tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: svn commit: r1770952 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ java/org/apache/tomcat/util/net/openssl/ webapps/docs/
Date Wed, 23 Nov 2016 12:57:26 GMT
On 23/11/2016 12:23, markt@apache.org wrote:
> Author: markt
> Date: Wed Nov 23 12:23:37 2016
> New Revision: 1770952
> 
> URL: http://svn.apache.org/viewvc?rev=1770952&view=rev
> Log:
> Ensure that the availability of configured upgrade protocols that require ALPN is correctly
reported during Tomcat start.

This needs a re-think as it breaks h2 due to the change in init ordering.

Mark


> 
> Modified:
>     tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
>     tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties
>     tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
>     tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
>     tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
>     tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java
>     tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
>     tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
>     tomcat/trunk/webapps/docs/changelog.xml
> 
> Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1770952&r1=1770951&r2=1770952&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java (original)
> +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Wed Nov 23
12:23:37 2016
> @@ -58,11 +58,11 @@ public abstract class AbstractHttp11Prot
>  
>      @Override
>      public void init() throws Exception {
> +        super.init();
> +
>          for (UpgradeProtocol upgradeProtocol : upgradeProtocols) {
>              configureUpgradeProtocol(upgradeProtocol);
>          }
> -
> -        super.init();
>      }
>  
>  
> @@ -322,9 +322,8 @@ public abstract class AbstractHttp11Prot
>       */
>      private final Map<String,UpgradeProtocol> negotiatedProtocols = new HashMap<>();
>      private void configureUpgradeProtocol(UpgradeProtocol upgradeProtocol) {
> -        boolean isSSLEnabled = getEndpoint().isSSLEnabled();
>          // HTTP Upgrade
> -        String httpUpgradeName = upgradeProtocol.getHttpUpgradeName(isSSLEnabled);
> +        String httpUpgradeName = upgradeProtocol.getHttpUpgradeName(getEndpoint().isSSLEnabled());
>          boolean httpUpgradeConfigured = false;
>          if (httpUpgradeName != null && httpUpgradeName.length() > 0) {
>              httpUpgradeProtocols.put(httpUpgradeName, upgradeProtocol);
> @@ -333,21 +332,22 @@ public abstract class AbstractHttp11Prot
>                      getName(), httpUpgradeName));
>          }
>  
> +
>          // ALPN
>          String alpnName = upgradeProtocol.getAlpnName();
>          if (alpnName != null && alpnName.length() > 0) {
> -            // ALPN requires SSL
> -            if (isSSLEnabled) {
> +            if (getEndpoint().isAlpnSupported()) {
>                  negotiatedProtocols.put(alpnName, upgradeProtocol);
>                  getEndpoint().addNegotiatedProtocol(alpnName);
>                  getLog().info(sm.getString("abstractHttp11Protocol.alpnConfigured",
>                          getName(), alpnName));
>              } else {
>                  if (!httpUpgradeConfigured) {
> -                    // HTTP Upgrade is not available for this protocol so it
> -                    // requires ALPN. It has been configured on a non-secure
> -                    // connector where ALPN is not available.
> -                    getLog().error(sm.getString("abstractHttp11Protocol.alpnWithNoTls",
> +                    // ALPN is not supported by this connector and the upgrade
> +                    // protocol implementation does not support standard HTTP
> +                    // upgrade so there is no way available to enable support
> +                    // for this protocol.
> +                    getLog().error(sm.getString("abstractHttp11Protocol.alpnWithNoAlpn",
>                              upgradeProtocol.getClass().getName(), alpnName, getName()));
>                  }
>              }
> 
> Modified: tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties?rev=1770952&r1=1770951&r2=1770952&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties (original)
> +++ tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties Wed Nov 23 12:23:37
2016
> @@ -14,7 +14,7 @@
>  # limitations under the License.
>  
>  abstractHttp11Protocol.alpnConfigured=The [{0}] connector has been configured to support
negotiation to [{1}] via ALPN
> -abstractHttp11Protocol.alpnWithNoTls=The upgrade handler [{0}] for [{1}] only supports
upgrade via ALPN but has been configured for the [{2}] connector that is not enabled for TLS.
> +abstractHttp11Protocol.alpnWithNoAlpn=The upgrade handler [{0}] for [{1}] only supports
upgrade via ALPN but has been configured for the [{2}] connector that does not support ALPN.
>  abstractHttp11Protocol.httpUpgradeConfigured=The [{0}] connector has been configured
to support HTTP upgrade to [{1}]
>  
>  http11processor.fallToDebug=\n Note: further occurrences of HTTP header parsing errors
will be logged at DEBUG level.
> 
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1770952&r1=1770951&r2=1770952&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Wed Nov 23 12:23:37
2016
> @@ -459,6 +459,15 @@ public abstract class AbstractEndpoint<S
>      public boolean isSSLEnabled() { return SSLEnabled; }
>      public void setSSLEnabled(boolean SSLEnabled) { this.SSLEnabled = SSLEnabled; }
>  
> +    /**
> +     * Identifies if the endpoint supports ALPN. Note that a return value of
> +     * <code>true</code> implies that {@link #isSSLEnabled()} will also
return
> +     * <code>true</code>.
> +     *
> +     * @return <code>true</true> if the endpoint supports ALPN in its current
> +     *         configuration, otherwise <code>false</code>.
> +     */
> +    public abstract boolean isAlpnSupported();
>  
>      private int minSpareThreads = 10;
>      public void setMinSpareThreads(int minSpareThreads) {
> 
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1770952&r1=1770951&r2=1770952&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Wed Nov 23
12:23:37 2016
> @@ -206,6 +206,20 @@ public abstract class AbstractJsseEndpoi
>      }
>  
>  
> +
> +    @Override
> +    public boolean isAlpnSupported() {
> +        // ALPN requires TLS so if there is no SSLImplementation, or if TLS is
> +        // not enabled, ALPN cannot be supported
> +        if (sslImplementation == null || !isSSLEnabled()) {
> +            return false;
> +        }
> +
> +        // Depends on the SSLImplementation
> +        return sslImplementation.isAlpnSupported();
> +    }
> +
> +
>      @Override
>      public void unbind() throws Exception {
>          for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
> 
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1770952&r1=1770951&r2=1770952&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Wed Nov 23 12:23:37
2016
> @@ -539,6 +539,16 @@ public class AprEndpoint extends Abstrac
>      }
>  
>  
> +
> +    @Override
> +    public boolean isAlpnSupported() {
> +        // The APR/native connector always supports ALPN if TLS is in use
> +        // because OpenSSL supports ALPN. Therefore, this is equivalent to
> +        // testing of SSL is enabled.
> +        return isSSLEnabled();
> +    }
> +
> +
>      /**
>       * Start the APR endpoint, creating acceptor, poller and sendfile threads.
>       */
> 
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java?rev=1770952&r1=1770951&r2=1770952&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLImplementation.java Wed Nov 23 12:23:37
2016
> @@ -67,4 +67,6 @@ public abstract class SSLImplementation
>      public abstract SSLSupport getSSLSupport(SSLSession session);
>  
>      public abstract SSLUtil getSSLUtil(SSLHostConfigCertificate certificate);
> +
> +    public abstract boolean isAlpnSupported();
>  }
> 
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java?rev=1770952&r1=1770951&r2=1770952&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEImplementation.java Wed Nov
23 12:23:37 2016
> @@ -48,4 +48,10 @@ public class JSSEImplementation extends
>      public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) {
>          return new JSSEUtil(certificate);
>      }
> +
> +    @Override
> +    public boolean isAlpnSupported() {
> +        // JSSE does not (yet) support ALPN
> +        return false;
> +    }
>  }
> 
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java?rev=1770952&r1=1770951&r2=1770952&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLImplementation.java Wed
Nov 23 12:23:37 2016
> @@ -36,4 +36,9 @@ public class OpenSSLImplementation exten
>          return new OpenSSLUtil(certificate);
>      }
>  
> +    @Override
> +    public boolean isAlpnSupported() {
> +        // OpenSSL supportd ALPN
> +        return true;
> +    }
>  }
> 
> Modified: tomcat/trunk/webapps/docs/changelog.xml
> URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1770952&r1=1770951&r2=1770952&view=diff
> ==============================================================================
> --- tomcat/trunk/webapps/docs/changelog.xml (original)
> +++ tomcat/trunk/webapps/docs/changelog.xml Wed Nov 23 12:23:37 2016
> @@ -103,6 +103,10 @@
>          the capacity of this buffer when IOException occurs while writing the
>          headers to the socket. (violetagg)
>        </fix>
> +      <fix>
> +        Ensure that the availability of configured upgrade protocols that
> +        require ALPN is correctly reported during Tomcat start. (markt)
> +      </fix>
>      </changelog>
>    </subsection>
>    <subsection name="Web applications">
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message