This is an automated email from the ASF dual-hosted git repository. rjung pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push: new f154fbe Deprecate org.apache.tomcat.util.compat.TLS and move its functionality to its only using class org.apache.tomcat.util.net.TesterSupport. f154fbe is described below commit f154fbe32d0b52effc3f9591b8cae65ca6724bef Author: Rainer Jung <rainer.j...@kippdata.de> AuthorDate: Thu Sep 19 13:25:02 2019 +0200 Deprecate org.apache.tomcat.util.compat.TLS and move its functionality to its only using class org.apache.tomcat.util.net.TesterSupport. --- java/org/apache/tomcat/util/compat/TLS.java | 3 +++ test/org/apache/tomcat/util/net/TesterSupport.java | 17 +++++++++++++++-- webapps/docs/changelog.xml | 10 ++++++++++ 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/java/org/apache/tomcat/util/compat/TLS.java b/java/org/apache/tomcat/util/compat/TLS.java index f9ce018..53c1c44 100644 --- a/java/org/apache/tomcat/util/compat/TLS.java +++ b/java/org/apache/tomcat/util/compat/TLS.java @@ -24,7 +24,10 @@ import org.apache.tomcat.util.net.Constants; /** * This class checks for the availability of TLS features. + * + * @deprecated Unused. This will be removed in Tomcat 10. */ +@Deprecated public class TLS { private static final boolean tlsv13Available; diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java b/test/org/apache/tomcat/util/net/TesterSupport.java index f8f7ddc..a795ffd 100644 --- a/test/org/apache/tomcat/util/net/TesterSupport.java +++ b/test/org/apache/tomcat/util/net/TesterSupport.java @@ -24,6 +24,7 @@ import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.PrivateKey; import java.security.cert.CertificateException; @@ -57,7 +58,6 @@ import org.apache.tomcat.jni.Library; import org.apache.tomcat.jni.LibraryNotFoundError; import org.apache.tomcat.jni.SSL; import org.apache.tomcat.util.compat.JrePlatform; -import org.apache.tomcat.util.compat.TLS; import org.apache.tomcat.util.descriptor.web.LoginConfig; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; @@ -82,6 +82,7 @@ public final class TesterSupport { public static final boolean OPENSSL_AVAILABLE; public static final int OPENSSL_VERSION; public static final String OPENSSL_ERROR; + public static final boolean TLSV13_AVAILABLE; public static final String ROLE = "testrole"; @@ -104,6 +105,14 @@ public final class TesterSupport { OPENSSL_AVAILABLE = available; OPENSSL_VERSION = version; OPENSSL_ERROR = err; + + available = false; + try { + SSLContext.getInstance(Constants.SSL_PROTO_TLSv1_3); + available = true; + } catch (NoSuchAlgorithmException ex) { + } + TLSV13_AVAILABLE = available; } public static boolean isOpensslAvailable() { @@ -114,6 +123,10 @@ public final class TesterSupport { return OPENSSL_VERSION; } + public static boolean isTlsv13Available() { + return TLSV13_AVAILABLE; + } + public static void initSsl(Tomcat tomcat) { initSsl(tomcat, LOCALHOST_RSA_JKS, null, null); } @@ -655,7 +668,7 @@ public final class TesterSupport { */ public static String getDefaultTLSProtocolForTesting(Connector connector) { // Clients always use JSSE - if (!TLS.isTlsv13Available()) { + if (!TLSV13_AVAILABLE) { // Client doesn't support TLS 1.3 so we have to use TLS 1.2 return Constants.SSL_PROTO_TLSv1_2; } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 652eba3..58a0809 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -61,6 +61,16 @@ </docs> </changelog> </subsection> + <subsection name="Other"> + <changelog> + <scode> + Deprecate <code>org.apache.tomcat.util.compat.TLS</code>. + Its functionality was only used for unit tests in + <code>org.apache.tomcat.util.net.TesterSupport</code> + and has been moved there. (rjung) + </scode> + </changelog> + </subsection> </section> <section name="Tomcat 9.0.26 (markt)" rtext="release in progress"> <subsection name="Other"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org