcatBaseTest { String address = InetAddress.getByName("localhost").getHostAddress(); // Create the APR address that will be bound -int family = Socket.APR_INET; -if (Library.APR_HAVE_IPV6) { -if (!OS.IS_BSD && !OS.IS_WIN32 && !OS.IS_WIN64) -family = Socket.APR_UNSPEC; - } +int family = Socket.APR_UNSPEC; long inetAddress = 0; try { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 9958e20..2a6e035 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -162,6 +162,9 @@ NioBlockingSelector that could cause a delay to select operations. (markt) + +Simplify AprEndpoint socket bind for all platforms. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Simplify AprEndpoint socket bind for all platforms
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new f505e38 Simplify AprEndpoint socket bind for all platforms f505e38 is described below commit f505e38f91cdf3a59affa011f316f6cca9655086 Author: Michael Osipov AuthorDate: Sat May 22 13:36:57 2021 +0200 Simplify AprEndpoint socket bind for all platforms * Unconditionally use APR_UNSPEC on all platforms and especially on *BSD which runs fine on IPv4 and IPv6 hosts. socket address is of family APR_INET6. This mimics the behavior of HTTPd's listen.c for apr_sockaddr_info_get() along with open_listeners() and make_sock(). --- java/org/apache/tomcat/util/net/AprEndpoint.java | 14 +++--- test/org/apache/tomcat/util/net/TestXxxEndpoint.java | 6 +- webapps/docs/changelog.xml | 3 +++ 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index 6226aee..3d15a6a 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -472,21 +472,13 @@ public class AprEndpoint extends AbstractEndpoint { if (getAddress() != null) { addressStr = getAddress().getHostAddress(); } -int family = Socket.APR_INET; -if (Library.APR_HAVE_IPV6) { -if (addressStr == null) { -if (!OS.IS_BSD && !OS.IS_WIN32 && !OS.IS_WIN64) { -family = Socket.APR_UNSPEC; -} -} else if (addressStr.indexOf(':') >= 0) { -family = Socket.APR_UNSPEC; -} - } +int family = Socket.APR_UNSPEC; long inetAddress = Address.info(addressStr, family, getPort(), 0, rootPool); // Create the APR server socket -serverSock = Socket.create(Address.getInfo(inetAddress).family, +int saFamily = Address.getInfo(inetAddress).family; +serverSock = Socket.create(saFamily, Socket.SOCK_STREAM, Socket.APR_PROTO_TCP, rootPool); if (OS.IS_UNIX) { diff --git a/test/org/apache/tomcat/util/net/TestXxxEndpoint.java b/test/org/apache/tomcat/util/net/TestXxxEndpoint.java index 128a3e2..79ed04d 100644 --- a/test/org/apache/tomcat/util/net/TestXxxEndpoint.java +++ b/test/org/apache/tomcat/util/net/TestXxxEndpoint.java @@ -64,11 +64,7 @@ public class TestXxxEndpoint extends TomcatBaseTest { String address = InetAddress.getByName("localhost").getHostAddress(); // Create the APR address that will be bound -int family = Socket.APR_INET; -if (Library.APR_HAVE_IPV6) { -if (!OS.IS_BSD && !OS.IS_WIN32 && !OS.IS_WIN64) -family = Socket.APR_UNSPEC; - } +int family = Socket.APR_UNSPEC; long inetAddress = 0; try { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index bbfc78a..c0ae266 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -137,6 +137,9 @@ Fix failing to run any tests on Windows with Java 8u292 onwards. (markt/kkolinko) + + Simplify AprEndpoint socket bind for all platforms. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Simplify Address#getInfo() native implementation
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 420cd1c Simplify Address#getInfo() native implementation 420cd1c is described below commit 420cd1c159e4f27bb5d2a873dbd1fb7ea5d3473c Author: Michael Osipov AuthorDate: Fri May 21 23:31:14 2021 +0200 Simplify Address#getInfo() native implementation Don't apply tricks and rely on OS behavior to resolve addresses. It is the caller's responsibility to properly process socket addresses if more than one exists. This mimics the behavior of HTTPd's listen.c for apr_sockaddr_info_get(). --- native/src/address.c | 42 +-- xdocs/miscellaneous/changelog.xml | 5 + 2 files changed, 6 insertions(+), 41 deletions(-) diff --git a/native/src/address.c b/native/src/address.c index 87a8771..fb17431 100644 --- a/native/src/address.c +++ b/native/src/address.c @@ -23,59 +23,19 @@ TCN_IMPLEMENT_CALL(jlong, Address, info)(TCN_STDARGS, { apr_pool_t *p = J2P(pool, apr_pool_t *); TCN_ALLOC_CSTRING(hostname); -char *sp = NULL; -int scope_id = 0; apr_sockaddr_t *sa = NULL; -apr_sockaddr_t *sl = NULL; apr_int32_t f; UNREFERENCED(o); GET_S_FAMILY(f, family); -#if APR_HAVE_IPV6 -if (hostname) { -/* XXX: This only works for real scope_id's - */ -if ((sp = strchr(J2S(hostname), '%'))) { -*sp++ = '\0'; -scope_id = atoi(sp); -} -} -#endif TCN_THROW_IF_ERR(apr_sockaddr_info_get(&sa, J2S(hostname), f, (apr_port_t)port, (apr_int32_t)flags, p), sa); -sl = sa; -/* - * apr_sockaddr_info_get may return several address so this is not - * go to work in some cases (but as least it works for Linux) - * XXX: with AP_ENABLE_V4_MAPPED it is going to work otherwise it won't. - */ -#if APR_HAVE_IPV6 -if (hostname == NULL) { -/* Try all address using IPV6 one */ -while (sl) { -if (sl->family == APR_INET6) -break; /* Done */ -sl = sl->next; -} -/* If we don't find an IPv6 address, use the original one */ -if (sl == NULL) { -sl = sa; -} -} -if (sp) { -/* Set the provided scope id - * APR lack the api for setting this directly so lets presume - * the sin6_scope_id is present everywhere - */ -sl->sa.sin6.sin6_scope_id = scope_id; -} -#endif cleanup: TCN_FREE_CSTRING(hostname); -return P2J(sl); +return P2J(sa); } TCN_IMPLEMENT_CALL(jstring, Address, getnameinfo)(TCN_STDARGS, diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 9f35b6e..c735980 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -35,6 +35,11 @@ + + + Simplify Address.getInfo() native implementation. (michaelo) + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Revert "Simplify Address#getInfo() native implementation"
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 73c347b Revert "Simplify Address#getInfo() native implementation" 73c347b is described below commit 73c347b8d2565a87e5a5d98bfa1f89eef71c6211 Author: Michael Osipov AuthorDate: Wed May 26 11:31:18 2021 +0200 Revert "Simplify Address#getInfo() native implementation" This reverts commit 420cd1c159e4f27bb5d2a873dbd1fb7ea5d3473c. --- native/src/address.c | 42 ++- xdocs/miscellaneous/changelog.xml | 5 - 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/native/src/address.c b/native/src/address.c index fb17431..87a8771 100644 --- a/native/src/address.c +++ b/native/src/address.c @@ -23,19 +23,59 @@ TCN_IMPLEMENT_CALL(jlong, Address, info)(TCN_STDARGS, { apr_pool_t *p = J2P(pool, apr_pool_t *); TCN_ALLOC_CSTRING(hostname); +char *sp = NULL; +int scope_id = 0; apr_sockaddr_t *sa = NULL; +apr_sockaddr_t *sl = NULL; apr_int32_t f; UNREFERENCED(o); GET_S_FAMILY(f, family); +#if APR_HAVE_IPV6 +if (hostname) { +/* XXX: This only works for real scope_id's + */ +if ((sp = strchr(J2S(hostname), '%'))) { +*sp++ = '\0'; +scope_id = atoi(sp); +} +} +#endif TCN_THROW_IF_ERR(apr_sockaddr_info_get(&sa, J2S(hostname), f, (apr_port_t)port, (apr_int32_t)flags, p), sa); +sl = sa; +/* + * apr_sockaddr_info_get may return several address so this is not + * go to work in some cases (but as least it works for Linux) + * XXX: with AP_ENABLE_V4_MAPPED it is going to work otherwise it won't. + */ +#if APR_HAVE_IPV6 +if (hostname == NULL) { +/* Try all address using IPV6 one */ +while (sl) { +if (sl->family == APR_INET6) +break; /* Done */ +sl = sl->next; +} +/* If we don't find an IPv6 address, use the original one */ +if (sl == NULL) { +sl = sa; +} +} +if (sp) { +/* Set the provided scope id + * APR lack the api for setting this directly so lets presume + * the sin6_scope_id is present everywhere + */ +sl->sa.sin6.sin6_scope_id = scope_id; +} +#endif cleanup: TCN_FREE_CSTRING(hostname); -return P2J(sa); +return P2J(sl); } TCN_IMPLEMENT_CALL(jstring, Address, getnameinfo)(TCN_STDARGS, diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index c735980..9f35b6e 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -35,11 +35,6 @@ - - - Simplify Address.getInfo() native implementation. (michaelo) - - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: BZ 67615: Windows binary for version 2 has incorrect version suffix compared to the GNU autoconf version
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new d280a8d1e BZ 67615: Windows binary for version 2 has incorrect version suffix compared to the GNU autoconf version d280a8d1e is described below commit d280a8d1e3e8f8e0ff23b53ead03c429f4e8ad35 Author: Michael Osipov AuthorDate: Wed Oct 11 17:08:34 2023 +0200 BZ 67615: Windows binary for version 2 has incorrect version suffix compared to the GNU autoconf version --- native/NMAKEmakefile | 4 ++-- native/libtcnative.dsp| 4 ++-- native/tcnative.dsp | 4 ++-- xdocs/miscellaneous/changelog.xml | 6 ++ 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/native/NMAKEmakefile b/native/NMAKEmakefile index 51653caf5..011cbb06a 100644 --- a/native/NMAKEmakefile +++ b/native/NMAKEmakefile @@ -29,9 +29,9 @@ # !IF !DEFINED(APR_DECLARE_STATIC) || "$(APR_DECLARE_STATIC)" == "" -PROJECT = libtcnative-1 +PROJECT = libtcnative-2 !ELSE -PROJECT = tcnative-1 +PROJECT = tcnative-2 !ENDIF TARGET = DLL diff --git a/native/libtcnative.dsp b/native/libtcnative.dsp index 1e88b7c57..02c512b42 100644 --- a/native/libtcnative.dsp +++ b/native/libtcnative.dsp @@ -53,7 +53,7 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib psapi.lib ole32.lib shlwapi.lib /nologo /base:"0x6EE0" /subsystem:windows /dll /debug /machine:I386 /opt:ref -# ADD LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib psapi.lib ole32.lib shlwapi.lib rpcrt4.lib libeay32.lib ssleay32.lib /nologo /base:"0x6EE0" /subsystem:windows /dll /debug /machine:I386 /out:"Release/libtcnative-1.dll" /libpath:"./srclib/openssl/out32" /libpath:"./srclib/openssl/out32dll" /opt:ref +# ADD LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib psapi.lib ole32.lib shlwapi.lib rpcrt4.lib libeay32.lib ssleay32.lib /nologo /base:"0x6EE0" /subsystem:windows /dll /debug /machine:I386 /out:"Release/libtcnative-2.dll" /libpath:"./srclib/openssl/out32" /libpath:"./srclib/openssl/out32dll" /opt:ref !ELSEIF "$(CFG)" == "libtcnative - Win32 Debug" @@ -79,7 +79,7 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib psapi.lib ole32.lib shlwapi.lib /nologo /base:"0x6EE0" /subsystem:windows /dll /incremental:no /debug /machine:I386 -# ADD LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib psapi.lib ole32.lib shlwapi.lib rpcrt4.lib libeay32.lib ssleay32.lib /nologo /base:"0x6EE0" /subsystem:windows /dll /incremental:no /debug /machine:I386 /out:"Debug/libtcnative-1.dll" /libpath:"./srclib/openssl/out32" /libpath:"./srclib/openssl/out32dll" +# ADD LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib psapi.lib ole32.lib shlwapi.lib rpcrt4.lib libeay32.lib ssleay32.lib /nologo /base:"0x6EE0" /subsystem:windows /dll /incremental:no /debug /machine:I386 /out:"Debug/libtcnative-2.dll" /libpath:"./srclib/openssl/out32" /libpath:"./srclib/openssl/out32dll" !ENDIF diff --git a/native/tcnative.dsp b/native/tcnative.dsp index 56c9db8c7..dbaeae301 100644 --- a/native/tcnative.dsp +++ b/native/tcnative.dsp @@ -53,7 +53,7 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib psapi.lib ole32.lib shlwapi.lib /nologo /base:"0x6EE0" /subsystem:windows /dll /debug /machine:I386 /opt:ref -# ADD LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib psapi.lib ole32.lib shlwapi.lib rpcrt4.lib libeay32.lib ssleay32.lib /nologo /base:"0x6EE0" /subsystem:windows /dll /debug /machine:I386 /out:"LibR/tcnative-1.dll" /libpath:"./srclib/openssl/out32" /libpath:"./srclib/openssl/out32dll" /opt:ref +# ADD LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib psapi.lib ole32.lib shlwapi.lib rpcrt4.lib libeay32.lib ssleay32.lib /nologo /base:"0x6EE0" /subsystem:windows /dll /debug /machine:I386 /out:"LibR/tcnative-2.dll" /libpath:"./srclib/openssl/out32" /libpath:"./srclib/openssl/out32dll" /opt:ref !ELSEIF "$(CFG)" == "tcnative - Win32 Debug" @@ -79,7 +79,7 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib psapi.lib ole32.lib shlwapi.lib /nologo /base:"0x6EE
[tomcat-native] branch main updated: Align default pass phrase prompt with HTTPd on Windows as well
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 161333137 Align default pass phrase prompt with HTTPd on Windows as well 161333137 is described below commit 161333137499255cd01761517a1eacedd1ddfede Author: Michael Osipov AuthorDate: Wed Oct 11 17:19:49 2023 +0200 Align default pass phrase prompt with HTTPd on Windows as well --- native/os/win32/libtcnative.rc| 4 ++-- xdocs/miscellaneous/changelog.xml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/native/os/win32/libtcnative.rc b/native/os/win32/libtcnative.rc index aa195e393..a0b8b28cf 100644 --- a/native/os/win32/libtcnative.rc +++ b/native/os/win32/libtcnative.rc @@ -24,13 +24,13 @@ LANGUAGE 0x9,0x1 1001 DIALOGEX 0, 0, 252, 51 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_CAPTION -CAPTION "Password prompt" +CAPTION "Pass Phrase Prompt" FONT 8, "MS Shell Dlg", 0, 0, 0x0 BEGIN ICON1000,-1,8,6,21,20 LTEXT "Some of your private key files are encrypted for security reasons.\nIn order to read them you have to provide the pass phrases.", -1,29,5,220,19 -LTEXT "Enter password:",-1,7,28,75,8 +LTEXT "Enter pass phrase:",-1,7,28,75,8 EDITTEXT1002,67,27,174,12,ES_PASSWORD | ES_AUTOHSCROLL END diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 9772a91a9..d7e1fad4f 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -37,6 +37,9 @@ 67615: Windows binary for version 2 has incorrect version suffix compared to the GNU autoconf version. (michaelo) + + Align default pass phrase prompt with HTTPd on Windows as well. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Fix incorrect comment
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new fd3df8fc4 Fix incorrect comment fd3df8fc4 is described below commit fd3df8fc42fc5981bd4519363a5f8be80a1590a7 Author: Michael Osipov AuthorDate: Wed Oct 11 18:42:11 2023 +0200 Fix incorrect comment --- java/org/apache/tomcat/jni/SSL.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/tomcat/jni/SSL.java b/java/org/apache/tomcat/jni/SSL.java index 974e998c7..4fff8081b 100644 --- a/java/org/apache/tomcat/jni/SSL.java +++ b/java/org/apache/tomcat/jni/SSL.java @@ -241,7 +241,7 @@ public final class SSL { public static final int SSL_SELECTOR_FAILURE_NO_ADVERTISE = 0; public static final int SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL = 1; -/* Return OpenSSL version number (compile time version, if version < 1.1.0) */ +/* Return OpenSSL version number (run time version) */ public static native int version(); /* Return OpenSSL version string (run time version) */ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch 1.2.x updated: Fix incorrect comment
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new 7064b588d Fix incorrect comment 7064b588d is described below commit 7064b588d5962a4fccd30d895212a60ea95dfdd3 Author: Michael Osipov AuthorDate: Wed Oct 11 18:42:11 2023 +0200 Fix incorrect comment --- java/org/apache/tomcat/jni/SSL.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/tomcat/jni/SSL.java b/java/org/apache/tomcat/jni/SSL.java index 91a8bc66f..ac0ca9da5 100644 --- a/java/org/apache/tomcat/jni/SSL.java +++ b/java/org/apache/tomcat/jni/SSL.java @@ -254,7 +254,7 @@ public final class SSL { public static final int SSL_SELECTOR_FAILURE_NO_ADVERTISE = 0; public static final int SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL = 1; -/* Return OpenSSL version number (compile time version, if version < 1.1.0) */ +/* Return OpenSSL version number (run time version) */ public static native int version(); /* Return OpenSSL version string (run time version) */ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: BZ 67616: o.a.tomcat.jni.SSL contains useless check for old OpenSSL version
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 3549935bf BZ 67616: o.a.tomcat.jni.SSL contains useless check for old OpenSSL version 3549935bf is described below commit 3549935bfae8d3d9f870b79a346b8ae327a128db Author: Michael Osipov AuthorDate: Wed Oct 11 19:11:09 2023 +0200 BZ 67616: o.a.tomcat.jni.SSL contains useless check for old OpenSSL version --- java/org/apache/tomcat/jni/SSL.java | 7 +-- xdocs/miscellaneous/changelog.xml | 3 +++ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/java/org/apache/tomcat/jni/SSL.java b/java/org/apache/tomcat/jni/SSL.java index 4fff8081b..64da0ca9c 100644 --- a/java/org/apache/tomcat/jni/SSL.java +++ b/java/org/apache/tomcat/jni/SSL.java @@ -73,12 +73,7 @@ public final class SSL { public static final int SSL_PROTOCOL_ALL; static { -if (version() >= 0x1010100f) { -SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 | SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2 | -SSL_PROTOCOL_TLSV1_3); -} else { -SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 | SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2); -} +SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2|SSL_PROTOCOL_TLSV1_3); } diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index d7e1fad4f..638eb1fc4 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -40,6 +40,9 @@ Align default pass phrase prompt with HTTPd on Windows as well. (michaelo) + + 67616: o.a.tomcat.jni.SSL contains useless check for old OpenSSL version. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Increment version number for next development cycle
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new c3d9dbc444 Increment version number for next development cycle c3d9dbc444 is described below commit c3d9dbc4448dabe1a47c65c9d22b05eaf33861f7 Author: Michael Osipov AuthorDate: Thu Oct 12 11:54:22 2023 +0200 Increment version number for next development cycle --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 8ad061797f..b5af5f53c6 100644 --- a/build.properties.default +++ b/build.properties.default @@ -33,7 +33,7 @@ version.major=11 version.minor=0 version.build=0 version.patch=0 -version.suffix=-M13 +version.suffix=-M14 version.dev=-dev # - Build tools - diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 288f82806d..310e4ac9b7 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=11.0.0-M13 +maven.asf.release.deploy.version=11.0.0-M14 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 3771afc552..09b0227b59 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Increment version number for next development cycle
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new f1865eb249 Increment version number for next development cycle f1865eb249 is described below commit f1865eb2497f4855b3aa3e1340a6d42940508983 Author: Michael Osipov AuthorDate: Thu Oct 12 11:59:44 2023 +0200 Increment version number for next development cycle --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 40b7ec4687..3e26aa27f6 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=10 version.minor=1 -version.build=15 +version.build=16 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index ae8200046a..2e69dcce7b 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.1.15 +maven.asf.release.deploy.version=10.1.16 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 63b5577150..2582c4adc5 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Increment version number for next development cycle
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 8234f4dc31 Increment version number for next development cycle 8234f4dc31 is described below commit 8234f4dc31c0db7533caa976d42170c04e87b874 Author: Michael Osipov AuthorDate: Thu Oct 12 12:03:39 2023 +0200 Increment version number for next development cycle --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 8fd2616b02..4722989dcc 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=8 version.minor=5 -version.build=95 +version.build=96 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index a6e44a1f26..99afd53698 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=8.5.95 +maven.asf.release.deploy.version=8.5.96 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index af3449284b..e4388d9f74 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter()
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 69143e32da BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter() 69143e32da is described below commit 69143e32da1b51c9f2c08e280f9133175f5b8dc1 Author: Michael Osipov AuthorDate: Thu Oct 12 12:09:02 2023 +0200 BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter() --- .../apache/catalina/security/TLSCertificateReloadListener.java| 4 +++- webapps/docs/changelog.xml| 8 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/security/TLSCertificateReloadListener.java b/java/org/apache/catalina/security/TLSCertificateReloadListener.java index 0596732575..3db6e286c3 100644 --- a/java/org/apache/catalina/security/TLSCertificateReloadListener.java +++ b/java/org/apache/catalina/security/TLSCertificateReloadListener.java @@ -17,6 +17,7 @@ package org.apache.catalina.security; import java.security.cert.X509Certificate; +import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Set; @@ -45,6 +46,7 @@ public class TLSCertificateReloadListener implements LifecycleListener { private static final Log log = LogFactory.getLog(TLSCertificateReloadListener.class); private static final StringManager sm = StringManager.getManager(TLSCertificateReloadListener.class); +private final SimpleDateFormat dateFormat = new SimpleDateFormat("-MM-dd'T'HH:mm:ssXXX"); // Configuration private int checkPeriod = 24 * 60 * 60; @@ -160,7 +162,7 @@ public class TLSCertificateReloadListener implements LifecycleListener { log.warn(sm.getString("tlsCertRenewalListener.notRenewed", connector, sslHostConfig.getHostName(), expiringCertificate.getSubjectX500Principal().getName(), - expiringCertificate.getNotAfter())); + dateFormat.format(expiringCertificate.getNotAfter(; } } } catch (IllegalArgumentException iae) { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 09b0227b59..faf938bb4a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -105,6 +105,14 @@ issues do not "pop up" wrt. others). --> + + + +67667: TLSCertificateReloadListener prints unreadable +rendering of X509Certificate#getNotAfter(). (michaelo) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter()
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 3ade127959 BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter() 3ade127959 is described below commit 3ade1279599f08cfcaf6802a060a6d241988 Author: Michael Osipov AuthorDate: Thu Oct 12 12:09:02 2023 +0200 BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter() --- .../apache/catalina/security/TLSCertificateReloadListener.java| 4 +++- webapps/docs/changelog.xml| 8 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/security/TLSCertificateReloadListener.java b/java/org/apache/catalina/security/TLSCertificateReloadListener.java index 0596732575..3db6e286c3 100644 --- a/java/org/apache/catalina/security/TLSCertificateReloadListener.java +++ b/java/org/apache/catalina/security/TLSCertificateReloadListener.java @@ -17,6 +17,7 @@ package org.apache.catalina.security; import java.security.cert.X509Certificate; +import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Set; @@ -45,6 +46,7 @@ public class TLSCertificateReloadListener implements LifecycleListener { private static final Log log = LogFactory.getLog(TLSCertificateReloadListener.class); private static final StringManager sm = StringManager.getManager(TLSCertificateReloadListener.class); +private final SimpleDateFormat dateFormat = new SimpleDateFormat("-MM-dd'T'HH:mm:ssXXX"); // Configuration private int checkPeriod = 24 * 60 * 60; @@ -160,7 +162,7 @@ public class TLSCertificateReloadListener implements LifecycleListener { log.warn(sm.getString("tlsCertRenewalListener.notRenewed", connector, sslHostConfig.getHostName(), expiringCertificate.getSubjectX500Principal().getName(), - expiringCertificate.getNotAfter())); + dateFormat.format(expiringCertificate.getNotAfter(; } } } catch (IllegalArgumentException iae) { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 2582c4adc5..ad09a9ea3d 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -105,6 +105,14 @@ issues do not "pop up" wrt. others). --> + + + +67667: TLSCertificateReloadListener prints unreadable +rendering of X509Certificate#getNotAfter(). (michaelo) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter()
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new ec3c350dd6 BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter() ec3c350dd6 is described below commit ec3c350dd6993081408e5c8c82a0aea524bc59d5 Author: Michael Osipov AuthorDate: Thu Oct 12 12:09:02 2023 +0200 BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter() --- .../apache/catalina/security/TLSCertificateReloadListener.java| 4 +++- webapps/docs/changelog.xml| 8 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/security/TLSCertificateReloadListener.java b/java/org/apache/catalina/security/TLSCertificateReloadListener.java index 0596732575..3db6e286c3 100644 --- a/java/org/apache/catalina/security/TLSCertificateReloadListener.java +++ b/java/org/apache/catalina/security/TLSCertificateReloadListener.java @@ -17,6 +17,7 @@ package org.apache.catalina.security; import java.security.cert.X509Certificate; +import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Set; @@ -45,6 +46,7 @@ public class TLSCertificateReloadListener implements LifecycleListener { private static final Log log = LogFactory.getLog(TLSCertificateReloadListener.class); private static final StringManager sm = StringManager.getManager(TLSCertificateReloadListener.class); +private final SimpleDateFormat dateFormat = new SimpleDateFormat("-MM-dd'T'HH:mm:ssXXX"); // Configuration private int checkPeriod = 24 * 60 * 60; @@ -160,7 +162,7 @@ public class TLSCertificateReloadListener implements LifecycleListener { log.warn(sm.getString("tlsCertRenewalListener.notRenewed", connector, sslHostConfig.getHostName(), expiringCertificate.getSubjectX500Principal().getName(), - expiringCertificate.getNotAfter())); + dateFormat.format(expiringCertificate.getNotAfter(; } } } catch (IllegalArgumentException iae) { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 13a5ac0be2..cae843b18c 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -105,6 +105,14 @@ issues do not "pop up" wrt. others). --> + + + +67667: TLSCertificateReloadListener prints unreadable +rendering of X509Certificate#getNotAfter(). (michaelo) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter()
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new b03e642842 BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter() b03e642842 is described below commit b03e6428420f874463fda9a44cd0031d0579a52e Author: Michael Osipov AuthorDate: Thu Oct 12 12:09:02 2023 +0200 BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter() --- .../apache/catalina/security/TLSCertificateReloadListener.java| 4 +++- webapps/docs/changelog.xml| 8 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/security/TLSCertificateReloadListener.java b/java/org/apache/catalina/security/TLSCertificateReloadListener.java index 0596732575..3db6e286c3 100644 --- a/java/org/apache/catalina/security/TLSCertificateReloadListener.java +++ b/java/org/apache/catalina/security/TLSCertificateReloadListener.java @@ -17,6 +17,7 @@ package org.apache.catalina.security; import java.security.cert.X509Certificate; +import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Set; @@ -45,6 +46,7 @@ public class TLSCertificateReloadListener implements LifecycleListener { private static final Log log = LogFactory.getLog(TLSCertificateReloadListener.class); private static final StringManager sm = StringManager.getManager(TLSCertificateReloadListener.class); +private final SimpleDateFormat dateFormat = new SimpleDateFormat("-MM-dd'T'HH:mm:ssXXX"); // Configuration private int checkPeriod = 24 * 60 * 60; @@ -160,7 +162,7 @@ public class TLSCertificateReloadListener implements LifecycleListener { log.warn(sm.getString("tlsCertRenewalListener.notRenewed", connector, sslHostConfig.getHostName(), expiringCertificate.getSubjectX500Principal().getName(), - expiringCertificate.getNotAfter())); + dateFormat.format(expiringCertificate.getNotAfter(; } } } catch (IllegalArgumentException iae) { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index e4388d9f74..f64befd633 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -105,6 +105,14 @@ issues do not "pop up" wrt. others). --> + + + +67667: TLSCertificateReloadListener prints unreadable +rendering of X509Certificate#getNotAfter(). (michaelo) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Drop useless 'compile.optimize' option
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 97a76c3a4 Drop useless 'compile.optimize' option 97a76c3a4 is described below commit 97a76c3a441e1bb9f38b2e9664655b016d39d842 Author: Michael Osipov AuthorDate: Thu Oct 12 12:37:35 2023 +0200 Drop useless 'compile.optimize' option --- build.properties.default | 5 ++--- build.xml | 1 - xdocs/miscellaneous/changelog.xml | 3 +++ 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/build.properties.default b/build.properties.default index abef2f347..edc5342db 100644 --- a/build.properties.default +++ b/build.properties.default @@ -5,9 +5,9 @@ # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -34,7 +34,6 @@ compile.source=11 compile.target=11 compile.debug=off compile.deprecation=on -compile.optimize=on base-maven.loc=https://repo.maven.apache.org/maven2 diff --git a/build.xml b/build.xml index c511fc473..df6ed702a 100644 --- a/build.xml +++ b/build.xml @@ -203,7 +203,6 @@ limitations under the License.-->"> target="${compile.target}" debug="${compile.debug}" deprecation="${compile.deprecation}" -optimize="${compile.optimize}" encoding="ISO-8859-1" includeantruntime="false"> diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 638eb1fc4..88e9ed553 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -43,6 +43,9 @@ 67616: o.a.tomcat.jni.SSL contains useless check for old OpenSSL version. (michaelo) + + Drop useless compile.optimize option. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch 1.2.x updated: Drop useless 'compile.optimize' option
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new 5d19eda23 Drop useless 'compile.optimize' option 5d19eda23 is described below commit 5d19eda231c9868c927e25659632847194b80d9b Author: Michael Osipov AuthorDate: Thu Oct 12 12:37:35 2023 +0200 Drop useless 'compile.optimize' option --- build.properties.default | 5 ++--- build.xml | 1 - xdocs/miscellaneous/changelog.xml | 5 - 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/build.properties.default b/build.properties.default index 0e6f0e9a8..5ddd86f88 100644 --- a/build.properties.default +++ b/build.properties.default @@ -5,9 +5,9 @@ # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -34,7 +34,6 @@ compile.source=1.8 compile.target=1.8 compile.debug=off compile.deprecation=on -compile.optimize=on base-maven.loc=https://repo.maven.apache.org/maven2 diff --git a/build.xml b/build.xml index 227cb86df..e7fa10232 100644 --- a/build.xml +++ b/build.xml @@ -210,7 +210,6 @@ limitations under the License.-->"> target="${compile.target}" debug="${compile.debug}" deprecation="${compile.deprecation}" -optimize="${compile.optimize}" encoding="ISO-8859-1" includeantruntime="false"> diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 59dfc0394..34e0a77ef 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -32,6 +32,9 @@ + + Drop useless compile.optimize option. (michaelo) + @@ -513,7 +516,7 @@ 59797: Ensure that the per thread error hash maintained by OpenSSL is cleaned up as individual threads exit to ensure it does not - grow too large. Patch provided by Nate Clark. (markt) + grow too large. Patch provided by Nate Clark. (markt) 59996: Correctly handle building tc-native on a 64-bit system - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Align Java source compile configuration with Tomcat
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 1f32d55d5 Align Java source compile configuration with Tomcat 1f32d55d5 is described below commit 1f32d55d598b99cc5cb8369944bd75f3ff9d1144 Author: Michael Osipov AuthorDate: Thu Oct 12 14:05:42 2023 +0200 Align Java source compile configuration with Tomcat --- build.properties.default | 8 build.xml | 18 -- xdocs/miscellaneous/changelog.xml | 3 +++ 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/build.properties.default b/build.properties.default index edc5342db..f97fc6e24 100644 --- a/build.properties.default +++ b/build.properties.default @@ -30,10 +30,10 @@ base.path=/usr/share/java #base.path=C:/path/to/the/repository #base.path=/usr/local -compile.source=11 -compile.target=11 -compile.debug=off -compile.deprecation=on +# - Build control flags - +compile.debug=true +# Do not pass -deprecation (-Xlint:deprecation) flag to javac +compile.deprecation=false base-maven.loc=https://repo.maven.apache.org/maven2 diff --git a/build.xml b/build.xml index df6ed702a..3be0ed0ca 100644 --- a/build.xml +++ b/build.xml @@ -54,6 +54,9 @@ + + + @@ -197,12 +200,10 @@ limitations under the License.-->"> - @@ -237,13 +238,10 @@ limitations under the License.-->"> - diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 88e9ed553..2dc11b1a9 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -46,6 +46,9 @@ Drop useless compile.optimize option. (michaelo) + + Align Java source compile configuration with Tomcat. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch 1.2.x updated: Align Java source compile configuration with Tomcat
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new 06fd25f1e Align Java source compile configuration with Tomcat 06fd25f1e is described below commit 06fd25f1e717d34d50e1938dc449540e79519277 Author: Michael Osipov AuthorDate: Thu Oct 12 14:05:42 2023 +0200 Align Java source compile configuration with Tomcat --- build.properties.default | 8 build.xml | 19 ++- xdocs/miscellaneous/changelog.xml | 3 +++ 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/build.properties.default b/build.properties.default index 5ddd86f88..37e678139 100644 --- a/build.properties.default +++ b/build.properties.default @@ -30,10 +30,10 @@ base.path=/usr/share/java #base.path=C:/path/to/the/repository #base.path=/usr/local -compile.source=1.8 -compile.target=1.8 -compile.debug=off -compile.deprecation=on +# - Build control flags - +compile.debug=true +# Do not pass -deprecation (-Xlint:deprecation) flag to javac +compile.deprecation=false base-maven.loc=https://repo.maven.apache.org/maven2 diff --git a/build.xml b/build.xml index e7fa10232..96358892d 100644 --- a/build.xml +++ b/build.xml @@ -55,6 +55,10 @@ + + + + @@ -204,12 +208,11 @@ limitations under the License.-->"> - @@ -244,13 +247,11 @@ limitations under the License.-->"> - diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 34e0a77ef..a80514dbf 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -35,6 +35,9 @@ Drop useless compile.optimize option. (michaelo) + + Align Java source compile configuration with Tomcat. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: BZ 67538: Make use of Ant's task to enfore the mininum Java build version
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new eb9913a7d7 BZ 67538: Make use of Ant's task to enfore the mininum Java build version eb9913a7d7 is described below commit eb9913a7d70522f60682728a8950e993085d1d33 Author: Michael Osipov AuthorDate: Thu Oct 12 15:14:46 2023 +0200 BZ 67538: Make use of Ant's task to enfore the mininum Java build version --- build.xml | 7 +++ webapps/docs/changelog.xml | 8 2 files changed, 15 insertions(+) diff --git a/build.xml b/build.xml index d1af5a62e2..071091425a 100644 --- a/build.xml +++ b/build.xml @@ -109,6 +109,13 @@ + + + + + + + diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index faf938bb4a..ea64cd14b3 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -113,6 +113,14 @@ + + + +67538: Make use of Ant's <javaversion /> task +to enfore the mininum Java build version. (michaelo) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: BZ 67538: Make use of Ant's task to enfore the mininum Java build version
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new cbfc9eb850 BZ 67538: Make use of Ant's task to enfore the mininum Java build version cbfc9eb850 is described below commit cbfc9eb85085cd32f2e7c23fadcf1303de46eb79 Author: Michael Osipov AuthorDate: Thu Oct 12 15:14:46 2023 +0200 BZ 67538: Make use of Ant's task to enfore the mininum Java build version --- build.xml | 7 +++ webapps/docs/changelog.xml | 8 2 files changed, 15 insertions(+) diff --git a/build.xml b/build.xml index be035680d5..ea6a2b9d52 100644 --- a/build.xml +++ b/build.xml @@ -109,6 +109,13 @@ + + + + + + + diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index ad09a9ea3d..f13e0e0639 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -113,6 +113,14 @@ + + + +67538: Make use of Ant's <javaversion /> task +to enfore the mininum Java build version. (michaelo) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: BZ 67538: Make use of Ant's task to enfore the mininum Java build version
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 1927cd1b5c BZ 67538: Make use of Ant's task to enfore the mininum Java build version 1927cd1b5c is described below commit 1927cd1b5cc8b6da4fa4bcb2d6731421a7e84b66 Author: Michael Osipov AuthorDate: Thu Oct 12 15:14:46 2023 +0200 BZ 67538: Make use of Ant's task to enfore the mininum Java build version Introduce property 'skip.build.java.version' to skip Java build check to perform tests with Java 8. --- build.xml | 10 ++ webapps/docs/changelog.xml | 8 2 files changed, 18 insertions(+) diff --git a/build.xml b/build.xml index 723be26ac5..83f3eca952 100644 --- a/build.xml +++ b/build.xml @@ -116,6 +116,16 @@ + + + + + + + + + + diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index f64befd633..3f6cd5e504 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -113,6 +113,14 @@ + + + +67538: Make use of Ant's <javaversion /> task +to enfore the mininum Java build version. (michaelo) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated (1f32d55d5 -> 82a502dab)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git from 1f32d55d5 Align Java source compile configuration with Tomcat new 4478b720d Add Ant version (1.10.2) requirement identical to Tomcat new 82a502dab BZ 67538: Make use of Ant's task to enfore the mininum Java build version The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: build.properties.default | 3 +++ build.xml | 14 ++ xdocs/miscellaneous/changelog.xml | 7 +++ 3 files changed, 24 insertions(+) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 02/02: BZ 67538: Make use of Ant's task to enfore the mininum Java build version
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 82a502dab27ac12d00079ae3310387b000f7e901 Author: Michael Osipov AuthorDate: Thu Oct 12 16:13:01 2023 +0200 BZ 67538: Make use of Ant's task to enfore the mininum Java build version --- build.xml | 7 +++ xdocs/miscellaneous/changelog.xml | 4 2 files changed, 11 insertions(+) diff --git a/build.xml b/build.xml index f8d6b767b..ce1f16c48 100644 --- a/build.xml +++ b/build.xml @@ -64,6 +64,13 @@ + + + + + + + diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index e37f73976..c5ea8ce09 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -33,6 +33,10 @@ + + 67538: Make use of Ant's <javaversion /> task + to enfore the mininum Java build version. (michaelo) + 67615: Windows binary for version 2 has incorrect version suffix compared to the GNU autoconf version. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 01/02: Add Ant version (1.10.2) requirement identical to Tomcat
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 4478b720db92369f08151b7976f30dabc969d2ce Author: Michael Osipov AuthorDate: Thu Oct 12 16:42:16 2023 +0200 Add Ant version (1.10.2) requirement identical to Tomcat --- build.properties.default | 3 +++ build.xml | 7 +++ xdocs/miscellaneous/changelog.xml | 3 +++ 3 files changed, 13 insertions(+) diff --git a/build.properties.default b/build.properties.default index f97fc6e24..dda9e6380 100644 --- a/build.properties.default +++ b/build.properties.default @@ -30,6 +30,9 @@ base.path=/usr/share/java #base.path=C:/path/to/the/repository #base.path=/usr/local +# - Build tools - +ant.version.required=1.10.2 + # - Build control flags - compile.debug=true # Do not pass -deprecation (-Xlint:deprecation) flag to javac diff --git a/build.xml b/build.xml index 3be0ed0ca..f8d6b767b 100644 --- a/build.xml +++ b/build.xml @@ -26,6 +26,13 @@ + + + + + + + diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 2dc11b1a9..e37f73976 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -49,6 +49,9 @@ Align Java source compile configuration with Tomcat. (michaelo) + + Add Ant version (1.10.2) requirement identical to Tomcat. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch 1.2.x updated: Fix version set in DLL header on Windows
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new d5dbac61e Fix version set in DLL header on Windows d5dbac61e is described below commit d5dbac61e4357ea5c5c2a434b85bafd0321e065b Author: Michael Osipov AuthorDate: Thu Oct 12 17:12:19 2023 +0200 Fix version set in DLL header on Windows --- native/NMAKEmakefile | 4 ++-- xdocs/miscellaneous/changelog.xml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/native/NMAKEmakefile b/native/NMAKEmakefile index 1c91b5c47..ad02d3152 100644 --- a/native/NMAKEmakefile +++ b/native/NMAKEmakefile @@ -69,7 +69,7 @@ INCLUDES = $(INCLUDES) -I$(WITH_OPENSSL)\inc32 LDIRS = $(LDIRS) /libpath:"$(WITH_OPENSSL)\out32" !ENDIF -LFLAGS = $(LFLAGS) /version:1.1 +LFLAGS = $(LFLAGS) /version:1.2 LFLAGS = $(LFLAGS) user32.lib psapi.lib gdi32.lib shlwapi.lib wldap32.lib ole32.lib LFLAGS = $(LFLAGS) $(APR_LIB) !IF DEFINED(WITH_FIPS) @@ -78,7 +78,7 @@ LFLAGS = $(LFLAGS) libeayfips32.lib libeaycompat32.lib ssleay32.lib /NODEFAULTLI !IF DEFINED(OPENSSL_NEW_LIBS) LFLAGS = $(LFLAGS) libssl.lib libcrypto.lib crypt32.lib !ELSE -LFLAGS = $(LFLAGS) libeay32.lib ssleay32.lib +LFLAGS = $(LFLAGS) libeay32.lib ssleay32.lib !ENDIF !ENDIF diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index a80514dbf..5e3f2ae8f 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -38,6 +38,9 @@ Align Java source compile configuration with Tomcat. (michaelo) + + Fix version set in DLL header on Windows. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new b1d20cc6b0 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile b1d20cc6b0 is described below commit b1d20cc6b04d64f35b3b5e47d68e02c93437867b Author: Michael Osipov AuthorDate: Wed Sep 27 11:23:19 2023 +0200 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile --- java/org/apache/tomcat/util/net/SSLHostConfig.java | 4 +- .../tomcat/util/net/SSLHostConfigCertificate.java | 27 - java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++ java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 -- .../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++- test/org/apache/tomcat/util/net/TestSsl.java | 22 +- test/org/apache/tomcat/util/net/TesterSupport.java | 12 +- .../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++--- test/org/apache/tomcat/util/net/jsse/key-password | 1 + test/org/apache/tomcat/util/net/key-password | 1 + test/org/apache/tomcat/util/net/keystore-password | 1 + webapps/docs/changelog.xml | 4 ++ webapps/docs/config/http.xml | 20 - 13 files changed, 203 insertions(+), 23 deletions(-) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java index 003c9b8b27..a447c7fec0 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java @@ -659,7 +659,7 @@ public class SSLHostConfig implements Serializable { if (truststoreFile != null){ try { result = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), -getTruststoreFile(), getTruststorePassword()); +getTruststoreFile(), getTruststorePassword(), null); } catch (IOException ioe) { Throwable cause = ioe.getCause(); if (cause instanceof UnrecoverableKeyException) { @@ -668,7 +668,7 @@ public class SSLHostConfig implements Serializable { cause); // Re-try result = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), -getTruststoreFile(), null); +getTruststoreFile(), null, null); } else { // Something else went wrong - re-throw throw ioe; diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java index ff635bf588..0c0ebb7274 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java @@ -59,10 +59,12 @@ public class SSLHostConfigCertificate implements Serializable { private final SSLHostConfig sslHostConfig; private final Type type; private String certificateKeyPassword = null; +private String certificateKeyPasswordFile = null; // JSSE private String certificateKeyAlias; private String certificateKeystorePassword = DEFAULT_KEYSTORE_PASSWORD; +private String certificateKeystorePasswordFile = null; private String certificateKeystoreFile = DEFAULT_KEYSTORE_FILE; private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER; private String certificateKeystoreType = DEFAULT_KEYSTORE_TYPE; @@ -131,6 +133,16 @@ public class SSLHostConfigCertificate implements Serializable { } +public String getCertificateKeyPasswordFile() { +return certificateKeyPasswordFile; +} + + +public void setCertificateKeyPasswordFile(String certificateKeyPasswordFile) { +this.certificateKeyPasswordFile = certificateKeyPasswordFile; +} + + // JSSE public void setCertificateKeyAlias(String certificateKeyAlias) { @@ -171,6 +183,19 @@ public class SSLHostConfigCertificate implements Serializable { } +public void setCertificateKeystorePasswordFile(String certificateKeystorePasswordFile) { +sslHostConfig.setProperty( +"Certificate.certificateKeystorePasswordFile", SSLHostConfig.Type.JSSE); +setStoreType("Certificate.certificateKeystorePasswordFile", StoreType.KEYSTORE); +this.certificateKeystorePasswordFile = certificateKeystorePasswordFile; +} + + +public String getCertificateKeystorePasswordFile() { +return certificateKeystorePasswordFile; +}
[tomcat] branch 10.1.x updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 62bbe46266 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile 62bbe46266 is described below commit 62bbe462666b34eda971d1256cc1e830b500bdc1 Author: Michael Osipov AuthorDate: Wed Sep 27 11:23:19 2023 +0200 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile --- java/org/apache/tomcat/util/net/SSLHostConfig.java | 4 +- .../tomcat/util/net/SSLHostConfigCertificate.java | 27 - java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++ java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 -- .../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++- test/org/apache/tomcat/util/net/TestSsl.java | 22 +- test/org/apache/tomcat/util/net/TesterSupport.java | 12 +- .../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++--- test/org/apache/tomcat/util/net/jsse/key-password | 1 + test/org/apache/tomcat/util/net/key-password | 1 + test/org/apache/tomcat/util/net/keystore-password | 1 + webapps/docs/changelog.xml | 4 ++ webapps/docs/config/http.xml | 20 - 13 files changed, 203 insertions(+), 23 deletions(-) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java index 003c9b8b27..a447c7fec0 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java @@ -659,7 +659,7 @@ public class SSLHostConfig implements Serializable { if (truststoreFile != null){ try { result = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), -getTruststoreFile(), getTruststorePassword()); +getTruststoreFile(), getTruststorePassword(), null); } catch (IOException ioe) { Throwable cause = ioe.getCause(); if (cause instanceof UnrecoverableKeyException) { @@ -668,7 +668,7 @@ public class SSLHostConfig implements Serializable { cause); // Re-try result = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), -getTruststoreFile(), null); +getTruststoreFile(), null, null); } else { // Something else went wrong - re-throw throw ioe; diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java index ff635bf588..0c0ebb7274 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java @@ -59,10 +59,12 @@ public class SSLHostConfigCertificate implements Serializable { private final SSLHostConfig sslHostConfig; private final Type type; private String certificateKeyPassword = null; +private String certificateKeyPasswordFile = null; // JSSE private String certificateKeyAlias; private String certificateKeystorePassword = DEFAULT_KEYSTORE_PASSWORD; +private String certificateKeystorePasswordFile = null; private String certificateKeystoreFile = DEFAULT_KEYSTORE_FILE; private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER; private String certificateKeystoreType = DEFAULT_KEYSTORE_TYPE; @@ -131,6 +133,16 @@ public class SSLHostConfigCertificate implements Serializable { } +public String getCertificateKeyPasswordFile() { +return certificateKeyPasswordFile; +} + + +public void setCertificateKeyPasswordFile(String certificateKeyPasswordFile) { +this.certificateKeyPasswordFile = certificateKeyPasswordFile; +} + + // JSSE public void setCertificateKeyAlias(String certificateKeyAlias) { @@ -171,6 +183,19 @@ public class SSLHostConfigCertificate implements Serializable { } +public void setCertificateKeystorePasswordFile(String certificateKeystorePasswordFile) { +sslHostConfig.setProperty( +"Certificate.certificateKeystorePasswordFile", SSLHostConfig.Type.JSSE); +setStoreType("Certificate.certificateKeystorePasswordFile", StoreType.KEYSTORE); +this.certificateKeystorePasswordFile = certificateKeystorePasswordFile; +} + + +public String getCertificateKeystorePasswordFile() { +return certificateKeystorePasswordFile; +}
[tomcat] branch 9.0.x updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 3d8db8cd57 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile 3d8db8cd57 is described below commit 3d8db8cd57b1e89be75b004b7401eb9581f531a2 Author: Michael Osipov AuthorDate: Wed Sep 27 11:23:19 2023 +0200 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile --- .../coyote/http11/AbstractHttp11Protocol.java | 34 java/org/apache/tomcat/util/net/SSLHostConfig.java | 34 +++- .../tomcat/util/net/SSLHostConfigCertificate.java | 27 - java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++ java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 -- .../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++- test/org/apache/tomcat/util/net/TestSsl.java | 22 +- test/org/apache/tomcat/util/net/TesterSupport.java | 12 +- .../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++--- test/org/apache/tomcat/util/net/jsse/key-password | 1 + test/org/apache/tomcat/util/net/key-password | 1 + test/org/apache/tomcat/util/net/keystore-password | 1 + webapps/docs/changelog.xml | 4 ++ webapps/docs/config/http.xml | 20 - 14 files changed, 267 insertions(+), 23 deletions(-) diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java index cc6988d308..9f12ae8ec4 100644 --- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java +++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java @@ -1009,6 +1009,17 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { } +public String getKeystorePassFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeystorePasswordFile(); +} + +public void setKeystorePassFile(String certificateKeystorePasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeystorePasswordFile(certificateKeystorePasswordFile); +} + + public String getKeyPass() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateKeyPassword(); @@ -1019,6 +1030,18 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { defaultSSLHostConfig.setCertificateKeyPassword(certificateKeyPassword); } + +public String getKeyPassFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeyPasswordFile(); +} + +public void setKeyPassFile(String certificateKeyPasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile); +} + + public String getSSLPassword() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateKeyPassword(); @@ -1030,6 +1053,17 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { } +public String getSSLPasswordFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeyPasswordFile(); +} + +public void setSSLPasswordFile(String certificateKeyPasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile); +} + + public String getCrlFile() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateRevocationListFile(); diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java index b2d944ee9b..af320dfbb6 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java @@ -305,12 +305,29 @@ public class SSLHostConfig implements Serializable { return defaultCertificate.getCertificateKeyPassword(); } } + + public void setCertificateKeyPassword(String certificateKeyPassword) { registerDefaultCertificate(); defaultCertificate.setCertificateKeyPassword(certificateKeyPassword); } +public String getCertificateKeyPasswordFile() { +if (defaultCertificate == null) { +return null; +} else { +return defaultCertificate.getCertificateKeyPasswordFile(); +} +} + + +public void setCertificateKeyPasswordFile(String certificateKeyPasswordFile) { +registerDefaultCertificate(); + defaultCertificate.setCertificateKeyPasswordFile(certificateKeyPasswordFile
[tomcat] branch 8.5.x updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 8768cb1607 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile 8768cb1607 is described below commit 8768cb160766487e43f861de9ded9d527fd9d334 Author: Michael Osipov AuthorDate: Wed Sep 27 11:23:19 2023 +0200 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile --- .../coyote/http11/AbstractHttp11Protocol.java | 34 java/org/apache/tomcat/util/net/SSLHostConfig.java | 34 +++- .../tomcat/util/net/SSLHostConfigCertificate.java | 27 - java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++ java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 -- .../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++- test/org/apache/tomcat/util/net/TestSsl.java | 22 +- test/org/apache/tomcat/util/net/TesterSupport.java | 12 +- .../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++--- test/org/apache/tomcat/util/net/jsse/key-password | 1 + test/org/apache/tomcat/util/net/key-password | 1 + test/org/apache/tomcat/util/net/keystore-password | 1 + webapps/docs/changelog.xml | 4 ++ webapps/docs/config/http.xml | 20 - 14 files changed, 267 insertions(+), 23 deletions(-) diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java index 8e4f3efe98..18005783e2 100644 --- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java +++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java @@ -1013,6 +1013,17 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { } +public String getKeystorePassFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeystorePasswordFile(); +} + +public void setKeystorePassFile(String certificateKeystorePasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeystorePasswordFile(certificateKeystorePasswordFile); +} + + public String getKeyPass() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateKeyPassword(); @@ -1023,6 +1034,18 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { defaultSSLHostConfig.setCertificateKeyPassword(certificateKeyPassword); } + +public String getKeyPassFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeyPasswordFile(); +} + +public void setKeyPassFile(String certificateKeyPasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile); +} + + public String getSSLPassword() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateKeyPassword(); @@ -1034,6 +1057,17 @@ public abstract class AbstractHttp11Protocol extends AbstractProtocol { } +public String getSSLPasswordFile() { +registerDefaultSSLHostConfig(); +return defaultSSLHostConfig.getCertificateKeyPasswordFile(); +} + +public void setSSLPasswordFile(String certificateKeyPasswordFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile); +} + + public String getCrlFile() { registerDefaultSSLHostConfig(); return defaultSSLHostConfig.getCertificateRevocationListFile(); diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java index 7563015373..c9b921026e 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java @@ -306,12 +306,29 @@ public class SSLHostConfig implements Serializable { return defaultCertificate.getCertificateKeyPassword(); } } + + public void setCertificateKeyPassword(String certificateKeyPassword) { registerDefaultCertificate(); defaultCertificate.setCertificateKeyPassword(certificateKeyPassword); } +public String getCertificateKeyPasswordFile() { +if (defaultCertificate == null) { +return null; +} else { +return defaultCertificate.getCertificateKeyPasswordFile(); +} +} + + +public void setCertificateKeyPasswordFile(String certificateKeyPasswordFile) { +registerDefaultCertificate(); + defaultCertificate.setCertificateKeyPasswordFile(certificateKeyPasswordFile
(tomcat-native) branch main updated: Remove an unreachable if condition around CRLs in sslcontext.c
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new ac6f59b81 Remove an unreachable if condition around CRLs in sslcontext.c ac6f59b81 is described below commit ac6f59b8162c52bc6fe1add64d38af9da9dd9c02 Author: Michael Osipov AuthorDate: Fri Oct 27 12:52:19 2023 +0200 Remove an unreachable if condition around CRLs in sslcontext.c SSL_CTX_get_cert_store() will never return NULL because it is initialized at context creation time with X509_STORE_new() and unless we have set it explicitly to NULL with SSL_CTX_set_cert_store(). --- native/src/sslcontext.c | 7 +++ xdocs/miscellaneous/changelog.xml | 3 +++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index b52258914..34669ff70 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -611,10 +611,9 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx return JNI_FALSE; } -if (!c->crl) { -if ((c->crl = SSL_CTX_get_cert_store(c->ctx)) == NULL) -goto cleanup; -} +if (!c->crl) +c->crl = SSL_CTX_get_cert_store(c->ctx); + if (J2S(file)) { lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file()); if (lookup == NULL) { diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index c5ea8ce09..ffd0e10f5 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -56,6 +56,9 @@ Add Ant version (1.10.2) requirement identical to Tomcat. (michaelo) + + Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch 1.2.x updated: Remove an unreachable if condition around CRLs in sslcontext.c
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new de660b456 Remove an unreachable if condition around CRLs in sslcontext.c de660b456 is described below commit de660b456ec6efdbc03e5c1e7324449756764481 Author: Michael Osipov AuthorDate: Fri Oct 27 12:52:19 2023 +0200 Remove an unreachable if condition around CRLs in sslcontext.c SSL_CTX_get_cert_store() will never return NULL because it is initialized at context creation time with X509_STORE_new() and unless we have set it explicitly to NULL with SSL_CTX_set_cert_store(). --- native/src/sslcontext.c | 7 +++ xdocs/miscellaneous/changelog.xml | 3 +++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 2cde86087..646577e72 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -718,10 +718,9 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx return JNI_FALSE; } -if (!c->crl) { -if ((c->crl = SSL_CTX_get_cert_store(c->ctx)) == NULL) -goto cleanup; -} +if (!c->crl) +c->crl = SSL_CTX_get_cert_store(c->ctx); + if (J2S(file)) { lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file()); if (lookup == NULL) { diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 5e3f2ae8f..a7462ec00 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -41,6 +41,9 @@ Fix version set in DLL header on Windows. (michaelo) + + Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new ccc6bfe99 BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths ccc6bfe99 is described below commit ccc6bfe99d1981aabde6a3175866f99d38207f03 Author: Michael Osipov AuthorDate: Wed Oct 18 22:22:06 2023 +0200 BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths --- native/src/ssl.c | 11 ++- native/src/sslcontext.c | 12 +++- xdocs/miscellaneous/changelog.xml | 4 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/native/src/ssl.c b/native/src/ssl.c index e0b0461a9..7f4ca7e78 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -1177,15 +1177,8 @@ TCN_IMPLEMENT_CALL(void, SSL, setVerify)(TCN_STDARGS, jlong ssl, if ((c->verify_mode == SSL_CVERIFY_OPTIONAL) || (c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)) verify |= SSL_VERIFY_PEER; -if (!c->store) { -if (SSL_CTX_set_default_verify_paths(c->ctx)) { -c->store = SSL_CTX_get_cert_store(c->ctx); -X509_STORE_set_flags(c->store, 0); -} -else { -/* XXX: See if this is fatal */ -} -} +if (!c->store) +c->store = SSL_CTX_get_cert_store(c->ctx); SSL_set_verify(ssl_, verify, SSL_callback_SSL_verify); } diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 34669ff70..f5b2b9831 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -35,6 +35,7 @@ static apr_status_t ssl_context_cleanup(void *data) if (c) { int i; c->crl = NULL; +c->store = NULL; if (c->ctx) SSL_CTX_free(c->ctx); c->ctx = NULL; @@ -861,15 +862,8 @@ TCN_IMPLEMENT_CALL(void, SSLContext, setVerify)(TCN_STDARGS, jlong ctx, if ((c->verify_mode == SSL_CVERIFY_OPTIONAL) || (c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)) verify |= SSL_VERIFY_PEER; -if (!c->store) { -if (SSL_CTX_set_default_verify_paths(c->ctx)) { -c->store = SSL_CTX_get_cert_store(c->ctx); -X509_STORE_set_flags(c->store, 0); -} -else { -/* XXX: See if this is fatal */ -} -} +if (!c->store) +c->store = SSL_CTX_get_cert_store(c->ctx); SSL_CTX_set_verify(c->ctx, verify, SSL_callback_SSL_verify); } diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index ffd0e10f5..0aedd8212 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -59,6 +59,10 @@ Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo) + + 67818: SSL.setVerify()/SSLContext.setVerify() + silently set undocumented default verify paths. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch 1.2.x updated: BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new 193c4e504 BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths 193c4e504 is described below commit 193c4e504fc10f74737b062ddd1b34f54f38a268 Author: Michael Osipov AuthorDate: Wed Oct 18 22:22:06 2023 +0200 BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths --- native/src/ssl.c | 11 ++- native/src/sslcontext.c | 12 +++- xdocs/miscellaneous/changelog.xml | 4 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/native/src/ssl.c b/native/src/ssl.c index 31493e74f..ff716091f 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -1894,15 +1894,8 @@ TCN_IMPLEMENT_CALL(void, SSL, setVerify)(TCN_STDARGS, jlong ssl, if ((c->verify_mode == SSL_CVERIFY_OPTIONAL) || (c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)) verify |= SSL_VERIFY_PEER; -if (!c->store) { -if (SSL_CTX_set_default_verify_paths(c->ctx)) { -c->store = SSL_CTX_get_cert_store(c->ctx); -X509_STORE_set_flags(c->store, 0); -} -else { -/* XXX: See if this is fatal */ -} -} +if (!c->store) +c->store = SSL_CTX_get_cert_store(c->ctx); SSL_set_verify(ssl_, verify, SSL_callback_SSL_verify); } diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 646577e72..36cf11ed0 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -36,6 +36,7 @@ static apr_status_t ssl_context_cleanup(void *data) if (c) { int i; c->crl = NULL; +c->store = NULL; if (c->ctx) SSL_CTX_free(c->ctx); c->ctx = NULL; @@ -968,15 +969,8 @@ TCN_IMPLEMENT_CALL(void, SSLContext, setVerify)(TCN_STDARGS, jlong ctx, if ((c->verify_mode == SSL_CVERIFY_OPTIONAL) || (c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)) verify |= SSL_VERIFY_PEER; -if (!c->store) { -if (SSL_CTX_set_default_verify_paths(c->ctx)) { -c->store = SSL_CTX_get_cert_store(c->ctx); -X509_STORE_set_flags(c->store, 0); -} -else { -/* XXX: See if this is fatal */ -} -} +if (!c->store) +c->store = SSL_CTX_get_cert_store(c->ctx); SSL_CTX_set_verify(c->ctx, verify, SSL_callback_SSL_verify); } diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index a7462ec00..cac6e1b2d 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -44,6 +44,10 @@ Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo) + + 67818: SSL.setVerify()/SSLContext.setVerify() + silently set undocumented default verify paths. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 3151ed38a6 BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs 3151ed38a6 is described below commit 3151ed38a65a77f0bb2ef9668bd19ceb5f31c48a Author: Michael Osipov AuthorDate: Mon Oct 30 11:43:36 2023 +0100 BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs --- java/org/apache/tomcat/util/net/jsse/PEMFile.java | 20 webapps/docs/changelog.xml| 4 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java b/java/org/apache/tomcat/util/net/jsse/PEMFile.java index b3f60ce0db..5bef5b6f24 100644 --- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java +++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java @@ -56,6 +56,8 @@ import org.apache.tomcat.util.buf.HexUtils; import org.apache.tomcat.util.codec.binary.Base64; import org.apache.tomcat.util.file.ConfigFileLoader; import org.apache.tomcat.util.res.StringManager; +import org.ietf.jgss.GSSException; +import org.ietf.jgss.Oid; /** * RFC 1421 PEM file containing X509 certificates or private keys. @@ -375,7 +377,7 @@ public class PEMFile { */ if (!Arrays.equals(oidEncryptionAlgorithm, OID_PBES2)) { throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPkcs8Algorithm", -HexUtils.toHexString(oidEncryptionAlgorithm))); +toDottedOidString(oidEncryptionAlgorithm))); } // PBES2-params @@ -388,7 +390,7 @@ public class PEMFile { byte[] oidKDF = p.parseOIDAsBytes(); if (!Arrays.equals(oidKDF, OID_PBKDF2)) { throw new NoSuchAlgorithmException( -sm.getString("pemFile.notPbkdf2", HexUtils.toHexString(oidKDF))); +sm.getString("pemFile.notPbkdf2", toDottedOidString(oidKDF))); } // PBES2 KDF-params @@ -406,7 +408,7 @@ public class PEMFile { byte[] oidPRF = p.parseOIDAsBytes(); String prf = OID_TO_PRF.get(HexUtils.toHexString(oidPRF)); if (prf == null) { -throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm", HexUtils.toHexString(oidPRF))); +throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm", toDottedOidString(oidPRF))); } p.parseNull(); @@ -417,7 +419,7 @@ public class PEMFile { Algorithm algorithm = OID_TO_ALGORITHM.get(HexUtils.toHexString(oidCipher)); if (algorithm == null) { throw new NoSuchAlgorithmException( - sm.getString("pemFile.unknownEncryptionAlgorithm", HexUtils.toHexString(oidCipher))); + sm.getString("pemFile.unknownEncryptionAlgorithm", toDottedOidString(oidCipher))); } byte[] iv = p.parseOctetString(); @@ -624,6 +626,16 @@ public class PEMFile { } return bytes; } + + +private String toDottedOidString(byte[] oidBytes) { +try { +Oid oid = new Oid(oidBytes); +return oid.toString(); +} catch (GSSException e) { +return HexUtils.toHexString(oidBytes); +} +} } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 575b08f3dc..edac7d0e60 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -125,6 +125,10 @@ support a broader range of environments, and to give better information in the event of a failure. (schultz) + +67926: PEMFile prints unidentifiable string representation + of ASN.1 OIDs. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 96688ea1ff BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs 96688ea1ff is described below commit 96688ea1ff1b622653dd9cc1c7cbe1a04ad5d81b Author: Michael Osipov AuthorDate: Mon Oct 30 11:43:36 2023 +0100 BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs --- java/org/apache/tomcat/util/net/jsse/PEMFile.java | 20 webapps/docs/changelog.xml| 4 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java b/java/org/apache/tomcat/util/net/jsse/PEMFile.java index b3f60ce0db..5bef5b6f24 100644 --- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java +++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java @@ -56,6 +56,8 @@ import org.apache.tomcat.util.buf.HexUtils; import org.apache.tomcat.util.codec.binary.Base64; import org.apache.tomcat.util.file.ConfigFileLoader; import org.apache.tomcat.util.res.StringManager; +import org.ietf.jgss.GSSException; +import org.ietf.jgss.Oid; /** * RFC 1421 PEM file containing X509 certificates or private keys. @@ -375,7 +377,7 @@ public class PEMFile { */ if (!Arrays.equals(oidEncryptionAlgorithm, OID_PBES2)) { throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPkcs8Algorithm", -HexUtils.toHexString(oidEncryptionAlgorithm))); +toDottedOidString(oidEncryptionAlgorithm))); } // PBES2-params @@ -388,7 +390,7 @@ public class PEMFile { byte[] oidKDF = p.parseOIDAsBytes(); if (!Arrays.equals(oidKDF, OID_PBKDF2)) { throw new NoSuchAlgorithmException( -sm.getString("pemFile.notPbkdf2", HexUtils.toHexString(oidKDF))); +sm.getString("pemFile.notPbkdf2", toDottedOidString(oidKDF))); } // PBES2 KDF-params @@ -406,7 +408,7 @@ public class PEMFile { byte[] oidPRF = p.parseOIDAsBytes(); String prf = OID_TO_PRF.get(HexUtils.toHexString(oidPRF)); if (prf == null) { -throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm", HexUtils.toHexString(oidPRF))); +throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm", toDottedOidString(oidPRF))); } p.parseNull(); @@ -417,7 +419,7 @@ public class PEMFile { Algorithm algorithm = OID_TO_ALGORITHM.get(HexUtils.toHexString(oidCipher)); if (algorithm == null) { throw new NoSuchAlgorithmException( - sm.getString("pemFile.unknownEncryptionAlgorithm", HexUtils.toHexString(oidCipher))); + sm.getString("pemFile.unknownEncryptionAlgorithm", toDottedOidString(oidCipher))); } byte[] iv = p.parseOctetString(); @@ -624,6 +626,16 @@ public class PEMFile { } return bytes; } + + +private String toDottedOidString(byte[] oidBytes) { +try { +Oid oid = new Oid(oidBytes); +return oid.toString(); +} catch (GSSException e) { +return HexUtils.toHexString(oidBytes); +} +} } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index b576cb62b7..9f96c43e8e 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -120,6 +120,10 @@ Optionally allow ServiceBindingPropertySource to trim a trailing newline from a file containing a property-value. (schultz) + +67926: PEMFile prints unidentifiable string representation + of ASN.1 OIDs. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 60b68d8f2a BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs 60b68d8f2a is described below commit 60b68d8f2a84e10e275fa8d7b83d1a2da99e35c2 Author: Michael Osipov AuthorDate: Mon Oct 30 11:43:36 2023 +0100 BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs --- java/org/apache/tomcat/util/net/jsse/PEMFile.java | 20 webapps/docs/changelog.xml| 4 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java b/java/org/apache/tomcat/util/net/jsse/PEMFile.java index b3f60ce0db..5bef5b6f24 100644 --- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java +++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java @@ -56,6 +56,8 @@ import org.apache.tomcat.util.buf.HexUtils; import org.apache.tomcat.util.codec.binary.Base64; import org.apache.tomcat.util.file.ConfigFileLoader; import org.apache.tomcat.util.res.StringManager; +import org.ietf.jgss.GSSException; +import org.ietf.jgss.Oid; /** * RFC 1421 PEM file containing X509 certificates or private keys. @@ -375,7 +377,7 @@ public class PEMFile { */ if (!Arrays.equals(oidEncryptionAlgorithm, OID_PBES2)) { throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPkcs8Algorithm", -HexUtils.toHexString(oidEncryptionAlgorithm))); +toDottedOidString(oidEncryptionAlgorithm))); } // PBES2-params @@ -388,7 +390,7 @@ public class PEMFile { byte[] oidKDF = p.parseOIDAsBytes(); if (!Arrays.equals(oidKDF, OID_PBKDF2)) { throw new NoSuchAlgorithmException( -sm.getString("pemFile.notPbkdf2", HexUtils.toHexString(oidKDF))); +sm.getString("pemFile.notPbkdf2", toDottedOidString(oidKDF))); } // PBES2 KDF-params @@ -406,7 +408,7 @@ public class PEMFile { byte[] oidPRF = p.parseOIDAsBytes(); String prf = OID_TO_PRF.get(HexUtils.toHexString(oidPRF)); if (prf == null) { -throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm", HexUtils.toHexString(oidPRF))); +throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm", toDottedOidString(oidPRF))); } p.parseNull(); @@ -417,7 +419,7 @@ public class PEMFile { Algorithm algorithm = OID_TO_ALGORITHM.get(HexUtils.toHexString(oidCipher)); if (algorithm == null) { throw new NoSuchAlgorithmException( - sm.getString("pemFile.unknownEncryptionAlgorithm", HexUtils.toHexString(oidCipher))); + sm.getString("pemFile.unknownEncryptionAlgorithm", toDottedOidString(oidCipher))); } byte[] iv = p.parseOctetString(); @@ -624,6 +626,16 @@ public class PEMFile { } return bytes; } + + +private String toDottedOidString(byte[] oidBytes) { +try { +Oid oid = new Oid(oidBytes); +return oid.toString(); +} catch (GSSException e) { +return HexUtils.toHexString(oidBytes); +} +} } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 4301e1fa40..89f9ad68db 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -120,6 +120,10 @@ Optionally allow ServiceBindingPropertySource to trim a trailing newline from a file containing a property-value. (schultz) + +67926: PEMFile prints unidentifiable string representation + of ASN.1 OIDs. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 8.5.x updated: BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 40a1d14fd4 BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs 40a1d14fd4 is described below commit 40a1d14fd4717505f756f08d5b76abaf55b7778c Author: Michael Osipov AuthorDate: Mon Oct 30 11:43:36 2023 +0100 BZ 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs --- java/org/apache/tomcat/util/net/jsse/PEMFile.java | 20 webapps/docs/changelog.xml| 4 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java b/java/org/apache/tomcat/util/net/jsse/PEMFile.java index a136bef6a6..2499beda79 100644 --- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java +++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java @@ -56,6 +56,8 @@ import org.apache.tomcat.util.buf.HexUtils; import org.apache.tomcat.util.codec.binary.Base64; import org.apache.tomcat.util.file.ConfigFileLoader; import org.apache.tomcat.util.res.StringManager; +import org.ietf.jgss.GSSException; +import org.ietf.jgss.Oid; /** * RFC 1421 PEM file containing X509 certificates or private keys. @@ -373,7 +375,7 @@ public class PEMFile { */ if (!Arrays.equals(oidEncryptionAlgorithm, OID_PBES2)) { throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPkcs8Algorithm", -HexUtils.toHexString(oidEncryptionAlgorithm))); +toDottedOidString(oidEncryptionAlgorithm))); } // PBES2-params @@ -386,7 +388,7 @@ public class PEMFile { byte[] oidKDF = p.parseOIDAsBytes(); if (!Arrays.equals(oidKDF, OID_PBKDF2)) { throw new NoSuchAlgorithmException( -sm.getString("pemFile.notPbkdf2", HexUtils.toHexString(oidKDF))); +sm.getString("pemFile.notPbkdf2", toDottedOidString(oidKDF))); } // PBES2 KDF-params @@ -404,7 +406,7 @@ public class PEMFile { byte[] oidPRF = p.parseOIDAsBytes(); String prf = OID_TO_PRF.get(HexUtils.toHexString(oidPRF)); if (prf == null) { -throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm", HexUtils.toHexString(oidPRF))); +throw new NoSuchAlgorithmException(sm.getString("pemFile.unknownPrfAlgorithm", toDottedOidString(oidPRF))); } p.parseNull(); @@ -415,7 +417,7 @@ public class PEMFile { Algorithm algorithm = OID_TO_ALGORITHM.get(HexUtils.toHexString(oidCipher)); if (algorithm == null) { throw new NoSuchAlgorithmException( - sm.getString("pemFile.unknownEncryptionAlgorithm", HexUtils.toHexString(oidCipher))); + sm.getString("pemFile.unknownEncryptionAlgorithm", toDottedOidString(oidCipher))); } byte[] iv = p.parseOctetString(); @@ -622,6 +624,16 @@ public class PEMFile { } return bytes; } + + +private String toDottedOidString(byte[] oidBytes) { +try { +Oid oid = new Oid(oidBytes); +return oid.toString(); +} catch (GSSException e) { +return HexUtils.toHexString(oidBytes); +} +} } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 72ea1e0402..2340769f7a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -120,6 +120,10 @@ Optionally allow ServiceBindingPropertySource to trim a trailing newline from a file containing a property-value. (schultz) + +67926: PEMFile prints unidentifiable string representation + of ASN.1 OIDs. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (26e49bba4b -> f3adc26288)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from 26e49bba4b Expand security guidance to cover embedded usage add f3adc26288 Add ContextNamingInfoListener No new revisions were added by this update. Summary of changes: .../catalina/core/ContextNamingInfoListener.java | 121 + .../apache/catalina/core/LocalStrings.properties | 3 + .../core/TestContextNamingInfoListener.java| 119 webapps/docs/changelog.xml | 5 + webapps/docs/config/listeners.xml | 27 + 5 files changed, 275 insertions(+) create mode 100644 java/org/apache/catalina/core/ContextNamingInfoListener.java create mode 100644 test/org/apache/catalina/core/TestContextNamingInfoListener.java - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Add ContextNamingInfoListener
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 966ba70198 Add ContextNamingInfoListener 966ba70198 is described below commit 966ba701982d2779bed3246adc4e48b70971400b Author: Michael Osipov AuthorDate: Thu Jun 8 12:09:15 2023 +0200 Add ContextNamingInfoListener A listener which creates context naming information environment entries. --- .../catalina/core/ContextNamingInfoListener.java | 121 + .../apache/catalina/core/LocalStrings.properties | 3 + .../core/TestContextNamingInfoListener.java| 119 webapps/docs/changelog.xml | 5 + webapps/docs/config/listeners.xml | 27 + 5 files changed, 275 insertions(+) diff --git a/java/org/apache/catalina/core/ContextNamingInfoListener.java b/java/org/apache/catalina/core/ContextNamingInfoListener.java new file mode 100644 index 00..cf0db7f8ed --- /dev/null +++ b/java/org/apache/catalina/core/ContextNamingInfoListener.java @@ -0,0 +1,121 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.core; + +import org.apache.catalina.Context; +import org.apache.catalina.Lifecycle; +import org.apache.catalina.LifecycleEvent; +import org.apache.catalina.LifecycleListener; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.descriptor.web.ContextEnvironment; +import org.apache.tomcat.util.res.StringManager; + +/** + * Implementation of {@code LifecycleListener} that will create context naming information + * environment entries. + * + * This listener must only be nested within {@link Context} elements. + * + * The following entries will be added to the initial context ({@code java:comp/env} implied): + * + * Path: {@code context/path} from {@link Context#getPath()} + * Encoded Path: {@code context/encodedPath} from {@link Context#getEncodedPath()} + * Webapp Version: {@code context/webappVersion} from {@link Context#getWebappVersion()} + * Name: {@code context/name} from {@link Context#getName()} + * Base Name: {@code context/baseName} from {@link Context#getBaseName()} + * Display Name: {@code context/displayName} from {@link Context#getDisplayName()} + * + * + * See the https://tomcat.apache.org/tomcat-10.1-doc/config/context.html#Naming";>Tomcat + * documentation for more details on the values. + */ +public class ContextNamingInfoListener implements LifecycleListener { + +private static final String PATH_ENTRY_NAME = "context/path"; +private static final String ENCODED_PATH_ENTRY_NAME = "context/encodedPath"; +private static final String WEBAPP_VERSION_ENTRY_NAME = "context/webappVersion"; +private static final String NAME_ENTRY_NAME = "context/name"; +private static final String BASE_NAME_ENTRY_NAME = "context/baseName"; +private static final String DISPLAY_NAME_ENTRY_NAME = "context/displayName"; + +private static final Log log = LogFactory.getLog(ContextNamingInfoListener.class); +/** + * The string manager for this package. + */ +private static final StringManager sm = StringManager.getManager(ContextNamingInfoListener.class); + +private boolean emptyOnRoot = true; + +/** + * Sets whether for the root context {@code context/path} and {@code context/encodedPath} will + * contain {@code "/"} and {@code context/name} will contain {@code "ROOT"} with a version, if any. + * + * @param emptyOnRoot whether paths and name for root context shall be empty + */ +public void setEmptyOnRoot(boolean emptyOnRoot) { +this.emptyOnRoot = emptyOnRoot; +} + +/** + * Gets whether paths and name for the root context will be empty. + * + * @return indicator whether paths and name for the root context will be empty + */ +public boolean isEmptyOnRoot() { +return emptyOnRoot
[tomcat] branch 9.0.x updated: Add ContextNamingInfoListener
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 594a878ec4 Add ContextNamingInfoListener 594a878ec4 is described below commit 594a878ec4a566a463259a92536b3228af0d2999 Author: Michael Osipov AuthorDate: Thu Jun 8 12:09:15 2023 +0200 Add ContextNamingInfoListener A listener which creates context naming information environment entries. --- .../catalina/core/ContextNamingInfoListener.java | 121 + .../apache/catalina/core/LocalStrings.properties | 3 + .../core/TestContextNamingInfoListener.java| 119 webapps/docs/changelog.xml | 5 + webapps/docs/config/listeners.xml | 27 + 5 files changed, 275 insertions(+) diff --git a/java/org/apache/catalina/core/ContextNamingInfoListener.java b/java/org/apache/catalina/core/ContextNamingInfoListener.java new file mode 100644 index 00..0e1926877b --- /dev/null +++ b/java/org/apache/catalina/core/ContextNamingInfoListener.java @@ -0,0 +1,121 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.core; + +import org.apache.catalina.Context; +import org.apache.catalina.Lifecycle; +import org.apache.catalina.LifecycleEvent; +import org.apache.catalina.LifecycleListener; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.descriptor.web.ContextEnvironment; +import org.apache.tomcat.util.res.StringManager; + +/** + * Implementation of {@code LifecycleListener} that will create context naming information + * environment entries. + * + * This listener must only be nested within {@link Context} elements. + * + * The following entries will be added to the initial context ({@code java:comp/env} implied): + * + * Path: {@code context/path} from {@link Context#getPath()} + * Encoded Path: {@code context/encodedPath} from {@link Context#getEncodedPath()} + * Webapp Version: {@code context/webappVersion} from {@link Context#getWebappVersion()} + * Name: {@code context/name} from {@link Context#getName()} + * Base Name: {@code context/baseName} from {@link Context#getBaseName()} + * Display Name: {@code context/displayName} from {@link Context#getDisplayName()} + * + * + * See the https://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Naming";>Tomcat + * documentation for more details on the values. + */ +public class ContextNamingInfoListener implements LifecycleListener { + +private static final String PATH_ENTRY_NAME = "context/path"; +private static final String ENCODED_PATH_ENTRY_NAME = "context/encodedPath"; +private static final String WEBAPP_VERSION_ENTRY_NAME = "context/webappVersion"; +private static final String NAME_ENTRY_NAME = "context/name"; +private static final String BASE_NAME_ENTRY_NAME = "context/baseName"; +private static final String DISPLAY_NAME_ENTRY_NAME = "context/displayName"; + +private static final Log log = LogFactory.getLog(ContextNamingInfoListener.class); +/** + * The string manager for this package. + */ +private static final StringManager sm = StringManager.getManager(ContextNamingInfoListener.class); + +private boolean emptyOnRoot = true; + +/** + * Sets whether for the root context {@code context/path} and {@code context/encodedPath} will + * contain {@code "/"} and {@code context/name} will contain {@code "ROOT"} with a version, if any. + * + * @param emptyOnRoot whether paths and name for root context shall be empty + */ +public void setEmptyOnRoot(boolean emptyOnRoot) { +this.emptyOnRoot = emptyOnRoot; +} + +/** + * Gets whether paths and name for the root context will be empty. + * + * @return indicator whether paths and name for the root context will be empty + */ +public boolean isEmptyOnRoot() { +return emptyOnRoot; +}
[tomcat] branch 8.5.x updated: Add ContextNamingInfoListener
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new ed1277b29b Add ContextNamingInfoListener ed1277b29b is described below commit ed1277b29b6b017059bb101030e4cddb6ccd0d8c Author: Michael Osipov AuthorDate: Thu Jun 8 12:09:15 2023 +0200 Add ContextNamingInfoListener A listener which creates context naming information environment entries. --- .../catalina/core/ContextNamingInfoListener.java | 121 + .../apache/catalina/core/LocalStrings.properties | 3 + .../core/TestContextNamingInfoListener.java| 119 webapps/docs/changelog.xml | 5 + webapps/docs/config/listeners.xml | 27 + 5 files changed, 275 insertions(+) diff --git a/java/org/apache/catalina/core/ContextNamingInfoListener.java b/java/org/apache/catalina/core/ContextNamingInfoListener.java new file mode 100644 index 00..b77915c7d7 --- /dev/null +++ b/java/org/apache/catalina/core/ContextNamingInfoListener.java @@ -0,0 +1,121 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.core; + +import org.apache.catalina.Context; +import org.apache.catalina.Lifecycle; +import org.apache.catalina.LifecycleEvent; +import org.apache.catalina.LifecycleListener; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.descriptor.web.ContextEnvironment; +import org.apache.tomcat.util.res.StringManager; + +/** + * Implementation of {@code LifecycleListener} that will create context naming information + * environment entries. + * + * This listener must only be nested within {@link Context} elements. + * + * The following entries will be added to the initial context ({@code java:comp/env} implied): + * + * Path: {@code context/path} from {@link Context#getPath()} + * Encoded Path: {@code context/encodedPath} from {@link Context#getEncodedPath()} + * Webapp Version: {@code context/webappVersion} from {@link Context#getWebappVersion()} + * Name: {@code context/name} from {@link Context#getName()} + * Base Name: {@code context/baseName} from {@link Context#getBaseName()} + * Display Name: {@code context/displayName} from {@link Context#getDisplayName()} + * + * + * See the https://tomcat.apache.org/tomcat-8.5-doc/config/context.html#Naming";>Tomcat + * documentation for more details on the values. + */ +public class ContextNamingInfoListener implements LifecycleListener { + +private static final String PATH_ENTRY_NAME = "context/path"; +private static final String ENCODED_PATH_ENTRY_NAME = "context/encodedPath"; +private static final String WEBAPP_VERSION_ENTRY_NAME = "context/webappVersion"; +private static final String NAME_ENTRY_NAME = "context/name"; +private static final String BASE_NAME_ENTRY_NAME = "context/baseName"; +private static final String DISPLAY_NAME_ENTRY_NAME = "context/displayName"; + +private static final Log log = LogFactory.getLog(ContextNamingInfoListener.class); +/** + * The string manager for this package. + */ +private static final StringManager sm = StringManager.getManager(ContextNamingInfoListener.class); + +private boolean emptyOnRoot = true; + +/** + * Sets whether for the root context {@code context/path} and {@code context/encodedPath} will + * contain {@code "/"} and {@code context/name} will contain {@code "ROOT"} with a version, if any. + * + * @param emptyOnRoot whether paths and name for root context shall be empty + */ +public void setEmptyOnRoot(boolean emptyOnRoot) { +this.emptyOnRoot = emptyOnRoot; +} + +/** + * Gets whether paths and name for the root context will be empty. + * + * @return indicator whether paths and name for the root context will be empty + */ +public boolean isEmptyOnRoot() { +return emptyOnRoot; +}
[tomcat-native] branch main updated: Replace tabs with spaces
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new f247f0af0 Replace tabs with spaces f247f0af0 is described below commit f247f0af00e17af194d183daf6239967d698e731 Author: Michael Osipov AuthorDate: Thu Jun 22 10:52:40 2023 +0200 Replace tabs with spaces --- native/include/ssl_private.h | 6 +++--- native/src/ssl.c | 4 ++-- native/src/sslcontext.c | 4 ++-- native/src/sslutils.c| 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 091634df2..be2397053 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -326,9 +326,9 @@ typedef struct { */ } reneg_state; enum { - PHA_NONE = 0, /* Before PHA */ - PHA_STARTED,/* PHA req sent to client but no response */ - PHA_COMPLETE/* Client has returned cert */ +PHA_NONE = 0, /* Before PHA */ +PHA_STARTED,/* PHA req sent to client but no response */ +PHA_COMPLETE/* Client has returned cert */ } pha_state; apr_socket_t *sock; apr_pollset_t *pollset; diff --git a/native/src/ssl.c b/native/src/ssl.c index a008ec44d..53ae4b4a9 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -538,7 +538,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) err = APR_ENOTIMPL; else { #ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK - if (strcmp(J2S(engine), "chil") == 0) +if (strcmp(J2S(engine), "chil") == 0) ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); #endif if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL)) @@ -665,7 +665,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeGet)(TCN_STDARGS) if (strcmp("fips", name)) { return 0; } else { - return 1; +return 1; } #endif } diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 9bd7e7657..7305d72ae 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -816,8 +816,8 @@ TCN_IMPLEMENT_CALL(void, SSLContext, setTmpECDHByCurveName)(TCN_STDARGS, jlong c EC_KEY_free(ecdh); TCN_FREE_CSTRING(curveName); #else - tcn_Throw(e, "Cant't configure elliptic curve: unsupported by this OpenSSL version"); - return; +tcn_Throw(e, "Cant't configure elliptic curve: unsupported by this OpenSSL version"); +return; #endif } diff --git a/native/src/sslutils.c b/native/src/sslutils.c index db4486212..2194aac11 100644 --- a/native/src/sslutils.c +++ b/native/src/sslutils.c @@ -718,7 +718,7 @@ static char **decode_OCSP_url(ASN1_OCTET_STRING *os, apr_pool_t *p) return NULL; } if (parse_ASN1_Sequence(ocsp_urls, &response, &numofresponses, p) || - numofresponses ==0) { +numofresponses ==0) { response = NULL; } return response; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch 1.2.x updated: Replace tabs with spaces
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new df4c93e20 Replace tabs with spaces df4c93e20 is described below commit df4c93e205ca6f0341d54eec2d105f5400375c55 Author: Michael Osipov AuthorDate: Thu Jun 22 10:52:40 2023 +0200 Replace tabs with spaces --- native/include/ssl_private.h | 6 +++--- native/src/ssl.c | 4 ++-- native/src/sslcontext.c | 4 ++-- native/src/sslutils.c| 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 545022ba2..b48f7ca84 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -358,9 +358,9 @@ typedef struct { */ } reneg_state; enum { - PHA_NONE = 0, /* Before PHA */ - PHA_STARTED,/* PHA req sent to client but no response */ - PHA_COMPLETE/* Client has returned cert */ +PHA_NONE = 0, /* Before PHA */ +PHA_STARTED,/* PHA req sent to client but no response */ +PHA_COMPLETE/* Client has returned cert */ } pha_state; apr_socket_t *sock; apr_pollset_t *pollset; diff --git a/native/src/ssl.c b/native/src/ssl.c index 92414e611..31493e74f 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -817,7 +817,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) err = APR_ENOTIMPL; else { #ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK - if (strcmp(J2S(engine), "chil") == 0) +if (strcmp(J2S(engine), "chil") == 0) ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); #endif if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL)) @@ -947,7 +947,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeGet)(TCN_STDARGS) if (strcmp("fips", name)) { return 0; } else { - return 1; +return 1; } #else UNREFERENCED(o); diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 483446dd6..c0541bd72 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -923,8 +923,8 @@ TCN_IMPLEMENT_CALL(void, SSLContext, setTmpECDHByCurveName)(TCN_STDARGS, jlong c EC_KEY_free(ecdh); TCN_FREE_CSTRING(curveName); #else - tcn_Throw(e, "Cant't configure elliptic curve: unsupported by this OpenSSL version"); - return; +tcn_Throw(e, "Cant't configure elliptic curve: unsupported by this OpenSSL version"); +return; #endif } diff --git a/native/src/sslutils.c b/native/src/sslutils.c index c3bd41a45..619a6537e 100644 --- a/native/src/sslutils.c +++ b/native/src/sslutils.c @@ -741,7 +741,7 @@ static char **decode_OCSP_url(ASN1_OCTET_STRING *os, apr_pool_t *p) return NULL; } if (parse_ASN1_Sequence(ocsp_urls, &response, &numofresponses, p) || - numofresponses ==0) { +numofresponses ==0) { response = NULL; } return response; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Trim trailing whitespace
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 3fbe5615c Trim trailing whitespace 3fbe5615c is described below commit 3fbe5615c3350c21cdca2a84ba44888a58129aad Author: Michael Osipov AuthorDate: Mon Jun 26 18:00:16 2023 +0200 Trim trailing whitespace --- native/src/sslconf.c| 2 +- native/src/sslcontext.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/native/src/sslconf.c b/native/src/sslconf.c index a3b8cfdfd..e5b18a7ce 100644 --- a/native/src/sslconf.c +++ b/native/src/sslconf.c @@ -263,7 +263,7 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong cctx, c->no_ocsp_check = 1; TCN_FREE_CSTRING(cmd); TCN_FREE_CSTRING(value); -return 1; +return 1; } SSL_ERR_clear(); rc = SSL_CONF_cmd(c->cctx, J2S(cmd), buf != NULL ? buf : J2S(value)); diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 7305d72ae..73446a95d 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -141,7 +141,7 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg) const unsigned char *pos; size_t len, remaining; tcn_ssl_ctxt_t *c = (tcn_ssl_ctxt_t *) arg; - + (*javavm)->AttachCurrentThread(javavm, (void **)&env, NULL); // Continue only if the static method exists if (sni_java_callback == NULL) { @@ -161,7 +161,7 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg) */ if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &pos, &remaining) -|| remaining <= 2) +|| remaining <= 2) goto give_up; /* Extract the length of the supplied list of names. */ @@ -221,7 +221,7 @@ give_up: SSL_set_session_id_context(ssl, &(c->context_id[0]), sizeof c->context_id); } } - + } return SSL_CLIENT_HELLO_SUCCESS; } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch 1.2.x updated: Trim trailing whitespace
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new d108b0288 Trim trailing whitespace d108b0288 is described below commit d108b02885cea1d46948939883bfe02da464fdb1 Author: Michael Osipov AuthorDate: Mon Jun 26 18:00:16 2023 +0200 Trim trailing whitespace --- native/src/address.c| 2 +- native/src/info.c | 2 +- native/src/poll.c | 2 +- native/src/sslconf.c| 2 +- native/src/sslcontext.c | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/native/src/address.c b/native/src/address.c index 87a877178..af43122d6 100644 --- a/native/src/address.c +++ b/native/src/address.c @@ -46,7 +46,7 @@ TCN_IMPLEMENT_CALL(jlong, Address, info)(TCN_STDARGS, J2S(hostname), f, (apr_port_t)port, (apr_int32_t)flags, p), sa); sl = sa; -/* +/* * apr_sockaddr_info_get may return several address so this is not * go to work in some cases (but as least it works for Linux) * XXX: with AP_ENABLE_V4_MAPPED it is going to work otherwise it won't. diff --git a/native/src/info.c b/native/src/info.c index 4734e542b..01d1ae4c2 100644 --- a/native/src/info.c +++ b/native/src/info.c @@ -140,7 +140,7 @@ apr_status_t tcn_load_finfo_class(JNIEnv *e, jclass finfo) GET_FINFO_S(fname); GET_FINFO_S(name); GET_FINFO_J(filehand); - + finfo_class_init = (*e)->GetMethodID(e, finfo, "", "()V"); if (finfo_class_init == NULL) diff --git a/native/src/poll.c b/native/src/poll.c index 4414ec821..f5f2992c9 100644 --- a/native/src/poll.c +++ b/native/src/poll.c @@ -403,7 +403,7 @@ TCN_IMPLEMENT_CALL(jint, Poll, poll)(TCN_STDARGS, jlong pollset, array or as multiple pairs depending on implementation. On OSX at least, multiple pairs have been observed. In this case do not try and remove socket from the pollset for a second time else a crash - will result. */ + will result. */ if (remove) { if (s->pe) { apr_pollset_remove(p->pollset, fd); diff --git a/native/src/sslconf.c b/native/src/sslconf.c index e2ece6fe5..6ff028b66 100644 --- a/native/src/sslconf.c +++ b/native/src/sslconf.c @@ -265,7 +265,7 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong cctx, c->no_ocsp_check = 1; TCN_FREE_CSTRING(cmd); TCN_FREE_CSTRING(value); -return 1; +return 1; } SSL_ERR_clear(); rc = SSL_CONF_cmd(c->cctx, J2S(cmd), buf != NULL ? buf : J2S(value)); diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index c0541bd72..afec601c8 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -142,7 +142,7 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg) const unsigned char *pos; size_t len, remaining; tcn_ssl_ctxt_t *c = (tcn_ssl_ctxt_t *) arg; - + (*javavm)->AttachCurrentThread(javavm, (void **)&env, NULL); // Continue only if the static method exists if (sni_java_callback == NULL) { @@ -162,7 +162,7 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg) */ if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &pos, &remaining) -|| remaining <= 2) +|| remaining <= 2) goto give_up; /* Extract the length of the supplied list of names. */ @@ -222,7 +222,7 @@ give_up: SSL_set_session_id_context(ssl, &(c->context_id[0]), sizeof c->context_id); } } - + } return SSL_CLIENT_HELLO_SUCCESS; } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Align default pass phrase prompt with HTTPd
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new cea4e7e87 Align default pass phrase prompt with HTTPd cea4e7e87 is described below commit cea4e7e87749613ae639a9236d0e531d190ee8d7 Author: Michael Osipov AuthorDate: Mon Jun 26 18:05:40 2023 +0200 Align default pass phrase prompt with HTTPd --- native/include/ssl_private.h | 6 +++--- xdocs/miscellaneous/changelog.xml | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index be2397053..242ab4dd4 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -171,9 +171,9 @@ extern ENGINE *tcn_ssl_engine; || (errnum == X509_V_ERR_CERT_UNTRUSTED) \ || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) -#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for security reasons.\n" \ -"In order to read them you have to provide the pass phrases.\n" \ -"Enter password :" +#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for security reasons.\n" \ +"In order to read them you have to provide the pass phrases.\n"\ +"Enter pass phrase:" #define SSL_CIPHERS_ALWAYS_DISABLED ("!aNULL:!eNULL:!EXP:") diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 918615532..76d06de91 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -33,6 +33,9 @@ + + Align default pass phrase prompt with HTTPd. (michaelo) + Rename configure.in to modern autotools style configure.ac. (rjung) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch 1.2.x updated: Align default pass phrase prompt with HTTPd
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new 8049561c8 Align default pass phrase prompt with HTTPd 8049561c8 is described below commit 8049561c86c3270b86dfd484fd07f1e8627d6b41 Author: Michael Osipov AuthorDate: Mon Jun 26 18:05:40 2023 +0200 Align default pass phrase prompt with HTTPd --- native/include/ssl_private.h | 6 +++--- xdocs/miscellaneous/changelog.xml | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index b48f7ca84..d90bc1f4b 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -171,9 +171,9 @@ extern ENGINE *tcn_ssl_engine; || (errnum == X509_V_ERR_CERT_UNTRUSTED) \ || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) -#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for security reasons.\n" \ -"In order to read them you have to provide the pass phrases.\n" \ -"Enter password :" +#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for security reasons.\n" \ +"In order to read them you have to provide the pass phrases.\n"\ +"Enter pass phrase:" #define SSL_CIPHERS_ALWAYS_DISABLED ("!aNULL:!eNULL:!EXP:") diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 2f6d3d9a8..c4dd3694b 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -32,6 +32,9 @@ + + Align default pass phrase prompt with HTTPd. (michaelo) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Bug 66666: Remove non-reachable functions from ssl.c
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 2e865ff87 Bug 6: Remove non-reachable functions from ssl.c 2e865ff87 is described below commit 2e865ff8788b3c738170713771ba5a2ec0e2e364 Author: Michael Osipov AuthorDate: Fri Jun 23 11:09:58 2023 +0200 Bug 6: Remove non-reachable functions from ssl.c --- native/include/ssl_private.h | 1 - native/src/ssl.c | 156 +- native/src/sslutils.c | 27 +-- xdocs/miscellaneous/changelog.xml | 3 + 4 files changed, 8 insertions(+), 179 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 242ab4dd4..6c5c9d297 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -232,7 +232,6 @@ typedef struct tcn_ssl_ctxt_t tcn_ssl_ctxt_t; typedef struct { charpassword[SSL_MAX_PASSWORD_LEN]; const char *prompt; -tcn_callback_t cb; } tcn_pass_cb_t; extern tcn_pass_cb_t tcn_password_callback; diff --git a/native/src/ssl.c b/native/src/ssl.c index 53ae4b4a9..a1ab58fa0 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -45,8 +45,7 @@ static jclass stringClass; /* * supported_ssl_opts is a bitmask that contains all supported SSL_OP_* - * options at compile-time. This is used in hasOp to determine which - * SSL_OP_* options are available at runtime. + * options at compile-time. * * Note that at least up through OpenSSL 0.9.8o, checking SSL_OP_ALL will * return JNI_FALSE because SSL_OP_ALL is a mask that covers all bug @@ -301,13 +300,6 @@ static apr_status_t ssl_init_cleanup(void *data) return APR_SUCCESS; ssl_initialized = 0; -if (tcn_password_callback.cb.obj) { -JNIEnv *env; -tcn_get_java_env(&env); -TCN_UNLOAD_CLASS(env, - tcn_password_callback.cb.obj); -} - free_bio_methods(); free_dh_params(); @@ -600,37 +592,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) return (jint)APR_SUCCESS; } -TCN_IMPLEMENT_CALL(jboolean, SSL, randLoad)(TCN_STDARGS, jstring file) -{ -TCN_ALLOC_CSTRING(file); -int r; -UNREFERENCED(o); -r = SSL_rand_seed(J2S(file)); -TCN_FREE_CSTRING(file); -return r ? JNI_TRUE : JNI_FALSE; -} - -TCN_IMPLEMENT_CALL(jboolean, SSL, randSave)(TCN_STDARGS, jstring file) -{ -TCN_ALLOC_CSTRING(file); -int r; -UNREFERENCED(o); -r = ssl_rand_save_file(J2S(file)); -TCN_FREE_CSTRING(file); -return r ? JNI_TRUE : JNI_FALSE; -} - -TCN_IMPLEMENT_CALL(jboolean, SSL, randMake)(TCN_STDARGS, jstring file, -jint length, jboolean base64) -{ -TCN_ALLOC_CSTRING(file); -int r; -UNREFERENCED(o); -r = ssl_rand_make(J2S(file), length, base64); -TCN_FREE_CSTRING(file); -return r ? JNI_TRUE : JNI_FALSE; -} - TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, jstring file) { TCN_ALLOC_CSTRING(file); @@ -894,96 +855,6 @@ static BIO_METHOD *BIO_jbs() return jbs_methods; } -TCN_IMPLEMENT_CALL(jlong, SSL, newBIO)(TCN_STDARGS, jlong pool, - jobject callback) -{ -BIO *bio = NULL; -BIO_JAVA *j; -jclass cls; - -UNREFERENCED(o); - -if ((bio = BIO_new(BIO_jbs())) == NULL) { -tcn_ThrowException(e, "Create BIO failed"); -goto init_failed; -} -j = (BIO_JAVA *)BIO_get_data(bio); -if (j == NULL) { -tcn_ThrowException(e, "Create BIO failed"); -goto init_failed; -} -j->pool = J2P(pool, apr_pool_t *); -if (j->pool) { -apr_pool_cleanup_register(j->pool, (const void *)bio, - generic_bio_cleanup, - apr_pool_cleanup_null); -} - -cls = (*e)->GetObjectClass(e, callback); -j->cb.mid[0] = (*e)->GetMethodID(e, cls, "write", "([B)I"); -j->cb.mid[1] = (*e)->GetMethodID(e, cls, "read", "([B)I"); -j->cb.mid[2] = (*e)->GetMethodID(e, cls, "puts", "(Ljava/lang/String;)I"); -j->cb.mid[3] = (*e)->GetMethodID(e, cls, "gets", "(I)Ljava/lang/String;"); -/* TODO: Check if method id's are valid */ -j->cb.obj= (*e)->NewGlobalRef(e, callback); - -BIO_set_init(bio, 1); -BIO_set_flags(bio, SSL_BIO_FLAG_CALLBACK); -return P2J(bio); -init_failed: -return 0; -} - -TCN_IMPLEMENT_CALL(jint, SSL, closeBIO)(TCN_STDARGS, jlong bio) -{ -BIO *b = J2P(bio, BIO *); -UNREFERENCED_STDARGS; -SSL_BIO_close(b); -return APR_SUCCESS; -} - -TCN_IMPLEMENT_CALL(void, SSL, setPasswordCallback)(TCN_STDARGS,
[tomcat] 01/02: Add BZ issue ID
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit ecca27f193585ff7b4bd17a1739fa0d59138b02c Author: Michael Osipov AuthorDate: Thu Jun 29 11:22:38 2023 +0200 Add BZ issue ID --- webapps/docs/changelog.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 537749e57a..dd909b6b1a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -108,7 +108,8 @@ -Add org.apache.catalina.core.ContextNamingInfoListener, +59232: Add +org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (d1f0c34b18 -> c8adc4c486)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from d1f0c34b18 Pull up as default method since it avoids API compatibility issues new ecca27f193 Add BZ issue ID new c8adc4c486 Bug 5: Provide option to supply role mapping from a properties file The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/catalina/core/LocalStrings.properties | 7 + .../core/PropertiesRoleMappingListener.java| 168 + .../core/TestPropertiesRoleMappingListener.java| 168 + .../com/example/prefixed-role-mapping.properties | 2 + .../classes/com/example/role-mapping.properties| 2 + .../WEB-INF/prefixed-role-mapping.properties | 2 + .../WEB-INF/role-mapping.properties| 2 + test/webapp-role-mapping/admin | 1 + test/webapp-role-mapping/unmapped | 1 + test/webapp-role-mapping/user | 1 + webapps/docs/changelog.xml | 9 +- webapps/docs/config/listeners.xml | 31 12 files changed, 393 insertions(+), 1 deletion(-) create mode 100644 java/org/apache/catalina/core/PropertiesRoleMappingListener.java create mode 100644 test/org/apache/catalina/core/TestPropertiesRoleMappingListener.java create mode 100644 test/webapp-role-mapping/WEB-INF/classes/com/example/prefixed-role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/classes/com/example/role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/prefixed-role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/role-mapping.properties create mode 100644 test/webapp-role-mapping/admin create mode 100644 test/webapp-role-mapping/unmapped create mode 100644 test/webapp-role-mapping/user - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Bug 66665: Provide option to supply role mapping from a properties file
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit c8adc4c4869f432b900606ae52a89e54c324f3dd Author: Michael Osipov AuthorDate: Fri Jun 23 15:07:25 2023 +0200 Bug 5: Provide option to supply role mapping from a properties file --- .../apache/catalina/core/LocalStrings.properties | 7 + .../core/PropertiesRoleMappingListener.java| 168 + .../core/TestPropertiesRoleMappingListener.java| 168 + .../com/example/prefixed-role-mapping.properties | 2 + .../classes/com/example/role-mapping.properties| 2 + .../WEB-INF/prefixed-role-mapping.properties | 2 + .../WEB-INF/role-mapping.properties| 2 + test/webapp-role-mapping/admin | 1 + test/webapp-role-mapping/unmapped | 1 + test/webapp-role-mapping/user | 1 + webapps/docs/changelog.xml | 6 + webapps/docs/config/listeners.xml | 31 12 files changed, 391 insertions(+) diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties index 66e5067aac..aa6e810ba7 100644 --- a/java/org/apache/catalina/core/LocalStrings.properties +++ b/java/org/apache/catalina/core/LocalStrings.properties @@ -164,6 +164,13 @@ noPluggabilityServletContext.notAllowed=Section 4.4 of the Servlet 3.0 specifica pushBuilder.noPath=It is illegal to call push() before setting a path +propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be null +propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be empty +propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file [{0}] not found +propertiesRoleMappingListener.roleMappingFileFail=Failed to load role mapping file [{0}] +propertiesRoleMappingListener.linkedRole=Successfully linked application role [{0}] to technical role [{1}] +propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles to technical roles + standardContext.applicationListener=Error configuring application listener of class [{0}] standardContext.applicationSkipped=Skipped installing application listeners due to previous error(s) standardContext.backgroundProcess.instanceManager=Exception processing instance manager [{0}] background process diff --git a/java/org/apache/catalina/core/PropertiesRoleMappingListener.java b/java/org/apache/catalina/core/PropertiesRoleMappingListener.java new file mode 100644 index 00..60b135d27f --- /dev/null +++ b/java/org/apache/catalina/core/PropertiesRoleMappingListener.java @@ -0,0 +1,168 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.core; + +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.util.Map.Entry; +import java.util.Objects; +import java.util.Properties; + +import org.apache.catalina.Context; +import org.apache.catalina.Lifecycle; +import org.apache.catalina.LifecycleEvent; +import org.apache.catalina.LifecycleListener; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.file.ConfigFileLoader; +import org.apache.tomcat.util.res.StringManager; + +/** + * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file. + * + * This listener must only be nested within {@link Context} elements. + * + * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles + * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic + * application configuration as well: {@code app-roles.}. + * + * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}. + */ +public class PropertiesRoleMappingListener implements LifecycleListener { + +private static final String WEBAPP_PROTOCOL = "webapp:";
[tomcat] 02/02: Bug 66665: Provide option to supply role mapping from a properties file
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 6cb448a3f2ac4d936a01098fb032f32cac9960e4 Author: Michael Osipov AuthorDate: Fri Jun 23 15:07:25 2023 +0200 Bug 5: Provide option to supply role mapping from a properties file --- .../apache/catalina/core/LocalStrings.properties | 7 + .../core/PropertiesRoleMappingListener.java| 168 + .../core/TestPropertiesRoleMappingListener.java| 168 + .../com/example/prefixed-role-mapping.properties | 2 + .../classes/com/example/role-mapping.properties| 2 + .../WEB-INF/prefixed-role-mapping.properties | 2 + .../WEB-INF/role-mapping.properties| 2 + test/webapp-role-mapping/admin | 1 + test/webapp-role-mapping/unmapped | 1 + test/webapp-role-mapping/user | 1 + webapps/docs/changelog.xml | 6 + webapps/docs/config/listeners.xml | 31 12 files changed, 391 insertions(+) diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties index c5ab4a3506..7e419226f0 100644 --- a/java/org/apache/catalina/core/LocalStrings.properties +++ b/java/org/apache/catalina/core/LocalStrings.properties @@ -164,6 +164,13 @@ noPluggabilityServletContext.notAllowed=Section 4.4 of the Servlet 3.0 specifica pushBuilder.noPath=It is illegal to call push() before setting a path +propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be null +propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be empty +propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file [{0}] not found +propertiesRoleMappingListener.roleMappingFileFail=Failed to load role mapping file [{0}] +propertiesRoleMappingListener.linkedRole=Successfully linked application role [{0}] to technical role [{1}] +propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles to technical roles + standardContext.applicationListener=Error configuring application listener of class [{0}] standardContext.applicationSkipped=Skipped installing application listeners due to previous error(s) standardContext.backgroundProcess.instanceManager=Exception processing instance manager [{0}] background process diff --git a/java/org/apache/catalina/core/PropertiesRoleMappingListener.java b/java/org/apache/catalina/core/PropertiesRoleMappingListener.java new file mode 100644 index 00..60b135d27f --- /dev/null +++ b/java/org/apache/catalina/core/PropertiesRoleMappingListener.java @@ -0,0 +1,168 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.core; + +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.util.Map.Entry; +import java.util.Objects; +import java.util.Properties; + +import org.apache.catalina.Context; +import org.apache.catalina.Lifecycle; +import org.apache.catalina.LifecycleEvent; +import org.apache.catalina.LifecycleListener; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.file.ConfigFileLoader; +import org.apache.tomcat.util.res.StringManager; + +/** + * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file. + * + * This listener must only be nested within {@link Context} elements. + * + * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles + * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic + * application configuration as well: {@code app-roles.}. + * + * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}. + */ +public class PropertiesRoleMappingListener implements LifecycleListener { + +private static final String WEBAPP_PROTOCOL = "webapp:";
[tomcat] branch 10.1.x updated (26555450d3 -> 6cb448a3f2)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from 26555450d3 Improve Javadoc new 6e435d8ae4 Add BZ issue ID new 6cb448a3f2 Bug 5: Provide option to supply role mapping from a properties file The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/catalina/core/LocalStrings.properties | 7 + .../core/PropertiesRoleMappingListener.java| 168 + .../core/TestPropertiesRoleMappingListener.java| 168 + .../com/example/prefixed-role-mapping.properties | 2 + .../classes/com/example/role-mapping.properties| 2 + .../WEB-INF/prefixed-role-mapping.properties | 2 + .../WEB-INF/role-mapping.properties| 2 + test/webapp-role-mapping/admin | 1 + test/webapp-role-mapping/unmapped | 1 + test/webapp-role-mapping/user | 1 + webapps/docs/changelog.xml | 9 +- webapps/docs/config/listeners.xml | 31 12 files changed, 393 insertions(+), 1 deletion(-) create mode 100644 java/org/apache/catalina/core/PropertiesRoleMappingListener.java create mode 100644 test/org/apache/catalina/core/TestPropertiesRoleMappingListener.java create mode 100644 test/webapp-role-mapping/WEB-INF/classes/com/example/prefixed-role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/classes/com/example/role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/prefixed-role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/role-mapping.properties create mode 100644 test/webapp-role-mapping/admin create mode 100644 test/webapp-role-mapping/unmapped create mode 100644 test/webapp-role-mapping/user - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Add BZ issue ID
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 6e435d8ae45fbf9f35845173eddf58228153575c Author: Michael Osipov AuthorDate: Thu Jun 29 11:22:38 2023 +0200 Add BZ issue ID --- webapps/docs/changelog.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 751a70e277..6d65651c81 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -108,7 +108,8 @@ -Add org.apache.catalina.core.ContextNamingInfoListener, +59232: Add +org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Bug 66665: Provide option to supply role mapping from a properties file
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit e393ce35cb769c3e54d0904db3ec349efb53ffbc Author: Michael Osipov AuthorDate: Fri Jun 23 15:07:25 2023 +0200 Bug 5: Provide option to supply role mapping from a properties file --- .../apache/catalina/core/LocalStrings.properties | 7 + .../core/PropertiesRoleMappingListener.java| 168 + .../core/TestPropertiesRoleMappingListener.java| 168 + .../com/example/prefixed-role-mapping.properties | 2 + .../classes/com/example/role-mapping.properties| 2 + .../WEB-INF/prefixed-role-mapping.properties | 2 + .../WEB-INF/role-mapping.properties| 2 + test/webapp-role-mapping/admin | 1 + test/webapp-role-mapping/unmapped | 1 + test/webapp-role-mapping/user | 1 + webapps/docs/changelog.xml | 6 + webapps/docs/config/listeners.xml | 31 12 files changed, 391 insertions(+) diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties index d1a5762c84..744a93b31b 100644 --- a/java/org/apache/catalina/core/LocalStrings.properties +++ b/java/org/apache/catalina/core/LocalStrings.properties @@ -170,6 +170,13 @@ noPluggabilityServletContext.notAllowed=Section 4.4 of the Servlet 3.0 specifica pushBuilder.noPath=It is illegal to call push() before setting a path +propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be null +propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be empty +propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file [{0}] not found +propertiesRoleMappingListener.roleMappingFileFail=Failed to load role mapping file [{0}] +propertiesRoleMappingListener.linkedRole=Successfully linked application role [{0}] to technical role [{1}] +propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles to technical roles + standardContext.applicationListener=Error configuring application listener of class [{0}] standardContext.applicationSkipped=Skipped installing application listeners due to previous error(s) standardContext.backgroundProcess.instanceManager=Exception processing instance manager [{0}] background process diff --git a/java/org/apache/catalina/core/PropertiesRoleMappingListener.java b/java/org/apache/catalina/core/PropertiesRoleMappingListener.java new file mode 100644 index 00..60b135d27f --- /dev/null +++ b/java/org/apache/catalina/core/PropertiesRoleMappingListener.java @@ -0,0 +1,168 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.core; + +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.util.Map.Entry; +import java.util.Objects; +import java.util.Properties; + +import org.apache.catalina.Context; +import org.apache.catalina.Lifecycle; +import org.apache.catalina.LifecycleEvent; +import org.apache.catalina.LifecycleListener; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.file.ConfigFileLoader; +import org.apache.tomcat.util.res.StringManager; + +/** + * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file. + * + * This listener must only be nested within {@link Context} elements. + * + * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles + * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic + * application configuration as well: {@code app-roles.}. + * + * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}. + */ +public class PropertiesRoleMappingListener implements LifecycleListener { + +private static final String WEBAPP_PROTOCOL = "webapp:";
[tomcat] branch 9.0.x updated (b00c5c80b4 -> e393ce35cb)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from b00c5c80b4 Improve Javadoc new 4480ff33ff Add BZ issue ID new e393ce35cb Bug 5: Provide option to supply role mapping from a properties file The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/catalina/core/LocalStrings.properties | 7 + .../core/PropertiesRoleMappingListener.java| 168 + .../core/TestPropertiesRoleMappingListener.java| 168 + .../com/example/prefixed-role-mapping.properties | 2 + .../classes/com/example/role-mapping.properties| 2 + .../WEB-INF/prefixed-role-mapping.properties | 2 + .../WEB-INF/role-mapping.properties| 2 + test/webapp-role-mapping/admin | 1 + test/webapp-role-mapping/unmapped | 1 + test/webapp-role-mapping/user | 1 + webapps/docs/changelog.xml | 9 +- webapps/docs/config/listeners.xml | 31 12 files changed, 393 insertions(+), 1 deletion(-) create mode 100644 java/org/apache/catalina/core/PropertiesRoleMappingListener.java create mode 100644 test/org/apache/catalina/core/TestPropertiesRoleMappingListener.java create mode 100644 test/webapp-role-mapping/WEB-INF/classes/com/example/prefixed-role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/classes/com/example/role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/prefixed-role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/role-mapping.properties create mode 100644 test/webapp-role-mapping/admin create mode 100644 test/webapp-role-mapping/unmapped create mode 100644 test/webapp-role-mapping/user - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated (54ff8b3240 -> 5ae93dda3d)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from 54ff8b3240 Improve Javadoc new d936b70589 Add BZ issue ID new 5ae93dda3d Bug 5: Provide option to supply role mapping from a properties file The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/catalina/core/LocalStrings.properties | 7 + .../core/PropertiesRoleMappingListener.java| 168 + .../core/TestPropertiesRoleMappingListener.java| 168 + .../com/example/prefixed-role-mapping.properties | 2 + .../classes/com/example/role-mapping.properties| 2 + .../WEB-INF/prefixed-role-mapping.properties | 2 + .../WEB-INF/role-mapping.properties| 2 + test/webapp-role-mapping/admin | 1 + test/webapp-role-mapping/unmapped | 1 + test/webapp-role-mapping/user | 1 + webapps/docs/changelog.xml | 9 +- webapps/docs/config/listeners.xml | 31 12 files changed, 393 insertions(+), 1 deletion(-) create mode 100644 java/org/apache/catalina/core/PropertiesRoleMappingListener.java create mode 100644 test/org/apache/catalina/core/TestPropertiesRoleMappingListener.java create mode 100644 test/webapp-role-mapping/WEB-INF/classes/com/example/prefixed-role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/classes/com/example/role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/prefixed-role-mapping.properties create mode 100644 test/webapp-role-mapping/WEB-INF/role-mapping.properties create mode 100644 test/webapp-role-mapping/admin create mode 100644 test/webapp-role-mapping/unmapped create mode 100644 test/webapp-role-mapping/user - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Bug 66665: Provide option to supply role mapping from a properties file
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 5ae93dda3d7e2834666f9c223dcf90db830c2193 Author: Michael Osipov AuthorDate: Fri Jun 23 15:07:25 2023 +0200 Bug 5: Provide option to supply role mapping from a properties file --- .../apache/catalina/core/LocalStrings.properties | 7 + .../core/PropertiesRoleMappingListener.java| 168 + .../core/TestPropertiesRoleMappingListener.java| 168 + .../com/example/prefixed-role-mapping.properties | 2 + .../classes/com/example/role-mapping.properties| 2 + .../WEB-INF/prefixed-role-mapping.properties | 2 + .../WEB-INF/role-mapping.properties| 2 + test/webapp-role-mapping/admin | 1 + test/webapp-role-mapping/unmapped | 1 + test/webapp-role-mapping/user | 1 + webapps/docs/changelog.xml | 6 + webapps/docs/config/listeners.xml | 31 12 files changed, 391 insertions(+) diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties index 98accac8e3..47ccb88279 100644 --- a/java/org/apache/catalina/core/LocalStrings.properties +++ b/java/org/apache/catalina/core/LocalStrings.properties @@ -173,6 +173,13 @@ noPluggabilityServletContext.notAllowed=Section 4.4 of the Servlet 3.0 specifica pushBuilder.noPath=It is illegal to call push() before setting a path +propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be null +propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be empty +propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file [{0}] not found +propertiesRoleMappingListener.roleMappingFileFail=Failed to load role mapping file [{0}] +propertiesRoleMappingListener.linkedRole=Successfully linked application role [{0}] to technical role [{1}] +propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles to technical roles + standardContext.applicationListener=Error configuring application listener of class [{0}] standardContext.applicationSkipped=Skipped installing application listeners due to previous error(s) standardContext.backgroundProcess.instanceManager=Exception processing instance manager [{0}] background process diff --git a/java/org/apache/catalina/core/PropertiesRoleMappingListener.java b/java/org/apache/catalina/core/PropertiesRoleMappingListener.java new file mode 100644 index 00..60b135d27f --- /dev/null +++ b/java/org/apache/catalina/core/PropertiesRoleMappingListener.java @@ -0,0 +1,168 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.core; + +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.util.Map.Entry; +import java.util.Objects; +import java.util.Properties; + +import org.apache.catalina.Context; +import org.apache.catalina.Lifecycle; +import org.apache.catalina.LifecycleEvent; +import org.apache.catalina.LifecycleListener; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.file.ConfigFileLoader; +import org.apache.tomcat.util.res.StringManager; + +/** + * Implementation of {@code LifecycleListener} that will populate the context's role mapping from a properties file. + * + * This listener must only be nested within {@link Context} elements. + * + * The keys represent application roles (e.g., admin, user, uservisor, etc.) while the values represent technical roles + * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the properties file contains generic + * application configuration as well: {@code app-roles.}. + * + * Note: The default value for the {@code roleMappingFile} is {@code webapp:/WEB-INF/role-mapping.properties}. + */ +public class PropertiesRoleMappingListener implements LifecycleListener { + +private static final String WEBAPP_PROTOCOL = "webapp:";
[tomcat] 01/02: Add BZ issue ID
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit d936b7058990a749414161fb38250cca9593669e Author: Michael Osipov AuthorDate: Thu Jun 29 11:22:38 2023 +0200 Add BZ issue ID --- webapps/docs/changelog.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index a47a8898d1..e8934b7e27 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -108,7 +108,8 @@ -Add org.apache.catalina.core.ContextNamingInfoListener, +59232: Add +org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Add BZ issue ID
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 4480ff33ff30413993c2773564164f72ae07b76d Author: Michael Osipov AuthorDate: Thu Jun 29 11:22:38 2023 +0200 Add BZ issue ID --- webapps/docs/changelog.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index e28909a12b..605533ba40 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -108,7 +108,8 @@ -Add org.apache.catalina.core.ContextNamingInfoListener, +59232: Add +org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Align PropertiesRoleMappingListener for API difference
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new d79954dfc7 Align PropertiesRoleMappingListener for API difference d79954dfc7 is described below commit d79954dfc7171417231eaaa0ec6586e50f69f8e6 Author: Michael Osipov AuthorDate: Thu Jun 29 12:27:59 2023 +0200 Align PropertiesRoleMappingListener for API difference --- java/org/apache/catalina/core/PropertiesRoleMappingListener.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/core/PropertiesRoleMappingListener.java b/java/org/apache/catalina/core/PropertiesRoleMappingListener.java index 60b135d27f..2dc44e9adb 100644 --- a/java/org/apache/catalina/core/PropertiesRoleMappingListener.java +++ b/java/org/apache/catalina/core/PropertiesRoleMappingListener.java @@ -115,7 +115,7 @@ public class PropertiesRoleMappingListener implements LifecycleListener { is = context.getServletContext().getResourceAsStream(path); } else { try { -is = ConfigFileLoader.getSource().getResource(roleMappingFile).getInputStream(); +is = ConfigFileLoader.getInputStream(roleMappingFile); } catch (FileNotFoundException e1) { is = null; } catch (IOException e2) { - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Remove used property
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new b9a8bd4fda Remove used property b9a8bd4fda is described below commit b9a8bd4fdaf31b0cc08cc72f95c802d35bb885f2 Author: Michael Osipov AuthorDate: Fri Jun 30 13:24:02 2023 +0200 Remove used property --- java/org/apache/catalina/core/LocalStrings.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties index aa6e810ba7..fd59aa65dc 100644 --- a/java/org/apache/catalina/core/LocalStrings.properties +++ b/java/org/apache/catalina/core/LocalStrings.properties @@ -166,7 +166,6 @@ pushBuilder.noPath=It is illegal to call push() before setting a path propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be null propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be empty -propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file [{0}] not found propertiesRoleMappingListener.roleMappingFileFail=Failed to load role mapping file [{0}] propertiesRoleMappingListener.linkedRole=Successfully linked application role [{0}] to technical role [{1}] propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles to technical roles - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Remove used property
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 8b1833f75b Remove used property 8b1833f75b is described below commit 8b1833f75bfce59a05791dede5eb9904b51da3da Author: Michael Osipov AuthorDate: Fri Jun 30 13:24:02 2023 +0200 Remove used property --- java/org/apache/catalina/core/LocalStrings.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties index a45cfbff54..44cd9a37a5 100644 --- a/java/org/apache/catalina/core/LocalStrings.properties +++ b/java/org/apache/catalina/core/LocalStrings.properties @@ -166,7 +166,6 @@ propertiesRoleMappingListener.linkedRole=Successfully linked application role [{ propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles to technical roles propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be empty propertiesRoleMappingListener.roleMappingFileFail=Failed to load role mapping file [{0}] -propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file [{0}] not found propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be null pushBuilder.noPath=It is illegal to call push() before setting a path - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Remove used property
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 0df28a6201 Remove used property 0df28a6201 is described below commit 0df28a6201defbce8b835e9336d260b4574fc6e3 Author: Michael Osipov AuthorDate: Fri Jun 30 13:24:02 2023 +0200 Remove used property --- java/org/apache/catalina/core/LocalStrings.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties index 8f71f2d9b6..4d72b24c78 100644 --- a/java/org/apache/catalina/core/LocalStrings.properties +++ b/java/org/apache/catalina/core/LocalStrings.properties @@ -172,7 +172,6 @@ propertiesRoleMappingListener.linkedRole=Successfully linked application role [{ propertiesRoleMappingListener.linkedRoleCount=Linked [{0}] application roles to technical roles propertiesRoleMappingListener.roleMappingFileEmpty=Role mapping file cannot be empty propertiesRoleMappingListener.roleMappingFileFail=Failed to load role mapping file [{0}] -propertiesRoleMappingListener.roleMappingFileNotFound=Role mapping file [{0}] not found propertiesRoleMappingListener.roleMappingFileNull=Role mapping file cannot be null pushBuilder.noPath=It is illegal to call push() before setting a path - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Mark request as forwarded in RemoteIpValve/RemoteIpFilter
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch mark-forwarded-request/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 2eeb813dad2bcda58959b6eeea468d41f998f57b Author: Michael Osipov AuthorDate: Tue Jul 9 14:59:09 2019 +0200 Mark request as forwarded in RemoteIpValve/RemoteIpFilter --- java/org/apache/catalina/Globals.java | 10 .../apache/catalina/filters/RemoteIpFilter.java| 4 +++ java/org/apache/catalina/valves/RemoteIpValve.java | 4 +++ java/org/apache/coyote/Constants.java | 8 ++ .../catalina/filters/TestRemoteIpFilter.java | 23 + .../apache/catalina/valves/TestRemoteIpValve.java | 30 ++ webapps/docs/changelog.xml | 7 + 7 files changed, 86 insertions(+) diff --git a/java/org/apache/catalina/Globals.java b/java/org/apache/catalina/Globals.java index 8801724..edf91a0 100644 --- a/java/org/apache/catalina/Globals.java +++ b/java/org/apache/catalina/Globals.java @@ -199,6 +199,16 @@ public final class Globals { org.apache.coyote.Constants.REMOTE_ADDR_ATTRIBUTE; +/** + * The request attribute set by the RemoteIpFilter, RemoteIpValve (and may + * be set by other similar components) that identifies this request has been + * forwarded via one or more proxies. The value should be {@code java.lang.Boolean}. + * Absence shall be treated as {@code false}. + */ +public static final String FORWARDED_REQUEST_ATTRIBUTE = +org.apache.coyote.Constants.FORWARDED_REQUEST_ATTRIBUTE; + + public static final String ASYNC_SUPPORTED_ATTR = "org.apache.catalina.ASYNC_SUPPORTED"; diff --git a/java/org/apache/catalina/filters/RemoteIpFilter.java b/java/org/apache/catalina/filters/RemoteIpFilter.java index 20b4abd..f416f60 100644 --- a/java/org/apache/catalina/filters/RemoteIpFilter.java +++ b/java/org/apache/catalina/filters/RemoteIpFilter.java @@ -85,6 +85,8 @@ import org.apache.juli.logging.LogFactory; * protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true, * request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the * $httpsServerPort configuration parameter. + * Mark the request with the attribute {@link Globals#FORWARDED_REQUEST_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate + * that this request has been forwarded by one or more proxies. * * * Configuration parameters @@ -860,6 +862,8 @@ public class RemoteIpFilter implements Filter { } } +request.setAttribute(Globals.FORWARDED_REQUEST_ATTRIBUTE, Boolean.TRUE); + if (log.isDebugEnabled()) { log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + request.getRemoteAddr() + "', originalRemoteHost='" + request.getRemoteHost() + "', originalSecure='" + request.isSecure() diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java index 145b095..9e78c0f 100644 --- a/java/org/apache/catalina/valves/RemoteIpValve.java +++ b/java/org/apache/catalina/valves/RemoteIpValve.java @@ -64,6 +64,8 @@ import org.apache.tomcat.util.http.MimeHeaders; * protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true, * request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the * $httpsServerPort configuration parameter. + * Mark the request with the attribute {@link Globals#FORWARDED_REQUEST_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate + * that this request has been forwarded by one or more proxies. * * * Configuration parameters @@ -651,6 +653,8 @@ public class RemoteIpValve extends ValveBase { } } +request.setAttribute(Globals.FORWARDED_REQUEST_ATTRIBUTE, Boolean.TRUE); + if (log.isDebugEnabled()) { log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + originalRemoteAddr + "', originalRemoteHost='" + originalRemoteHost + "', originalSecure='" + originalSecure + "', originalScheme='" diff --git a/java/org/apache/coyote/Constants.java b/java/org/apache/coyote/Constants.java index 9de194d..58fa1e5 100644 --- a/java/org/apache/coyote/Constants.java +++ b/java/org/apache/coyote/Constants.java @@ -111,4 +111,12 @@ public final class Constants { * the X-Forwarded-For HTTP header. */ public static final String REMOTE_ADDR_ATTRIBUTE = "org.apache.tomcat.remoteAddr"; + +/** + * The request attribute set
[tomcat] 02/02: Better attribute name
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch mark-forwarded-request/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 644af221e5cb8e6a17327c9a4319a69a2d1dc305 Author: Michael Osipov AuthorDate: Tue Jul 9 15:53:36 2019 +0200 Better attribute name --- java/org/apache/catalina/Globals.java| 11 +-- java/org/apache/catalina/filters/RemoteIpFilter.java | 2 +- java/org/apache/catalina/valves/RemoteIpValve.java | 4 ++-- java/org/apache/coyote/Constants.java| 9 - test/org/apache/catalina/filters/TestRemoteIpFilter.java | 4 ++-- test/org/apache/catalina/valves/TestRemoteIpValve.java | 4 ++-- 6 files changed, 16 insertions(+), 18 deletions(-) diff --git a/java/org/apache/catalina/Globals.java b/java/org/apache/catalina/Globals.java index edf91a0..7ce8209 100644 --- a/java/org/apache/catalina/Globals.java +++ b/java/org/apache/catalina/Globals.java @@ -200,13 +200,12 @@ public final class Globals { /** - * The request attribute set by the RemoteIpFilter, RemoteIpValve (and may - * be set by other similar components) that identifies this request has been - * forwarded via one or more proxies. The value should be {@code java.lang.Boolean}. - * Absence shall be treated as {@code false}. + * The request attribute that is set to the value of {@code Boolean.TRUE} + * by the RemoteIpFilter, RemoteIpValve (and other similar components) that identifies + * a request which been forwarded via one or more proxies. */ -public static final String FORWARDED_REQUEST_ATTRIBUTE = -org.apache.coyote.Constants.FORWARDED_REQUEST_ATTRIBUTE; +public static final String REQUEST_FORWARDED_ATTRIBUTE = +org.apache.coyote.Constants.REQUEST_FORWARDED_ATTRIBUTE; public static final String ASYNC_SUPPORTED_ATTR = diff --git a/java/org/apache/catalina/filters/RemoteIpFilter.java b/java/org/apache/catalina/filters/RemoteIpFilter.java index f416f60..423b561 100644 --- a/java/org/apache/catalina/filters/RemoteIpFilter.java +++ b/java/org/apache/catalina/filters/RemoteIpFilter.java @@ -85,7 +85,7 @@ import org.apache.juli.logging.LogFactory; * protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true, * request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the * $httpsServerPort configuration parameter. - * Mark the request with the attribute {@link Globals#FORWARDED_REQUEST_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate + * Mark the request with the attribute {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate * that this request has been forwarded by one or more proxies. * * diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java index 9e78c0f..cd08cc7 100644 --- a/java/org/apache/catalina/valves/RemoteIpValve.java +++ b/java/org/apache/catalina/valves/RemoteIpValve.java @@ -64,7 +64,7 @@ import org.apache.tomcat.util.http.MimeHeaders; * protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true, * request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the * $httpsServerPort configuration parameter. - * Mark the request with the attribute {@link Globals#FORWARDED_REQUEST_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate + * Mark the request with the attribute {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate * that this request has been forwarded by one or more proxies. * * @@ -653,7 +653,7 @@ public class RemoteIpValve extends ValveBase { } } -request.setAttribute(Globals.FORWARDED_REQUEST_ATTRIBUTE, Boolean.TRUE); +request.setAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE, Boolean.TRUE); if (log.isDebugEnabled()) { log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + originalRemoteAddr diff --git a/java/org/apache/coyote/Constants.java b/java/org/apache/coyote/Constants.java index 58fa1e5..898068a 100644 --- a/java/org/apache/coyote/Constants.java +++ b/java/org/apache/coyote/Constants.java @@ -113,10 +113,9 @@ public final class Constants { public static final String REMOTE_ADDR_ATTRIBUTE = "org.apache.tomcat.remoteAddr"; /** - * The request attribute set by the RemoteIpFilter, RemoteIpValve (and may - * be set by other similar components) that identifies this request has been - * forwarded via one or more proxies. The value should be {@code java.lang.Boolean}. - * Absence shall be treated as {@code false}. + * The request attribute that is set to the value of {@code Boolean.
[tomcat] branch mark-forwarded-request/8.5.x created (now 644af22)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch mark-forwarded-request/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 644af22 Better attribute name This branch includes the following new commits: new 2eeb813 Mark request as forwarded in RemoteIpValve/RemoteIpFilter new 644af22 Better attribute name The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Mark request as forwarded in RemoteIpValve/RemoteIpFilter
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch mark-forwarded-request/9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit c5b816d6887b311d76101097d9343c34543a2ac9 Author: Michael Osipov AuthorDate: Tue Jul 9 14:59:09 2019 +0200 Mark request as forwarded in RemoteIpValve/RemoteIpFilter --- java/org/apache/catalina/Globals.java | 10 .../apache/catalina/filters/RemoteIpFilter.java| 4 +++ java/org/apache/catalina/valves/RemoteIpValve.java | 4 +++ java/org/apache/coyote/Constants.java | 8 ++ .../catalina/filters/TestRemoteIpFilter.java | 23 + .../apache/catalina/valves/TestRemoteIpValve.java | 30 ++ webapps/docs/changelog.xml | 7 + 7 files changed, 86 insertions(+) diff --git a/java/org/apache/catalina/Globals.java b/java/org/apache/catalina/Globals.java index 8801724..edf91a0 100644 --- a/java/org/apache/catalina/Globals.java +++ b/java/org/apache/catalina/Globals.java @@ -199,6 +199,16 @@ public final class Globals { org.apache.coyote.Constants.REMOTE_ADDR_ATTRIBUTE; +/** + * The request attribute set by the RemoteIpFilter, RemoteIpValve (and may + * be set by other similar components) that identifies this request has been + * forwarded via one or more proxies. The value should be {@code java.lang.Boolean}. + * Absence shall be treated as {@code false}. + */ +public static final String FORWARDED_REQUEST_ATTRIBUTE = +org.apache.coyote.Constants.FORWARDED_REQUEST_ATTRIBUTE; + + public static final String ASYNC_SUPPORTED_ATTR = "org.apache.catalina.ASYNC_SUPPORTED"; diff --git a/java/org/apache/catalina/filters/RemoteIpFilter.java b/java/org/apache/catalina/filters/RemoteIpFilter.java index 5c04858..82a9626 100644 --- a/java/org/apache/catalina/filters/RemoteIpFilter.java +++ b/java/org/apache/catalina/filters/RemoteIpFilter.java @@ -82,6 +82,8 @@ import org.apache.tomcat.util.res.StringManager; * protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true, * request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the * $httpsServerPort configuration parameter. + * Mark the request with the attribute {@link Globals#FORWARDED_REQUEST_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate + * that this request has been forwarded by one or more proxies. * * * Configuration parameters @@ -820,6 +822,8 @@ public class RemoteIpFilter extends GenericFilter { } } +request.setAttribute(Globals.FORWARDED_REQUEST_ATTRIBUTE, Boolean.TRUE); + if (log.isDebugEnabled()) { log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + request.getRemoteAddr() + "', originalRemoteHost='" + request.getRemoteHost() + "', originalSecure='" + request.isSecure() diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java index 145b095..9e78c0f 100644 --- a/java/org/apache/catalina/valves/RemoteIpValve.java +++ b/java/org/apache/catalina/valves/RemoteIpValve.java @@ -64,6 +64,8 @@ import org.apache.tomcat.util.http.MimeHeaders; * protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true, * request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the * $httpsServerPort configuration parameter. + * Mark the request with the attribute {@link Globals#FORWARDED_REQUEST_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate + * that this request has been forwarded by one or more proxies. * * * Configuration parameters @@ -651,6 +653,8 @@ public class RemoteIpValve extends ValveBase { } } +request.setAttribute(Globals.FORWARDED_REQUEST_ATTRIBUTE, Boolean.TRUE); + if (log.isDebugEnabled()) { log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + originalRemoteAddr + "', originalRemoteHost='" + originalRemoteHost + "', originalSecure='" + originalSecure + "', originalScheme='" diff --git a/java/org/apache/coyote/Constants.java b/java/org/apache/coyote/Constants.java index 1475ba7..6ed3172 100644 --- a/java/org/apache/coyote/Constants.java +++ b/java/org/apache/coyote/Constants.java @@ -96,4 +96,12 @@ public final class Constants { * the X-Forwarded-For HTTP header. */ public static final String REMOTE_ADDR_ATTRIBUTE = "org.apache.tomcat.remoteAddr"; + +/** + * The request attrib
[tomcat] branch mark-forwarded-request/9.0.x created (now 7993b8b)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch mark-forwarded-request/9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 7993b8b Better attribute name This branch includes the following new commits: new c5b816d Mark request as forwarded in RemoteIpValve/RemoteIpFilter new 7993b8b Better attribute name The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Better attribute name
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch mark-forwarded-request/9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 7993b8b00f842141050ef65b5bedafeb33297e37 Author: Michael Osipov AuthorDate: Tue Jul 9 15:53:36 2019 +0200 Better attribute name --- java/org/apache/catalina/Globals.java| 11 +-- java/org/apache/catalina/filters/RemoteIpFilter.java | 2 +- java/org/apache/catalina/valves/RemoteIpValve.java | 4 ++-- java/org/apache/coyote/Constants.java| 9 - test/org/apache/catalina/filters/TestRemoteIpFilter.java | 4 ++-- test/org/apache/catalina/valves/TestRemoteIpValve.java | 4 ++-- 6 files changed, 16 insertions(+), 18 deletions(-) diff --git a/java/org/apache/catalina/Globals.java b/java/org/apache/catalina/Globals.java index edf91a0..7ce8209 100644 --- a/java/org/apache/catalina/Globals.java +++ b/java/org/apache/catalina/Globals.java @@ -200,13 +200,12 @@ public final class Globals { /** - * The request attribute set by the RemoteIpFilter, RemoteIpValve (and may - * be set by other similar components) that identifies this request has been - * forwarded via one or more proxies. The value should be {@code java.lang.Boolean}. - * Absence shall be treated as {@code false}. + * The request attribute that is set to the value of {@code Boolean.TRUE} + * by the RemoteIpFilter, RemoteIpValve (and other similar components) that identifies + * a request which been forwarded via one or more proxies. */ -public static final String FORWARDED_REQUEST_ATTRIBUTE = -org.apache.coyote.Constants.FORWARDED_REQUEST_ATTRIBUTE; +public static final String REQUEST_FORWARDED_ATTRIBUTE = +org.apache.coyote.Constants.REQUEST_FORWARDED_ATTRIBUTE; public static final String ASYNC_SUPPORTED_ATTR = diff --git a/java/org/apache/catalina/filters/RemoteIpFilter.java b/java/org/apache/catalina/filters/RemoteIpFilter.java index 82a9626..bf6431b 100644 --- a/java/org/apache/catalina/filters/RemoteIpFilter.java +++ b/java/org/apache/catalina/filters/RemoteIpFilter.java @@ -82,7 +82,7 @@ import org.apache.tomcat.util.res.StringManager; * protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true, * request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the * $httpsServerPort configuration parameter. - * Mark the request with the attribute {@link Globals#FORWARDED_REQUEST_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate + * Mark the request with the attribute {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate * that this request has been forwarded by one or more proxies. * * diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java index 9e78c0f..cd08cc7 100644 --- a/java/org/apache/catalina/valves/RemoteIpValve.java +++ b/java/org/apache/catalina/valves/RemoteIpValve.java @@ -64,7 +64,7 @@ import org.apache.tomcat.util.http.MimeHeaders; * protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true, * request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the * $httpsServerPort configuration parameter. - * Mark the request with the attribute {@link Globals#FORWARDED_REQUEST_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate + * Mark the request with the attribute {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate * that this request has been forwarded by one or more proxies. * * @@ -653,7 +653,7 @@ public class RemoteIpValve extends ValveBase { } } -request.setAttribute(Globals.FORWARDED_REQUEST_ATTRIBUTE, Boolean.TRUE); +request.setAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE, Boolean.TRUE); if (log.isDebugEnabled()) { log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + originalRemoteAddr diff --git a/java/org/apache/coyote/Constants.java b/java/org/apache/coyote/Constants.java index 6ed3172..6b264e3 100644 --- a/java/org/apache/coyote/Constants.java +++ b/java/org/apache/coyote/Constants.java @@ -98,10 +98,9 @@ public final class Constants { public static final String REMOTE_ADDR_ATTRIBUTE = "org.apache.tomcat.remoteAddr"; /** - * The request attribute set by the RemoteIpFilter, RemoteIpValve (and may - * be set by other similar components) that identifies this request has been - * forwarded via one or more proxies. The value should be {@code java.lang.Boolean}. - * Absence shall be treated as {@code false}. + * The request attribute that is set to the value of {@code Boolean.
[tomcat] branch mark-forwarded-request/9.0.x updated: Add bug id
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch mark-forwarded-request/9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/mark-forwarded-request/9.0.x by this push: new 5ac2847 Add bug id 5ac2847 is described below commit 5ac28479e2430f9cf132b858b9b6461ff65af66d Author: Michael Osipov AuthorDate: Tue Jul 9 16:01:57 2019 +0200 Add bug id --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 9c3b7b7..d95f6c1 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -48,7 +48,7 @@ -XXX: Mark request as forwarded in RemoteIpValve/RemoteIpFilter (michaelo) +63556: Mark request as forwarded in RemoteIpValve/RemoteIpFilter (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch mark-forwarded-request/8.5.x updated: Add bug id
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch mark-forwarded-request/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/mark-forwarded-request/8.5.x by this push: new b26dab2 Add bug id b26dab2 is described below commit b26dab253781fc5f54390c8ec8553d631b639542 Author: Michael Osipov AuthorDate: Tue Jul 9 16:01:57 2019 +0200 Add bug id --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index cb2e02d..959544a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -48,7 +48,7 @@ -XXX: Mark request as forwarded in RemoteIpValve/RemoteIpFilter (michaelo) +63556: Mark request as forwarded in RemoteIpValve/RemoteIpFilter (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch mark-forwarded-request/9.0.x updated: Process Mark's comments
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch mark-forwarded-request/9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/mark-forwarded-request/9.0.x by this push: new 38139bc Process Mark's comments 38139bc is described below commit 38139bcfe3fdf2a1a5f511e391b3c251c692cf0c Author: Michael Osipov AuthorDate: Tue Jul 9 16:43:41 2019 +0200 Process Mark's comments --- java/org/apache/catalina/Globals.java| 2 +- java/org/apache/catalina/filters/RemoteIpFilter.java | 2 +- java/org/apache/coyote/Constants.java| 7 --- webapps/docs/changelog.xml | 3 ++- 4 files changed, 4 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/Globals.java b/java/org/apache/catalina/Globals.java index 7ce8209..b25ee32 100644 --- a/java/org/apache/catalina/Globals.java +++ b/java/org/apache/catalina/Globals.java @@ -205,7 +205,7 @@ public final class Globals { * a request which been forwarded via one or more proxies. */ public static final String REQUEST_FORWARDED_ATTRIBUTE = -org.apache.coyote.Constants.REQUEST_FORWARDED_ATTRIBUTE; +"org.apache.tomcat.request.forwarded"; public static final String ASYNC_SUPPORTED_ATTR = diff --git a/java/org/apache/catalina/filters/RemoteIpFilter.java b/java/org/apache/catalina/filters/RemoteIpFilter.java index bf6431b..1afe033 100644 --- a/java/org/apache/catalina/filters/RemoteIpFilter.java +++ b/java/org/apache/catalina/filters/RemoteIpFilter.java @@ -822,7 +822,7 @@ public class RemoteIpFilter extends GenericFilter { } } -request.setAttribute(Globals.FORWARDED_REQUEST_ATTRIBUTE, Boolean.TRUE); +request.setAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE, Boolean.TRUE); if (log.isDebugEnabled()) { log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + request.getRemoteAddr() diff --git a/java/org/apache/coyote/Constants.java b/java/org/apache/coyote/Constants.java index 6b264e3..1475ba7 100644 --- a/java/org/apache/coyote/Constants.java +++ b/java/org/apache/coyote/Constants.java @@ -96,11 +96,4 @@ public final class Constants { * the X-Forwarded-For HTTP header. */ public static final String REMOTE_ADDR_ATTRIBUTE = "org.apache.tomcat.remoteAddr"; - -/** - * The request attribute that is set to the value of {@code Boolean.TRUE} - * by the RemoteIpFilter, RemoteIpValve (and other similar components) that identifies - * a request which been forwarded via one or more proxies. - */ -public static final String REQUEST_FORWARDED_ATTRIBUTE = "org.apache.tomcat.request.forwarded"; } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index d95f6c1..2e7a08b 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -48,7 +48,8 @@ -63556: Mark request as forwarded in RemoteIpValve/RemoteIpFilter (michaelo) +63556: Mark request as forwarded in RemoteIpValve and +RemoteIpFilter (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch mark-forwarded-request/8.5.x updated: Process Mark's comments
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch mark-forwarded-request/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/mark-forwarded-request/8.5.x by this push: new e0d237e Process Mark's comments e0d237e is described below commit e0d237e56b32ee5089305337fa41d1a1fc1aeac5 Author: Michael Osipov AuthorDate: Tue Jul 9 16:43:41 2019 +0200 Process Mark's comments --- java/org/apache/catalina/Globals.java| 2 +- java/org/apache/catalina/filters/RemoteIpFilter.java | 2 +- java/org/apache/coyote/Constants.java| 7 --- webapps/docs/changelog.xml | 3 ++- 4 files changed, 4 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/Globals.java b/java/org/apache/catalina/Globals.java index 7ce8209..b25ee32 100644 --- a/java/org/apache/catalina/Globals.java +++ b/java/org/apache/catalina/Globals.java @@ -205,7 +205,7 @@ public final class Globals { * a request which been forwarded via one or more proxies. */ public static final String REQUEST_FORWARDED_ATTRIBUTE = -org.apache.coyote.Constants.REQUEST_FORWARDED_ATTRIBUTE; +"org.apache.tomcat.request.forwarded"; public static final String ASYNC_SUPPORTED_ATTR = diff --git a/java/org/apache/catalina/filters/RemoteIpFilter.java b/java/org/apache/catalina/filters/RemoteIpFilter.java index 423b561..c3f5a81 100644 --- a/java/org/apache/catalina/filters/RemoteIpFilter.java +++ b/java/org/apache/catalina/filters/RemoteIpFilter.java @@ -862,7 +862,7 @@ public class RemoteIpFilter implements Filter { } } -request.setAttribute(Globals.FORWARDED_REQUEST_ATTRIBUTE, Boolean.TRUE); +request.setAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE, Boolean.TRUE); if (log.isDebugEnabled()) { log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + request.getRemoteAddr() diff --git a/java/org/apache/coyote/Constants.java b/java/org/apache/coyote/Constants.java index 898068a..9de194d 100644 --- a/java/org/apache/coyote/Constants.java +++ b/java/org/apache/coyote/Constants.java @@ -111,11 +111,4 @@ public final class Constants { * the X-Forwarded-For HTTP header. */ public static final String REMOTE_ADDR_ATTRIBUTE = "org.apache.tomcat.remoteAddr"; - -/** - * The request attribute that is set to the value of {@code Boolean.TRUE} - * by the RemoteIpFilter, RemoteIpValve (and other similar components) that identifies - * a request which been forwarded via one or more proxies. - */ -public static final String REQUEST_FORWARDED_ATTRIBUTE = "org.apache.tomcat.request.forwarded"; } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 959544a..96e89f4 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -48,7 +48,8 @@ -63556: Mark request as forwarded in RemoteIpValve/RemoteIpFilter (michaelo) +63556: Mark request as forwarded in RemoteIpValve and +RemoteIpFilter (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: BZ 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch mark-forwarded-request/9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit db6e8222c7717c4443fcdebe479e9417c5deaa46 Author: Michael Osipov AuthorDate: Tue Jul 9 14:59:09 2019 +0200 BZ 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter --- java/org/apache/catalina/Globals.java | 9 +++ .../apache/catalina/filters/RemoteIpFilter.java| 4 +++ java/org/apache/catalina/valves/RemoteIpValve.java | 4 +++ .../catalina/filters/TestRemoteIpFilter.java | 23 + .../apache/catalina/valves/TestRemoteIpValve.java | 30 ++ webapps/docs/changelog.xml | 8 ++ 6 files changed, 78 insertions(+) diff --git a/java/org/apache/catalina/Globals.java b/java/org/apache/catalina/Globals.java index 8801724..b25ee32 100644 --- a/java/org/apache/catalina/Globals.java +++ b/java/org/apache/catalina/Globals.java @@ -199,6 +199,15 @@ public final class Globals { org.apache.coyote.Constants.REMOTE_ADDR_ATTRIBUTE; +/** + * The request attribute that is set to the value of {@code Boolean.TRUE} + * by the RemoteIpFilter, RemoteIpValve (and other similar components) that identifies + * a request which been forwarded via one or more proxies. + */ +public static final String REQUEST_FORWARDED_ATTRIBUTE = +"org.apache.tomcat.request.forwarded"; + + public static final String ASYNC_SUPPORTED_ATTR = "org.apache.catalina.ASYNC_SUPPORTED"; diff --git a/java/org/apache/catalina/filters/RemoteIpFilter.java b/java/org/apache/catalina/filters/RemoteIpFilter.java index 5c04858..1afe033 100644 --- a/java/org/apache/catalina/filters/RemoteIpFilter.java +++ b/java/org/apache/catalina/filters/RemoteIpFilter.java @@ -82,6 +82,8 @@ import org.apache.tomcat.util.res.StringManager; * protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true, * request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the * $httpsServerPort configuration parameter. + * Mark the request with the attribute {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate + * that this request has been forwarded by one or more proxies. * * * Configuration parameters @@ -820,6 +822,8 @@ public class RemoteIpFilter extends GenericFilter { } } +request.setAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE, Boolean.TRUE); + if (log.isDebugEnabled()) { log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + request.getRemoteAddr() + "', originalRemoteHost='" + request.getRemoteHost() + "', originalSecure='" + request.isSecure() diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java index 145b095..cd08cc7 100644 --- a/java/org/apache/catalina/valves/RemoteIpValve.java +++ b/java/org/apache/catalina/valves/RemoteIpValve.java @@ -64,6 +64,8 @@ import org.apache.tomcat.util.http.MimeHeaders; * protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true, * request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the * $httpsServerPort configuration parameter. + * Mark the request with the attribute {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate + * that this request has been forwarded by one or more proxies. * * * Configuration parameters @@ -651,6 +653,8 @@ public class RemoteIpValve extends ValveBase { } } +request.setAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE, Boolean.TRUE); + if (log.isDebugEnabled()) { log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + originalRemoteAddr + "', originalRemoteHost='" + originalRemoteHost + "', originalSecure='" + originalSecure + "', originalScheme='" diff --git a/test/org/apache/catalina/filters/TestRemoteIpFilter.java b/test/org/apache/catalina/filters/TestRemoteIpFilter.java index f7f2093..956bbf1 100644 --- a/test/org/apache/catalina/filters/TestRemoteIpFilter.java +++ b/test/org/apache/catalina/filters/TestRemoteIpFilter.java @@ -42,6 +42,7 @@ import org.junit.Test; import org.apache.catalina.AccessLog; import org.apache.catalina.Context; +import org.apache.catalina.Globals; import org.apache.catalina.LifecycleException; import org.apache.catalina.connector.Connector; import org.apache.catalina.co