You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/11/10 13:05:36 UTC
[tomcat] branch 10.0.x updated: Improve error handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new a8f3ea5 Improve error handling
a8f3ea5 is described below
commit a8f3ea5bc9946c2019e5ae130d01270bf1b62e9a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Nov 10 13:04:41 2021 +0000
Improve error handling
While this is in the vicinity of the current CI failures for the
TestSSLHostConfigCompat tests, I don't think it is the root cause of the
test failures. It might be the root cause of the some of the JVM
crashes.
Whether it is the root cause of failures and/or crashes or not, ignoring
the return value when it may indicate an error needs improvement.
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 6 +++++-
java/org/apache/tomcat/util/net/LocalStrings.properties | 1 +
webapps/docs/changelog.xml | 8 ++++++++
3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 0c4d87f..546666d 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -709,7 +709,11 @@ public class AprEndpoint extends AbstractEndpoint<Long,Long> implements SNICallB
// 2: SSL handshake
step = 2;
if (sslContext != 0) {
- SSLSocket.attach(sslContext, socket);
+ int rv = SSLSocket.attach(sslContext, socket);
+ if (rv != Status.APR_SUCCESS) {
+ log.warn(sm.getString("endpoint.err.attach", Integer.valueOf(rv)));
+ return false;
+ }
if (SSLSocket.handshake(socket) != 0) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("endpoint.err.handshake") + ": " + SSL.getLastError());
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties b/java/org/apache/tomcat/util/net/LocalStrings.properties
index f3f1619..5d8652c 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -79,6 +79,7 @@ endpoint.debug.unlock.fail=Caught exception trying to unlock accept on port [{0}
endpoint.debug.unlock.localFail=Unable to determine local address for [{0}]
endpoint.debug.unlock.localNone=Failed to unlock acceptor for [{0}] because the local address was not available
endpoint.duplicateSslHostName=Multiple SSLHostConfig elements were provided for the host name [{0}]. Host names must be unique.
+endpoint.err.attach=Failed to attach SSLContext to socket - error [{0}]
endpoint.err.close=Caught exception trying to close socket
endpoint.err.handshake=Handshake failed
endpoint.err.unexpected=Unexpected error processing socket
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c223b4b..4b233d6 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,14 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 10.0.14 (markt)" rtext="in development">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Improve error handling if APR/Native fails to attach TLS capabilities to
+ a TLS enabled client connection. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 10.0.13 (markt)" rtext="release in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org