[Pkg-freeipa-devel] tomcatjss: Changes to 'upstream'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Wed Aug 31 12:18:56 UTC 2016
build.xml | 4 -
src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java | 32 +++++++++++++--
tomcatjss.spec | 8 +++
3 files changed, 38 insertions(+), 6 deletions(-)
New commits:
commit c5af32b76ba01258ea5931637a66d2fc8bf78204
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Wed Aug 31 15:06:59 2016 +0300
Imported Upstream version 7.1.4
diff --git a/build.xml b/build.xml
index 4bd13ec..1bbe8a5 100755
--- a/build.xml
+++ b/build.xml
@@ -37,8 +37,8 @@
<property name="Name" value="Tomcat JSS"/>
<property name="name" value="tomcatjss"/>
- <property name="version" value="7.1.3"/>
- <property name="manifest-version" value="7.1.3"/>
+ <property name="version" value="7.1.4"/>
+ <property name="manifest-version" value="7.1.4"/>
<!--
Set the properties that control various build options
diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
index 7576618..2d00366 100755
--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
@@ -96,8 +96,12 @@ public class JSSSocketFactory implements
SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
+
cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
+ // deprecated SSL3.0 names replaced by IANA-registered TLS names
+ cipherMap.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
@@ -116,14 +120,23 @@ public class JSSSocketFactory implements
SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
+
cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+ // deprecated SSL3.0 names replaced by IANA-registered TLS names
+ cipherMap.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+
cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
+
cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+ // deprecated SSL3.0 names replaced by IANA-registered TLS names
+ cipherMap.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
@@ -257,13 +270,21 @@ public class JSSSocketFactory implements
SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
- SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+/* unsupported by nss
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
-
+*/
+
+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
}
private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
@@ -308,6 +329,10 @@ public class JSSSocketFactory implements
"TLS_ECDH_RSA_WITH_NULL_SHA");
eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
"TLS_ECDH_ECDSA_WITH_NULL_SHA");
+/* unsupported by nss
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+ "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
+*/
}
private AbstractEndpoint endpoint;
@@ -393,6 +418,7 @@ public class JSSSocketFactory implements
+ ": 0x" + Integer.toHexString(cipherid) + "\n");
SSLSocket.setCipherPreferenceDefault(cipherid, state);
} catch (Exception e) {
+ System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e);
if (eccCipherMap.containsKey(cipherid)) {
System.err
.println("Warning: SSL ECC cipher \""
diff --git a/tomcatjss.spec b/tomcatjss.spec
index 7c29c35..6baaca8 100755
--- a/tomcatjss.spec
+++ b/tomcatjss.spec
@@ -1,5 +1,5 @@
Name: tomcatjss
-Version: 7.1.3
+Version: 7.1.4
Release: 1%{?dist}
Summary: JSSE implementation using JSS for Tomcat
URL: http://pki.fedoraproject.org/
@@ -91,6 +91,12 @@ rm -rf %{buildroot}
%{_javadir}/*
%changelog
+* Tue Jul 5 2016 Christina Fu <cfu at redhat.com> 7.1.4.1
+- Bugzilla Bug #1203407 missing ciphers (cfu)
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng at fedoraproject.org> 7.1.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
* Wed Jul 22 2015 Endi Sukma Dewata <edewata at redhat.com> 7.1.3-1
- Bugzilla Bug #1245786 - Build failure on F23
More information about the Pkg-freeipa-devel
mailing list