You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/05/31 15:28:28 UTC

[tomcat-native] branch main updated: Remove NPN support

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/main by this push:
     new 15ec9876b Remove NPN support
15ec9876b is described below

commit 15ec9876b828572e10f9d0c9a2350961078f923c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed May 25 15:55:45 2022 +0100

    Remove NPN support
---
 download_deps.sh                  |  2 +-
 native/include/ssl_private.h      |  4 +---
 native/src/ssl.c                  | 18 ------------------
 native/src/sslcontext.c           | 22 +---------------------
 native/src/sslutils.c             | 18 ------------------
 xdocs/miscellaneous/changelog.xml |  4 ++++
 6 files changed, 7 insertions(+), 61 deletions(-)

diff --git a/download_deps.sh b/download_deps.sh
index ca6c46096..d9d7cd796 100755
--- a/download_deps.sh
+++ b/download_deps.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Small script to get a recent openssl, with npn support
+# Small script to get a recent openssl
 # Will run configure and build_libs to generate the .s files
 
 cd $(dirname $0)
diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index f6b2840a8..fc0f6ba9b 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -246,7 +246,7 @@ extern ENGINE *tcn_ssl_engine;
 #define HAVE_KEYLOG_CALLBACK
 #endif
 
-#define MAX_ALPN_NPN_PROTO_SIZE 65535
+#define MAX_ALPN_PROTO_SIZE 65535
 #define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL            1
 
 typedef struct {
@@ -391,8 +391,6 @@ void        SSL_callback_handshake(const SSL *, int, int);
 int         SSL_CTX_use_certificate_chain(SSL_CTX *, const char *, int);
 int         SSL_callback_SSL_verify(int, X509_STORE_CTX *);
 int         SSL_rand_seed(const char *file);
-int         SSL_callback_next_protos(SSL *, const unsigned char **, unsigned int *, void *);
-int         SSL_callback_select_next_proto(SSL *, unsigned char **, unsigned char *, const unsigned char *, unsigned int,void *);
 int         SSL_callback_alpn_select_proto(SSL *, const unsigned char **, unsigned char *, const unsigned char *, unsigned int, void *);
 #ifdef HAVE_KEYLOG_CALLBACK
 void        SSL_callback_add_keylog(SSL_CTX *);
diff --git a/native/src/ssl.c b/native/src/ssl.c
index ca6a5c26a..c48cb4247 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -1667,24 +1667,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, getPostHandshakeAuthInProgress)(TCN_STDARGS,
 #endif
 }
 
-/* Read which protocol was negotiated for the given SSL *. */
-TCN_IMPLEMENT_CALL(jstring, SSL, getNextProtoNegotiated)(TCN_STDARGS,
-                                                         jlong ssl /* SSL * */) {
-    SSL *ssl_ = J2P(ssl, SSL *);
-    const unsigned char *proto;
-    unsigned int proto_len;
-
-    if (ssl_ == NULL) {
-        tcn_ThrowException(e, "ssl is null");
-        return NULL;
-    }
-
-    UNREFERENCED(o);
-
-    SSL_get0_next_proto_negotiated(ssl_, &proto, &proto_len);
-    return tcn_new_stringn(e, (const char *)proto, (size_t) proto_len);
-}
-
 /*** End Twitter API Additions ***/
 
 /*** Apple API Additions ***/
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index d01c9d532..b69b4480f 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -1612,7 +1612,7 @@ static int initProtocols(JNIEnv *e, const tcn_ssl_ctxt_t *c, unsigned char **pro
          proto_chars = (*e)->GetStringUTFChars(e, proto_string, 0);
 
          proto_chars_len = strlen(proto_chars);
-         if (proto_chars_len > 0 && proto_chars_len <= MAX_ALPN_NPN_PROTO_SIZE) {
+         if (proto_chars_len > 0 && proto_chars_len <= MAX_ALPN_PROTO_SIZE) {
             // We need to add +1 as each protocol is prefixed by it's length (unsigned char).
             // For all except of the last one we already have the extra space as everything is
             // delimited by ','.
@@ -1655,26 +1655,6 @@ static int initProtocols(JNIEnv *e, const tcn_ssl_ctxt_t *c, unsigned char **pro
     }
 }
 
-TCN_IMPLEMENT_CALL(void, SSLContext, setNpnProtos)(TCN_STDARGS, jlong ctx, jobjectArray next_protos,
-        jint selectorFailureBehavior)
-{
-    tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
-
-    TCN_ASSERT(ctx != 0);
-    UNREFERENCED(o);
-
-    if (initProtocols(e, c, &c->next_proto_data, &c->next_proto_len, next_protos) == 0) {
-        c->next_selector_failure_behavior = selectorFailureBehavior;
-
-        // depending on if it's client mode or not we need to call different functions.
-        if (c->mode == SSL_MODE_CLIENT)  {
-            SSL_CTX_set_next_proto_select_cb(c->ctx, SSL_callback_select_next_proto, (void *)c);
-        } else {
-            SSL_CTX_set_next_protos_advertised_cb(c->ctx, SSL_callback_next_protos, (void *)c);
-        }
-    }
-}
-
 TCN_IMPLEMENT_CALL(void, SSLContext, setAlpnProtos)(TCN_STDARGS, jlong ctx, jobjectArray alpn_protos,
         jint selectorFailureBehavior)
 {
diff --git a/native/src/sslutils.c b/native/src/sslutils.c
index 580595249..e2118a923 100644
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -446,17 +446,6 @@ void SSL_callback_handshake(const SSL *ssl, int where, int rc)
     }
 }
 
-int SSL_callback_next_protos(SSL *ssl, const unsigned char **data,
-                             unsigned int *len, void *arg)
-{
-    tcn_ssl_ctxt_t *ssl_ctxt = arg;
-
-    *data = ssl_ctxt->next_proto_data;
-    *len = ssl_ctxt->next_proto_len;
-
-    return SSL_TLSEXT_ERR_OK;
-}
-
 /* The code here is inspired by nghttp2
  *
  * See https://github.com/tatsuhiro-t/nghttp2/blob/ae0100a9abfcf3149b8d9e62aae216e946b517fb/src/shrpx_ssl.cc#L244 */
@@ -515,13 +504,6 @@ int select_next_proto(SSL *ssl, const unsigned char **out, unsigned char *outlen
     return SSL_TLSEXT_ERR_NOACK;
 }
 
-int SSL_callback_select_next_proto(SSL *ssl, unsigned char **out, unsigned char *outlen,
-                         const unsigned char *in, unsigned int inlen,
-                         void *arg) {
-    tcn_ssl_ctxt_t *ssl_ctxt = arg;
-    return select_next_proto(ssl, (const unsigned char **) out, outlen, in, inlen, ssl_ctxt->next_proto_data, ssl_ctxt->next_proto_len, ssl_ctxt->next_selector_failure_behavior);
-}
-
 int SSL_callback_alpn_select_proto(SSL* ssl, const unsigned char **out, unsigned char *outlen,
         const unsigned char *in, unsigned int inlen, void *arg) {
     tcn_ssl_ctxt_t *ssl_ctxt = arg;
diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml
index 3dc6e0461..c1d0fcc65 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -44,6 +44,10 @@
     <update>
       Update the minimum required version of APR to 1.7.0. (markt)
     </update>
+    <design>
+      Remove NPN support as NPN was never standardised and browser support was
+      removed in 2019. (markt)
+    </design>
   </changelog>
 </section>
 <section name="Changes in 1.2.x">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org