You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/05/31 15:28:28 UTC
[tomcat-native] branch main updated: Remove NPN support
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/main by this push:
new 15ec9876b Remove NPN support
15ec9876b is described below
commit 15ec9876b828572e10f9d0c9a2350961078f923c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed May 25 15:55:45 2022 +0100
Remove NPN support
---
download_deps.sh | 2 +-
native/include/ssl_private.h | 4 +---
native/src/ssl.c | 18 ------------------
native/src/sslcontext.c | 22 +---------------------
native/src/sslutils.c | 18 ------------------
xdocs/miscellaneous/changelog.xml | 4 ++++
6 files changed, 7 insertions(+), 61 deletions(-)
diff --git a/download_deps.sh b/download_deps.sh
index ca6c46096..d9d7cd796 100755
--- a/download_deps.sh
+++ b/download_deps.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-# Small script to get a recent openssl, with npn support
+# Small script to get a recent openssl
# Will run configure and build_libs to generate the .s files
cd $(dirname $0)
diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index f6b2840a8..fc0f6ba9b 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -246,7 +246,7 @@ extern ENGINE *tcn_ssl_engine;
#define HAVE_KEYLOG_CALLBACK
#endif
-#define MAX_ALPN_NPN_PROTO_SIZE 65535
+#define MAX_ALPN_PROTO_SIZE 65535
#define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL 1
typedef struct {
@@ -391,8 +391,6 @@ void SSL_callback_handshake(const SSL *, int, int);
int SSL_CTX_use_certificate_chain(SSL_CTX *, const char *, int);
int SSL_callback_SSL_verify(int, X509_STORE_CTX *);
int SSL_rand_seed(const char *file);
-int SSL_callback_next_protos(SSL *, const unsigned char **, unsigned int *, void *);
-int SSL_callback_select_next_proto(SSL *, unsigned char **, unsigned char *, const unsigned char *, unsigned int,void *);
int SSL_callback_alpn_select_proto(SSL *, const unsigned char **, unsigned char *, const unsigned char *, unsigned int, void *);
#ifdef HAVE_KEYLOG_CALLBACK
void SSL_callback_add_keylog(SSL_CTX *);
diff --git a/native/src/ssl.c b/native/src/ssl.c
index ca6a5c26a..c48cb4247 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -1667,24 +1667,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, getPostHandshakeAuthInProgress)(TCN_STDARGS,
#endif
}
-/* Read which protocol was negotiated for the given SSL *. */
-TCN_IMPLEMENT_CALL(jstring, SSL, getNextProtoNegotiated)(TCN_STDARGS,
- jlong ssl /* SSL * */) {
- SSL *ssl_ = J2P(ssl, SSL *);
- const unsigned char *proto;
- unsigned int proto_len;
-
- if (ssl_ == NULL) {
- tcn_ThrowException(e, "ssl is null");
- return NULL;
- }
-
- UNREFERENCED(o);
-
- SSL_get0_next_proto_negotiated(ssl_, &proto, &proto_len);
- return tcn_new_stringn(e, (const char *)proto, (size_t) proto_len);
-}
-
/*** End Twitter API Additions ***/
/*** Apple API Additions ***/
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index d01c9d532..b69b4480f 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -1612,7 +1612,7 @@ static int initProtocols(JNIEnv *e, const tcn_ssl_ctxt_t *c, unsigned char **pro
proto_chars = (*e)->GetStringUTFChars(e, proto_string, 0);
proto_chars_len = strlen(proto_chars);
- if (proto_chars_len > 0 && proto_chars_len <= MAX_ALPN_NPN_PROTO_SIZE) {
+ if (proto_chars_len > 0 && proto_chars_len <= MAX_ALPN_PROTO_SIZE) {
// We need to add +1 as each protocol is prefixed by it's length (unsigned char).
// For all except of the last one we already have the extra space as everything is
// delimited by ','.
@@ -1655,26 +1655,6 @@ static int initProtocols(JNIEnv *e, const tcn_ssl_ctxt_t *c, unsigned char **pro
}
}
-TCN_IMPLEMENT_CALL(void, SSLContext, setNpnProtos)(TCN_STDARGS, jlong ctx, jobjectArray next_protos,
- jint selectorFailureBehavior)
-{
- tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
-
- TCN_ASSERT(ctx != 0);
- UNREFERENCED(o);
-
- if (initProtocols(e, c, &c->next_proto_data, &c->next_proto_len, next_protos) == 0) {
- c->next_selector_failure_behavior = selectorFailureBehavior;
-
- // depending on if it's client mode or not we need to call different functions.
- if (c->mode == SSL_MODE_CLIENT) {
- SSL_CTX_set_next_proto_select_cb(c->ctx, SSL_callback_select_next_proto, (void *)c);
- } else {
- SSL_CTX_set_next_protos_advertised_cb(c->ctx, SSL_callback_next_protos, (void *)c);
- }
- }
-}
-
TCN_IMPLEMENT_CALL(void, SSLContext, setAlpnProtos)(TCN_STDARGS, jlong ctx, jobjectArray alpn_protos,
jint selectorFailureBehavior)
{
diff --git a/native/src/sslutils.c b/native/src/sslutils.c
index 580595249..e2118a923 100644
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -446,17 +446,6 @@ void SSL_callback_handshake(const SSL *ssl, int where, int rc)
}
}
-int SSL_callback_next_protos(SSL *ssl, const unsigned char **data,
- unsigned int *len, void *arg)
-{
- tcn_ssl_ctxt_t *ssl_ctxt = arg;
-
- *data = ssl_ctxt->next_proto_data;
- *len = ssl_ctxt->next_proto_len;
-
- return SSL_TLSEXT_ERR_OK;
-}
-
/* The code here is inspired by nghttp2
*
* See https://github.com/tatsuhiro-t/nghttp2/blob/ae0100a9abfcf3149b8d9e62aae216e946b517fb/src/shrpx_ssl.cc#L244 */
@@ -515,13 +504,6 @@ int select_next_proto(SSL *ssl, const unsigned char **out, unsigned char *outlen
return SSL_TLSEXT_ERR_NOACK;
}
-int SSL_callback_select_next_proto(SSL *ssl, unsigned char **out, unsigned char *outlen,
- const unsigned char *in, unsigned int inlen,
- void *arg) {
- tcn_ssl_ctxt_t *ssl_ctxt = arg;
- return select_next_proto(ssl, (const unsigned char **) out, outlen, in, inlen, ssl_ctxt->next_proto_data, ssl_ctxt->next_proto_len, ssl_ctxt->next_selector_failure_behavior);
-}
-
int SSL_callback_alpn_select_proto(SSL* ssl, const unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen, void *arg) {
tcn_ssl_ctxt_t *ssl_ctxt = arg;
diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml
index 3dc6e0461..c1d0fcc65 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -44,6 +44,10 @@
<update>
Update the minimum required version of APR to 1.7.0. (markt)
</update>
+ <design>
+ Remove NPN support as NPN was never standardised and browser support was
+ removed in 2019. (markt)
+ </design>
</changelog>
</section>
<section name="Changes in 1.2.x">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org