Skip to content
Commits on Source (7)
  • Endi S. Dewata's avatar
    Getting version number from installed Tomcat · 78773e32
    Endi S. Dewata authored 
    The spec template has been modified to get the Tomcat version
from the installed Tomcat instead of pre-defined constant. This
allows TomcatJSS to be built with non-standard Tomcat package.

Change-Id: Icfb512558d5918eba960e27f5a74ea4f4035bd61
    78773e32
  • Alexander Bokovoy's avatar
    Add TLS 1.3 support · 2f12b726
    Alexander Bokovoy authored
    2f12b726
  • Alexander Bokovoy's avatar
    Use boundSSLVersionRange() · cf2a4a21
    Alexander Bokovoy authored
    cf2a4a21
  • Fraser Tweedale's avatar
    depend on jss >= 4.5.1 · 1484e650
    Fraser Tweedale authored 
    jss-4.5.1 introduced SSLSocket.boundSSLVersionRange which clamps a
TLS version range configuration to the system crypto policy.
tomcatjss has been updated to use this routine.  Update the spec
file accordingly.
    1484e650
  • Fraser Tweedale's avatar
    Revert "depend on jss >= 4.5.1" · 045c54f0
    Fraser Tweedale authored 
    This reverts commit 1484e650.

jss 4.5.0 was not released yet.  Let alone 4.5.1!  So we will
put the new jss symbol back into 4.5.0 and revert the dependency
bump in tomcatjss.
    045c54f0
  • Endi S. Dewata's avatar
    Added TOMCATJSS_7_3_REPO parameter · 913d9bb1
    Endi S. Dewata authored 
    A new TOMCATJSS_7_3_REPO parameter has been added to specify the
repository that provides TomcatJSS 7.3 dependencies. By default
it will use @pki/10.6.

Change-Id: I85bae1605bfc60d858b232d2d6b7d5049ff3d76c
    913d9bb1
  • Endi S. Dewata's avatar
    Updated version number to 7.3.4 · f51f08b5
    Endi S. Dewata authored 
    The TomcatJSS class has been modified to use the new SSLVersion
enum in JSS which supports TLS 1.3.

Change-Id: I7940a2be9cf3675baeea082c60292a4e70d7d6a7
    f51f08b5
Show whitespace changes
Inline Side-by-side
.classpath
View file @ f51f08b5
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
<classpathentry kind="src" path="tomcat-8.0/src"/>
<classpathentry kind="src" path="tomcat-8.5/src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-lang.jar"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
......
.travis.yml
View file @ f51f08b5
......@@ -19,7 +19,7 @@ install:
-v $(pwd):/root/tomcatjss
registry.fedoraproject.org/fedora:$FEDORA
- docker exec container dnf install -y dnf-plugins-core gcc make rpm-build
- docker exec container dnf copr -y enable @pki/10.6
- docker exec container dnf copr -y enable ${TOMCATJSS_7_3_REPO:-@pki/10.6}
- docker exec container dnf builddep -y --spec /root/tomcatjss/tomcatjss.spec.in
- docker exec container dnf remove -y tomcat-native
- docker exec container /root/tomcatjss/build.sh --with-timestamp --with-commit-id rpm
......
src/org/apache/tomcat/util/net/jss/TomcatJSS.java
View file @ f51f08b5
......@@ -37,11 +37,12 @@ import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.ssl.SSLAlertEvent;
import org.mozilla.jss.ssl.SSLCipher;
import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
import org.mozilla.jss.ssl.SSLProtocolVariant;
import org.mozilla.jss.ssl.SSLServerSocket;
import org.mozilla.jss.ssl.SSLSocket;
import org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant;
import org.mozilla.jss.ssl.SSLSocket.SSLVersionRange;
import org.mozilla.jss.ssl.SSLSocketListener;
import org.mozilla.jss.ssl.SSLVersion;
import org.mozilla.jss.ssl.SSLVersionRange;
import org.mozilla.jss.util.IncorrectPasswordException;
import org.mozilla.jss.util.Password;
import org.slf4j.Logger;
......@@ -562,8 +563,9 @@ public class TomcatJSS implements SSLSocketListener {
* or "datagram".
*
* @param sslVersionRange_s takes on the form of "min:max" where min/max
* values can be "ssl3, tls1_0, tls1_1, or tls1_2". ssl2 is not supported for
* tomcatjss via this interface. The format is "sslVersionRange=min:max".
* values can be "ssl3, tls1_0, tls1_1, tls1_2, tls1_3". ssl2 is not
* supported for tomcatjss via this interface. The format is
* "sslVersionRange=min:max".
*/
public void setSSLVersionRangeDefault(
String type,
......@@ -583,42 +585,18 @@ public class TomcatJSS implements SSLSocketListener {
logger.debug("* min: " + min_s);
logger.debug("* max: " + max_s);
int min = getSSLVersionRangeEnum(min_s);
int max = getSSLVersionRangeEnum(max_s);
SSLVersion minVersion = SSLVersion.findByAlias(min_s);
SSLVersion maxVersion = SSLVersion.findByAlias(max_s);
if (min == -1 || max == -1) {
throw new SocketException("SSL version range format error: " + sslVersionRange_s);
}
SSLVersionRange range = new SSLVersionRange(minVersion, maxVersion);
range = SSLSocket.boundSSLVersionRange(SSLProtocolVariant.STREAM, range);
SSLVersionRange range = new SSLVersionRange(min, max);
logger.debug("Actual SSL version range for " + type + " after system policy correction:");
logger.debug("* min: " + range.getMinVersion());
logger.debug("* max: " + range.getMaxVersion());
SSLSocket.setSSLVersionRangeDefault(protoVariant, range);
}
int getSSLVersionRangeEnum(String range) {
if (range == null) {
return -1;
}
if (range.equals("ssl3")) {
return SSLVersionRange.ssl3;
}
if (range.equals("tls1_0")) {
return SSLVersionRange.tls1_0;
}
if (range.equals("tls1_1")) {
return SSLVersionRange.tls1_1;
}
if (range.equals("tls1_2")) {
return SSLVersionRange.tls1_2;
}
return -1;
}
public void setSSLCiphers(String attr, String ciphers) throws SocketException, IOException {
if (StringUtils.isEmpty(ciphers)) {
......
tomcatjss.spec.in
View file @ f51f08b5
......@@ -7,7 +7,7 @@ URL: http://www.dogtagpki.org/wiki/TomcatJSS
License: LGPLv2+
BuildArch: noarch
Version: 7.3.3
Version: 7.3.4
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
# global _phase -a1
......@@ -28,20 +28,6 @@ Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_
# > tomcatjss-VERSION-RELEASE.patch
# Patch: tomcatjss-VERSION-RELEASE.patch
################################################################################
# Tomcat
################################################################################
%if 0%{?rhel} && 0%{?rhel} <= 7
%global app_server tomcat-7.0
%else
%if 0%{?fedora} && 0%{?fedora} <= 27
%global app_server tomcat-8.0
%else
%global app_server tomcat-8.5
%endif
%endif
################################################################################
# Build Dependencies
################################################################################
......@@ -71,7 +57,7 @@ BuildRequires: slf4j-jdk14
%if 0%{?rhel} && 0%{?rhel} <= 7
BuildRequires: jss >= 4.4.0-7
%else
BuildRequires: jss >= 4.5.0-0.4
BuildRequires: jss >= 4.5.0-0.6
%endif
# Tomcat
......@@ -114,7 +100,7 @@ Requires: slf4j-jdk14
%if 0%{?rhel} && 0%{?rhel} <= 7
Requires: jss >= 4.4.0-7
%else
Requires: jss >= 4.5.0-0.4
Requires: jss >= 4.5.0-0.6
%endif
# Tomcat
......@@ -123,7 +109,6 @@ Requires: tomcat >= 7.0.69
%else
%if 0%{?fedora} && 0%{?fedora} <= 27
Requires: tomcat >= 8.0.49
Conflicts: tomcat >= 1:8.5
%else
%if 0%{?fedora} && 0%{?fedora} <= 28
Requires: tomcat >= 1:8.5.23
......@@ -140,7 +125,7 @@ Requires: tomcat >= 1:9.0.7
Conflicts: tomcat-native
# PKI
Conflicts: pki-base < 10.6.3
Conflicts: pki-base < 10.6.5
%if 0%{?rhel}
......@@ -168,9 +153,18 @@ NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
%install
################################################################################
# get Tomcat <major>.<minor> version number
tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
if [ $tomcat_version == "9.0" ]; then
app_server=tomcat-8.5
else
app_server=tomcat-$tomcat_version
fi
ant -f build.xml \
-Dversion=%{version} \
-Dsrc.dir=%{app_server} \
-Dsrc.dir=$app_server \
-Djnidir=%{_jnidir} \
-Dinstall.doc.dir=%{buildroot}%{_docdir}/%{name} \
-Dinstall.jar.dir=%{buildroot}%{_javadir} \
......