You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/05/31 08:38:46 UTC
[tomcat] 01/02: Remove NPN when using Tomcat Native
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit b86f4c1f3ad50a303104bfdc59576638049e56fe
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 31 09:36:30 2022 +0100
Remove NPN when using Tomcat Native
---
java/org/apache/tomcat/jni/SSL.java | 3 +++
java/org/apache/tomcat/jni/SSLContext.java | 3 +++
.../apache/tomcat/util/net/openssl/OpenSSLContext.java | 1 -
.../org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 15 +--------------
webapps/docs/changelog.xml | 5 +++++
5 files changed, 12 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/tomcat/jni/SSL.java b/java/org/apache/tomcat/jni/SSL.java
index 797df5293e..652921bf6f 100644
--- a/java/org/apache/tomcat/jni/SSL.java
+++ b/java/org/apache/tomcat/jni/SSL.java
@@ -634,7 +634,10 @@ public final class SSL {
* SSL_get0_next_proto_negotiated
* @param ssl the SSL instance (SSL *)
* @return the NPN protocol negotiated
+ *
+ * @deprecated Unused. Will be removed in Tomcat 10.1.x
*/
+ @Deprecated
public static native String getNextProtoNegotiated(long ssl);
/*
diff --git a/java/org/apache/tomcat/jni/SSLContext.java b/java/org/apache/tomcat/jni/SSLContext.java
index bb258e7a3a..1363aeaf4b 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -532,7 +532,10 @@ public final class SSLContext {
* @param nextProtos protocols in priority order
* @param selectorFailureBehavior see {@link SSL#SSL_SELECTOR_FAILURE_NO_ADVERTISE}
* and {@link SSL#SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL}
+ *
+ * @deprecated Unused. Will be removed in Tomcat 10.1.x
*/
+ @Deprecated
public static native void setNpnProtos(long ctx, String[] nextProtos, int selectorFailureBehavior);
/**
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index eb5056e0c3..9f09959e7a 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -392,7 +392,6 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
protocols.add("http/1.1");
String[] protocolsArray = protocols.toArray(new String[0]);
SSLContext.setAlpnProtos(state.ctx, protocolsArray, SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
- SSLContext.setNpnProtos(state.ctx, protocolsArray, SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
}
// Apply OpenSSLConfCmd if used
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index ed48e7afed..9fe686785e 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -931,9 +931,6 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
} else {
if (alpn) {
selectedProtocol = SSL.getAlpnSelected(state.ssl);
- if (selectedProtocol == null) {
- selectedProtocol = SSL.getNextProtoNegotiated(state.ssl);
- }
}
session.lastAccessedTime = System.currentTimeMillis();
// if SSL_do_handshake returns > 0 it means the handshake was finished. This means we can update
@@ -1069,9 +1066,6 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
(SSL.getPostHandshakeAuthInProgress(state.ssl) == 0)) {
if (alpn) {
selectedProtocol = SSL.getAlpnSelected(state.ssl);
- if (selectedProtocol == null) {
- selectedProtocol = SSL.getNextProtoNegotiated(state.ssl);
- }
}
session.lastAccessedTime = System.currentTimeMillis();
version = SSL.getVersion(state.ssl);
@@ -1416,14 +1410,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
public String getProtocol() {
String applicationProtocol = OpenSSLEngine.this.applicationProtocol;
if (applicationProtocol == null) {
- synchronized (OpenSSLEngine.this) {
- if (!destroyed) {
- applicationProtocol = SSL.getNextProtoNegotiated(state.ssl);
- }
- }
- if (applicationProtocol == null) {
- applicationProtocol = fallbackApplicationProtocol;
- }
+ applicationProtocol = fallbackApplicationProtocol;
if (applicationProtocol != null) {
OpenSSLEngine.this.applicationProtocol = applicationProtocol.replace(':', '_');
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7aa3d424e9..3f4c2e9ad2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -157,6 +157,11 @@
private keys in the previous release that broke support for unencrypted
PKCS#1 formatted private keys. (jfclere/markt)
</add>
+ <update>
+ Remove support for NPN when using the Tomcat Native Connector as NPN was
+ never standardised and browser support for NPN was removed several years
+ ago. (markt)
+ </update>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org