You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/05/31 08:41:41 UTC
[tomcat] branch 10.0.x updated: Remove NPN when using Tomcat Native
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 70f0a9b198 Remove NPN when using Tomcat Native
70f0a9b198 is described below
commit 70f0a9b198f5fe5fab6480a2da2067aff700b3f2
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 31 09:36:30 2022 +0100
Remove NPN when using Tomcat Native
---
java/org/apache/tomcat/jni/SSL.java | 3 +++
java/org/apache/tomcat/jni/SSLContext.java | 3 +++
.../apache/tomcat/util/net/openssl/OpenSSLContext.java | 1 -
.../org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 15 +--------------
webapps/docs/changelog.xml | 5 +++++
5 files changed, 12 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/tomcat/jni/SSL.java b/java/org/apache/tomcat/jni/SSL.java
index 797df5293e..652921bf6f 100644
--- a/java/org/apache/tomcat/jni/SSL.java
+++ b/java/org/apache/tomcat/jni/SSL.java
@@ -634,7 +634,10 @@ public final class SSL {
* SSL_get0_next_proto_negotiated
* @param ssl the SSL instance (SSL *)
* @return the NPN protocol negotiated
+ *
+ * @deprecated Unused. Will be removed in Tomcat 10.1.x
*/
+ @Deprecated
public static native String getNextProtoNegotiated(long ssl);
/*
diff --git a/java/org/apache/tomcat/jni/SSLContext.java b/java/org/apache/tomcat/jni/SSLContext.java
index bb258e7a3a..1363aeaf4b 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -532,7 +532,10 @@ public final class SSLContext {
* @param nextProtos protocols in priority order
* @param selectorFailureBehavior see {@link SSL#SSL_SELECTOR_FAILURE_NO_ADVERTISE}
* and {@link SSL#SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL}
+ *
+ * @deprecated Unused. Will be removed in Tomcat 10.1.x
*/
+ @Deprecated
public static native void setNpnProtos(long ctx, String[] nextProtos, int selectorFailureBehavior);
/**
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index ed0b5afc65..4882a65304 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -390,7 +390,6 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
protocols.add("http/1.1");
String[] protocolsArray = protocols.toArray(new String[0]);
SSLContext.setAlpnProtos(ctx, protocolsArray, SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
- SSLContext.setNpnProtos(ctx, protocolsArray, SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE);
}
// Apply OpenSSLConfCmd if used
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 0a9b4637be..172c6fc366 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -931,9 +931,6 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
} else {
if (alpn) {
selectedProtocol = SSL.getAlpnSelected(ssl);
- if (selectedProtocol == null) {
- selectedProtocol = SSL.getNextProtoNegotiated(ssl);
- }
}
session.lastAccessedTime = System.currentTimeMillis();
// if SSL_do_handshake returns > 0 it means the handshake was finished. This means we can update
@@ -1069,9 +1066,6 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
(SSL.getPostHandshakeAuthInProgress(ssl) == 0)) {
if (alpn) {
selectedProtocol = SSL.getAlpnSelected(ssl);
- if (selectedProtocol == null) {
- selectedProtocol = SSL.getNextProtoNegotiated(ssl);
- }
}
session.lastAccessedTime = System.currentTimeMillis();
version = SSL.getVersion(ssl);
@@ -1422,14 +1416,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
public String getProtocol() {
String applicationProtocol = OpenSSLEngine.this.applicationProtocol;
if (applicationProtocol == null) {
- synchronized (OpenSSLEngine.this) {
- if (!destroyed) {
- applicationProtocol = SSL.getNextProtoNegotiated(ssl);
- }
- }
- if (applicationProtocol == null) {
- applicationProtocol = fallbackApplicationProtocol;
- }
+ applicationProtocol = fallbackApplicationProtocol;
if (applicationProtocol != null) {
OpenSSLEngine.this.applicationProtocol = applicationProtocol.replace(':', '_');
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index dbe1f74c87..37faed1e7e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -152,6 +152,11 @@
private keys in the previous release that broke support for unencrypted
PKCS#1 formatted private keys. (jfclere/markt)
</add>
+ <update>
+ Remove support for NPN when using the Tomcat Native Connector as NPN was
+ never standardised and browser support for NPN was removed several years
+ ago. (markt)
+ </update>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org