[Pkg-freeipa-devel] tomcatjss: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Sat Oct 21 08:21:45 UTC 2017
.classpath | 10
.gitignore | 3
.project | 17
.settings/org.eclipse.jdt.core.prefs | 282 ++++++++++++++
.settings/org.eclipse.jdt.ui.prefs | 56 ++
README | 26 -
build.xml | 30 +
build_tomcatjss | 43 ++
debian/changelog | 9
debian/control | 6
debian/source/local-options | 3
rhel.properties | 1
src/org/apache/tomcat/util/net/jss/IJSSFactory.java | 5
src/org/apache/tomcat/util/net/jss/JSSFactory.java | 7
src/org/apache/tomcat/util/net/jss/JSSImplementation.java | 36 +
src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java | 85 ++--
src/org/apache/tomcat/util/net/jss/TomcatJSS.java | 69 +++
tomcatjss.spec | 67 ++-
18 files changed, 679 insertions(+), 76 deletions(-)
New commits:
commit e8925867dd39efd012f05085057767ed877302a3
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Oct 21 11:19:54 2017 +0300
releasing package tomcatjss version 7.2.4-1
diff --git a/debian/changelog b/debian/changelog
index fc0da6c..e008f93 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,11 @@
-tomcatjss (7.2.4-1) UNRELEASED; urgency=medium
+tomcatjss (7.2.4-1) unstable; urgency=medium
* New upstream release.
* control: Build-depend on libtomcat8.0-java.
* control: Bump libjss-java build-dep to 4.4.2.
* source/local-options: Ignore some files not in the tarball.
- -- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 17:18:59 +0300
+ -- Timo Aaltonen <tjaalton at debian.org> Sat, 21 Oct 2017 11:19:37 +0300
tomcatjss (7.1.4-4) unstable; urgency=medium
commit 960ce0e3218b83ef1f2d6ccd2508deedafe4b7b8
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Sep 18 21:08:41 2017 +0300
source/local-options: Ignore some files not in the tarball.
diff --git a/debian/changelog b/debian/changelog
index 9f5a110..fc0da6c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ tomcatjss (7.2.4-1) UNRELEASED; urgency=medium
* New upstream release.
* control: Build-depend on libtomcat8.0-java.
* control: Bump libjss-java build-dep to 4.4.2.
+ * source/local-options: Ignore some files not in the tarball.
-- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 17:18:59 +0300
diff --git a/debian/source/local-options b/debian/source/local-options
new file mode 100644
index 0000000..2885f69
--- /dev/null
+++ b/debian/source/local-options
@@ -0,0 +1,3 @@
+extend-diff-ignore = .classpath|.project|.settings/org.eclipse.jdt.core.prefs|.settings/org.eclipse.jdt.ui.prefs
+extend-diff-ignore = build_tomcatjss|rhel.properties|tomcatjss.spec
+
commit 967660d33c2a8777a8e8df84966261326ebdba89
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Sep 18 21:08:09 2017 +0300
control: Bump libjss-java build-dep to 4.4.2.
diff --git a/debian/changelog b/debian/changelog
index b1a346c..9f5a110 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ tomcatjss (7.2.4-1) UNRELEASED; urgency=medium
* New upstream release.
* control: Build-depend on libtomcat8.0-java.
+ * control: Bump libjss-java build-dep to 4.4.2.
-- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 17:18:59 +0300
diff --git a/debian/control b/debian/control
index fc68e44..bafe29a 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends:
javahelper,
libcommons-lang-java,
libcommons-logging-java,
- libjss-java (>= 4.3.1-5),
+ libjss-java (>= 4.4.2),
libtomcat8.0-java,
Standards-Version: 3.9.8
Homepage: http://pki.fedoraproject.org
commit efed0960ad56c676d3d3d0753ce6bb8ff97521b6
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Sep 18 18:33:40 2017 +0300
control: Build-depend on libtomcat8.0-java.
diff --git a/debian/changelog b/debian/changelog
index 81ba821..b1a346c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
tomcatjss (7.2.4-1) UNRELEASED; urgency=medium
* New upstream release.
+ * control: Build-depend on libtomcat8.0-java.
-- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 17:18:59 +0300
diff --git a/debian/control b/debian/control
index 281e5f1..fc68e44 100644
--- a/debian/control
+++ b/debian/control
@@ -11,7 +11,7 @@ Build-Depends:
libcommons-lang-java,
libcommons-logging-java,
libjss-java (>= 4.3.1-5),
- libtomcat8-java,
+ libtomcat8.0-java,
Standards-Version: 3.9.8
Homepage: http://pki.fedoraproject.org
Vcs-Git: https://anonscm.debian.org/git/pkg-freeipa/tomcatjss.git
@@ -19,7 +19,7 @@ Vcs-Browser: https://anonscm.debian.org/cgit/pkg-freeipa/tomcatjss.git
Package: libtomcatjss-java
Architecture: all
-Depends: libtomcat8-java, ${java:Depends}, ${misc:Depends},
+Depends: libtomcat8.0-java, ${java:Depends}, ${misc:Depends},
libjss-java (>= 4.3.1-5)
Conflicts: libtcnative-1
Breaks: pki-server (<< 10.3.5-2)
commit 49d5df47a81124dd9f613725f58bf57e0e478249
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Sep 18 18:12:21 2017 +0300
update changelog
diff --git a/debian/changelog b/debian/changelog
index f61c8be..81ba821 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+tomcatjss (7.2.4-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 17:18:59 +0300
+
tomcatjss (7.1.4-4) unstable; urgency=medium
* control: Add breaks for pki-server versions which use tomcat7.
commit 7ace773ac5a46704c131bd1cc788d6db4568e401
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Mon Jun 12 16:05:21 2017 -0600
Comply with ASF trademark rules
- tomcatjss Pagure Issue #10 - Comply with ASF trademark rules (mharmsen)
diff --git a/README b/README
index b8f3860..b3912ba 100644
--- a/README
+++ b/README
@@ -1,23 +1,29 @@
-tomcatjss, a JSSE module for Tomcat that uses JSS, a Java interface to
-Network Security Services(NSS).
+JSS Connector for Apache Tomcat, installed via the tomcatjss package,
+is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
+uses Java Security Services (JSS), a Java interface to Network Security
+Services (NSS).
-tomcatjss defines a number of attributes for a Connector including:
+JSS Connector for Apache Tomcat defines a number of attributes for a Connector
+including:
clientauth: specify if client authentication is required in the connector (or
port), it can be true or false. If true then client authentication is required.
sslOptions: specify a comma-delimited list of ssl options to pass into the ssl
implementation. Each option takes the form of: option=[true|false].
-tomcatjss supports the options: ssl2, ssl3, tls.
+JSS Connector for Apache Tomcat supports the options: ssl2, ssl3, tls.
-ssl2Ciphers: specify a list of SSL2 ciphers that tomcatjss should accept
-or reject from the client. You can use + to denote "accept", - means "reject".
+ssl2Ciphers: specify a list of SSL2 ciphers that JSS Connector for
+Apache Tomcat should accept or reject from the client. You can use + to
+denote "accept", - means "reject"
-ssl3Ciphers: specifies a list of SSL3 ciphers that tomcatjss should accept
-or reject from the client. You can use + to denote "accept", - means "reject".
+ssl3Ciphers: specifies a list of SSL3 ciphers that JSS Connector for
+Apache Tomcat should accept or reject from the client. You can use + to
+denote "accept", - means "reject".
-tlsCiphers: specifies a list of TLS ciphers that tomcatjss should accept
-or reject from the client. You can use + to denote "accept", - means "reject".
+tlsCiphers: specifies a list of TLS ciphers that JSS Connector for
+Apache Tomcat should accept or reject from the client. You can use + to
+denote "accept", - means "reject".
serverCertNickFile: a file in which specify the nickname of the
server certificate. The file should contain a single line that contains
diff --git a/build.xml b/build.xml
index 3060117..ebb5dd1 100644
--- a/build.xml
+++ b/build.xml
@@ -37,8 +37,8 @@
<property name="Name" value="Tomcat JSS"/>
<property name="name" value="tomcatjss"/>
- <property name="version" value="7.2.3"/>
- <property name="manifest-version" value="7.2.3"/>
+ <property name="version" value="7.2.4"/>
+ <property name="manifest-version" value="7.2.4"/>
<!--
Set the properties that control various build options
diff --git a/tomcatjss.spec b/tomcatjss.spec
index da289fc..ca358bb 100644
--- a/tomcatjss.spec
+++ b/tomcatjss.spec
@@ -1,7 +1,7 @@
Name: tomcatjss
-Version: 7.2.3
+Version: 7.2.4
Release: 1%{?dist}
-Summary: JSSE implementation using JSS for Tomcat
+Summary: JSS Connector for Apache Tomcat, a JSSE module for Apache Tomcat that uses JSS
URL: http://pki.fedoraproject.org/
License: LGPLv2+
Group: System Environment/Libraries
@@ -60,8 +60,10 @@ Conflicts: tomcat-native
%endif
%description
-A Java Secure Socket Extension (JSSE) implementation
-using Java Security Services (JSS) for Tomcat 7.
+JSS Connector for Apache Tomcat, installed via the tomcatjss package,
+is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
+uses Java Security Services (JSS), a Java interface to Network Security
+Services (NSS).
NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
because it uses an underlying NSS security model rather than the
@@ -100,13 +102,14 @@ rm -rf %{buildroot}
%{_javadir}/*
%changelog
+* Mon Jun 12 2017 Matthew Harmsen <mharmsen at redhat.com> 7.2.4-1
+- tomcatjss Pagure Issue #10 - Comply with ASF trademark rules (mharmsen)
+
* Mon Jun 5 2017 Endi Sukma Dewata <edewata at redhat.com> 7.2.3-1
- tomcatjss Pagure Issue #9 - Problem parsing formatted cipher list (edewata)
* Mon Mar 27 2017 Matthew Harmsen <mharmsen at redhat.com> - 7.2.2-1
- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.x in Fedora 25+ (mharmsen)
-- ## 'tomcatjss-support-for-event-API.patch' resolves the following issues
- ## ported from upstream:
- tomcatjss Pagure Issue #4 - Support for Event API (edewata)
* Tue Mar 21 2017 Matthew Harmsen <mharmsen at redhat.com> - 7.2.1-2
@@ -144,13 +147,13 @@ rm -rf %{buildroot}
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed Mar 4 2015 Endi Sukma Dewata <edewata at redhat.com> 7.1.2-1
-- Bugzilla Bug #1198450 - Support for Tomcat 8
+- Bugzilla Bug #1198450 - Support for Apache Tomcat 8
- Bugzilla Bug #1214858 - Add nuxwdog support (alee)
* Tue Sep 30 2014 Christina Fu <cfu at redhat.com> 7.1.1-1
- Bugzilla Bug #1058366 NullPointerException in tomcatjss searching
for attribute "clientauth" (cfu)
-- Bugzilla Bug #871171 - Provide Tomcat support for TLS v1.1 and
+- Bugzilla Bug #871171 - Provide Apache Tomcat support for TLS v1.1 and
TLS v1.2 (cfu)
- Bumped revision to 7.1.1
@@ -178,8 +181,8 @@ rm -rf %{buildroot}
- Bugzila Bug #819554 tomcatjss: Please migrate from tomcat6 to tomcat7
* Thu Aug 2 2012 Matthew Harmsen <mharmsen at redhat.com> 7.0.0-3
-- PKI TRAC Ticket #283 - Dogtag 10: Integrate Tomcat 6 'tomcatjss.jar' and
- Tomcat 7 'tomcat7jss.jar' in Fedora 18 tomcatjss package
+- PKI TRAC Ticket #283 - Dogtag 10: Integrate Apache Tomcat 6 'tomcatjss.jar'
+ and Apache Tomcat 7 'tomcat7jss.jar' in Fedora 18 tomcatjss package
* Thu Jul 26 2012 Matthew Harmsen <mharmsen at redhat.com> 7.0.0-2
- Fixed runtime 'Requires' cut/paste typos
commit 926034fa2a7c4043f88c0ecdfd32901728d0aaee
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Mon Jun 5 15:52:32 2017 -0600
Bumped version to 7.2.3.
diff --git a/build.xml b/build.xml
index db30abb..3060117 100644
--- a/build.xml
+++ b/build.xml
@@ -37,8 +37,8 @@
<property name="Name" value="Tomcat JSS"/>
<property name="name" value="tomcatjss"/>
- <property name="version" value="7.2.2"/>
- <property name="manifest-version" value="7.2.2"/>
+ <property name="version" value="7.2.3"/>
+ <property name="manifest-version" value="7.2.3"/>
<!--
Set the properties that control various build options
diff --git a/tomcatjss.spec b/tomcatjss.spec
index 4cec64c..da289fc 100644
--- a/tomcatjss.spec
+++ b/tomcatjss.spec
@@ -1,5 +1,5 @@
Name: tomcatjss
-Version: 7.2.2
+Version: 7.2.3
Release: 1%{?dist}
Summary: JSSE implementation using JSS for Tomcat
URL: http://pki.fedoraproject.org/
@@ -20,9 +20,9 @@ BuildRequires: apache-commons-lang
BuildRequires: java-devel
BuildRequires: jpackage-utils >= 0:1.7.5-15
%if 0%{?fedora}
-BuildRequires: jss >= 4.4.1
+BuildRequires: jss >= 4.4.2-2
%else
-BuildRequires: jss >= 4.4.0-4
+BuildRequires: jss >= 4.4.0-7
%endif
%if 0%{?fedora} >= 23
BuildRequires: tomcat >= 8.0.18
@@ -38,9 +38,9 @@ Requires: java
%endif
Requires: jpackage-utils >= 0:1.7.5-15
%if 0%{?fedora}
-Requires: jss >= 4.4.1
+Requires: jss >= 4.4.2-2
%else
-Requires: jss >= 4.4.0-4
+Requires: jss >= 4.4.0-7
%endif
%if 0%{?fedora} >= 23
Requires: tomcat >= 8.0.18
@@ -100,6 +100,9 @@ rm -rf %{buildroot}
%{_javadir}/*
%changelog
+* Mon Jun 5 2017 Endi Sukma Dewata <edewata at redhat.com> 7.2.3-1
+- tomcatjss Pagure Issue #9 - Problem parsing formatted cipher list (edewata)
+
* Mon Mar 27 2017 Matthew Harmsen <mharmsen at redhat.com> - 7.2.2-1
- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.x in Fedora 25+ (mharmsen)
- ## 'tomcatjss-support-for-event-API.patch' resolves the following issues
commit c14c8ec6b077721eddeddb125b9a4b0141e5e4aa
Author: Endi S. Dewata <edewata at redhat.com>
Date: Thu Jun 1 00:29:37 2017 +0200
Fixed SSL cipher list parser.
The SSL cipher list parsers have been modified to ignore spaces
to allow more user-friendly formatting.
https://pagure.io/tomcatjss/issue/9
Change-Id: Ic21f0347e06e20f64ef37de95f9d1f1ac3d1f0d2
diff --git a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
index 42dc8d2..8721844 100644
--- a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
@@ -25,6 +25,8 @@ import java.io.IOException;
import java.net.Socket;
import java.util.Properties;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
@@ -35,8 +37,7 @@ public class JSSImplementation extends SSLImplementation {
static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
- static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
- .getLog(JSSImplementation.class);
+ static Log logger = LogFactory.getLog(JSSImplementation.class);
private JSSFactory factory = null;
diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
index 4992600..f974a89 100644
--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
@@ -42,6 +42,8 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
// Imports required to "implement" Tomcat 7 Interface
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.mozilla.jss.CertDatabaseException;
@@ -61,6 +63,8 @@ public class JSSSocketFactory implements
org.apache.tomcat.util.net.ServerSocketFactory,
org.apache.tomcat.util.net.SSLUtil {
+ static Log logger = LogFactory.getLog(JSSSocketFactory.class);
+
private static HashMap<String, Integer> cipherMap = new HashMap<String, Integer>();
static {
// SSLv2
@@ -382,9 +386,13 @@ public class JSSSocketFactory implements
debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
return;
}
- StringTokenizer st = new StringTokenizer(ciphers, ",");
+
+ logger.debug("Processing " + attr + ":");
+ StringTokenizer st = new StringTokenizer(ciphers, ", ");
while (st.hasMoreTokens()) {
String cipherstr = st.nextToken();
+ logger.debug(" - " + cipherstr);
+
int cipherid = 0;
String text;
boolean state;
@@ -456,9 +464,13 @@ public class JSSSocketFactory implements
debugWrite("no sslOptions specified");
return;
}
- StringTokenizer st = new StringTokenizer(options, ",");
+
+ logger.debug("Processing sslOptions:");
+ StringTokenizer st = new StringTokenizer(options, ", ");
while (st.hasMoreTokens()) {
String option = st.nextToken();
+ logger.debug(" - " + option);
+
StringTokenizer st1 = new StringTokenizer(option, "=");
String name = st1.nextToken();
String value = st1.nextToken();
commit 0985ae5ac985b89f2729725a2eee47be624b137b
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Fri Mar 31 18:31:36 2017 -0600
Fixed XML typo
diff --git a/build.xml b/build.xml
index c6eb156..db30abb 100644
--- a/build.xml
+++ b/build.xml
@@ -251,7 +251,7 @@
<!--
- NOTE: To only build an SRPM (e. g. - to use with "--scratch"), change:
+ NOTE: To only build an SRPM (e. g. - to use with "\-\-scratch"), change:
<arg value="-ba"/>
to:
<arg value="-bs"/>
commit 6fdbd3da2fa25cb87a8aa9bfb7d0ec85ff4182c7
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Thu Mar 30 17:55:30 2017 -0600
Bumped version to 7.2.2.
diff --git a/build.xml b/build.xml
index 97200fe..c6eb156 100644
--- a/build.xml
+++ b/build.xml
@@ -37,8 +37,8 @@
<property name="Name" value="Tomcat JSS"/>
<property name="name" value="tomcatjss"/>
- <property name="version" value="7.2.1"/>
- <property name="manifest-version" value="7.2.1"/>
+ <property name="version" value="7.2.2"/>
+ <property name="manifest-version" value="7.2.2"/>
<!--
Set the properties that control various build options
@@ -250,6 +250,12 @@
<mkdir dir="${rpm.dist.dir}/BUILD"/>
+ <!--
+ NOTE: To only build an SRPM (e. g. - to use with "--scratch"), change:
+ <arg value="-ba"/>
+ to:
+ <arg value="-bs"/>
+ -->
<exec executable="rpmbuild">
<arg value="--define"/>
<arg value="_topdir ${rpm.dist.dir}"/>
diff --git a/tomcatjss.spec b/tomcatjss.spec
index 7654eb9..4cec64c 100644
--- a/tomcatjss.spec
+++ b/tomcatjss.spec
@@ -1,6 +1,6 @@
Name: tomcatjss
-Version: 7.2.1
-Release: 2%{?dist}
+Version: 7.2.2
+Release: 1%{?dist}
Summary: JSSE implementation using JSS for Tomcat
URL: http://pki.fedoraproject.org/
License: LGPLv2+
@@ -19,7 +19,11 @@ BuildRequires: ant
BuildRequires: apache-commons-lang
BuildRequires: java-devel
BuildRequires: jpackage-utils >= 0:1.7.5-15
-BuildRequires: jss >= 4.4.0
+%if 0%{?fedora}
+BuildRequires: jss >= 4.4.1
+%else
+BuildRequires: jss >= 4.4.0-4
+%endif
%if 0%{?fedora} >= 23
BuildRequires: tomcat >= 8.0.18
%else
@@ -33,7 +37,11 @@ Requires: java-headless
Requires: java
%endif
Requires: jpackage-utils >= 0:1.7.5-15
-Requires: jss >= 4.4.0
+%if 0%{?fedora}
+Requires: jss >= 4.4.1
+%else
+Requires: jss >= 4.4.0-4
+%endif
%if 0%{?fedora} >= 23
Requires: tomcat >= 8.0.18
%else
@@ -92,6 +100,12 @@ rm -rf %{buildroot}
%{_javadir}/*
%changelog
+* Mon Mar 27 2017 Matthew Harmsen <mharmsen at redhat.com> - 7.2.2-1
+- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.x in Fedora 25+ (mharmsen)
+- ## 'tomcatjss-support-for-event-API.patch' resolves the following issues
+ ## ported from upstream:
+- tomcatjss Pagure Issue #4 - Support for Event API (edewata)
+
* Tue Mar 21 2017 Matthew Harmsen <mharmsen at redhat.com> - 7.2.1-2
- Bugzilla Bug #1434541 - tomcatjss 7.2.1 is incompatible with versions of
pki-base < 10.4.0
@@ -105,8 +119,8 @@ rm -rf %{buildroot}
included inside the tarball
* Sun Mar 12 2017 Matthew Harmsen <mharmsen at redhat.com> 7.2.0-1
-- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.0 in Fedora 25+ (mharmsen)
-- Bugzilla Bug #1394416 - Rebase tomcatjss to 7.2.0 in RHEL 7.4 (mharmsen)
+- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.x in Fedora 25+ (mharmsen)
+- Bugzilla Bug #1394416 - Rebase tomcatjss to 7.2.x in RHEL 7.4 (mharmsen)
* Sat Feb 11 2017 Fedora Release Engineering <releng at fedoraproject.org> - 7.1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
commit 7612272aa337c413ac4b96cd13d5a1384b80b5aa
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Jan 27 04:31:41 2017 +0100
Added SSLSocketListener registry.
A new TomcatJSS class has been added as a mechanism to register
SSLSocketListeners for all SSLSockets created by TomcatJSS.
https://pagure.io/tomcatjss/issue/4
diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
index bc096c1..4992600 100644
--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
@@ -934,6 +934,10 @@ public class JSSSocketFactory implements
SSLSocket asock = null;
try {
asock = (SSLSocket) socket.accept();
+
+ TomcatJSS tomcatjss = TomcatJSS.getInstance();
+ asock.addSocketListener(tomcatjss);
+
if (wantClientAuth || requireClientAuth) {
asock.requestClientAuth(true);
if (requireClientAuth == true) {
diff --git a/src/org/apache/tomcat/util/net/jss/TomcatJSS.java b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
new file mode 100644
index 0000000..9717921
--- /dev/null
+++ b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
@@ -0,0 +1,69 @@
+/* BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * Copyright (C) 2017 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK */
+
+package org.apache.tomcat.util.net.jss;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.mozilla.jss.ssl.SSLAlertEvent;
+import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
+import org.mozilla.jss.ssl.SSLSocketListener;
+
+public class TomcatJSS implements SSLSocketListener {
+
+ public final static TomcatJSS INSTANCE = new TomcatJSS();
+
+ public static TomcatJSS getInstance() { return INSTANCE; }
+
+ Collection<SSLSocketListener> socketListeners = new ArrayList<SSLSocketListener>();
+
+ public void addSocketListener(SSLSocketListener listener) {
+ socketListeners.add(listener);
+ }
+
+ public void removeSocketListener(SSLSocketListener listener) {
+ socketListeners.remove(listener);
+ }
+
+ public Collection<SSLSocketListener> getSocketListeners() {
+ return socketListeners;
+ }
+
+ @Override
+ public void alertReceived(SSLAlertEvent event) {
+ for (SSLSocketListener listener : socketListeners) {
+ listener.alertReceived(event);
+ }
+ }
+
+ @Override
+ public void alertSent(SSLAlertEvent event) {
+ for (SSLSocketListener listener : socketListeners) {
+ listener.alertSent(event);
+ }
+ }
+
+ @Override
+ public void handshakeCompleted(SSLHandshakeCompletedEvent event) {
+ for (SSLSocketListener listener : socketListeners) {
+ listener.handshakeCompleted(event);
+ }
+ }
+}
commit c410c7a35b4aa78e7c35d11a72cc96ff932df982
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Mar 3 09:19:58 2017 +0100
Renamed getEndpointAttribute().
The getEndpointAttribute() in JSSSocketFactory has been renamed
to getProperty() for clarity.
diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
index ebf5505..bc096c1 100644
--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
@@ -377,7 +377,7 @@ public class JSSSocketFactory implements
}
public void setSSLCiphers(String attr) throws SocketException, IOException {
- String ciphers = getEndpointAttribute(attr);
+ String ciphers = getProperty(attr);
if (StringUtils.isEmpty(ciphers)) {
debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
return;
@@ -451,7 +451,7 @@ public class JSSSocketFactory implements
* parameter is ignored.
*/
public void setSSLOptions() throws SocketException, IOException {
- String options = getEndpointAttribute("sslOptions");
+ String options = getProperty("sslOptions");
if (StringUtils.isEmpty(options)) {
debugWrite("no sslOptions specified");
return;
@@ -562,7 +562,7 @@ public class JSSSocketFactory implements
return -1;
}
- String getEndpointAttribute(String tag) {
+ String getProperty(String tag) {
// check <catalina.base>/conf/server.xml
String value = (String)endpoint.getAttribute(tag);
@@ -575,8 +575,8 @@ public class JSSSocketFactory implements
return value;
}
- String getEndpointAttribute(String tag, String defaultValue) {
- String value = getEndpointAttribute(tag);
+ String getProperty(String tag, String defaultValue) {
+ String value = getProperty(tag);
if (value == null) {
return defaultValue;
}
@@ -585,7 +585,7 @@ public class JSSSocketFactory implements
void init() throws IOException {
// debug enabled?
- String deb = getEndpointAttribute("debug");
+ String deb = getProperty("debug");
if (StringUtils.equals(deb, "true")) {
debug = true;
debugFile = new FileWriter("/tmp/tomcatjss.log", true);
@@ -613,14 +613,14 @@ public class JSSSocketFactory implements
// MUST look for "clientauth" (ALL lowercase) since "clientAuth"
// (camel case) has already been processed by Tomcat 7
- String clientAuthStr = getEndpointAttribute("clientauth");
+ String clientAuthStr = getProperty("clientauth");
if (clientAuthStr == null) {
debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want.");
clientAuthStr = "want";
}
File file = null;
try {
- mServerCertNickPath = getEndpointAttribute("serverCertNickFile");
+ mServerCertNickPath = getProperty("serverCertNickFile");
if (mServerCertNickPath == null) {
throw new IOException("serverCertNickFile not specified");
}
@@ -656,7 +656,7 @@ public class JSSSocketFactory implements
"JSSSocketFactory: no serverCertNickFile defined");
}
- // serverCertNick = (String)getEndpointAttribute("serverCert");
+ // serverCertNick = (String)getProperty("serverCert");
if (clientAuthStr.equalsIgnoreCase("true")
|| clientAuthStr.equalsIgnoreCase("yes")) {
requireClientAuth = true;
@@ -670,7 +670,7 @@ public class JSSSocketFactory implements
&& ocspConfigured == false) {
debugWrite("JSSSocketFactory init - checking for OCSP settings. \n");
boolean enableOCSP = false;
- String doOCSP = getEndpointAttribute("enableOCSP");
+ String doOCSP = getProperty("enableOCSP");
debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP + " \n");
@@ -682,10 +682,10 @@ public class JSSSocketFactory implements
+ "\n");
if (enableOCSP == true) {
- String ocspResponderURL = getEndpointAttribute("ocspResponderURL");
+ String ocspResponderURL = getProperty("ocspResponderURL");
debugWrite("JSSSocketFactory init - ocspResponderURL "
+ ocspResponderURL + "\n");
- String ocspResponderCertNickname = getEndpointAttribute(
+ String ocspResponderCertNickname = getProperty(
"ocspResponderCertNickname");
debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
+ ocspResponderCertNickname + "\n");
@@ -700,9 +700,9 @@ public class JSSSocketFactory implements
int ocspMinCacheEntryDuration_i = 3600;
int ocspMaxCacheEntryDuration_i = 86400;
- String ocspCacheSize = getEndpointAttribute("ocspCacheSize");
- String ocspMinCacheEntryDuration = getEndpointAttribute("ocspMinCacheEntryDuration");
- String ocspMaxCacheEntryDuration = getEndpointAttribute("ocspMaxCacheEntryDuration");
+ String ocspCacheSize = getProperty("ocspCacheSize");
+ String ocspMinCacheEntryDuration = getProperty("ocspMinCacheEntryDuration");
+ String ocspMaxCacheEntryDuration = getProperty("ocspMaxCacheEntryDuration");
if (ocspCacheSize != null
|| ocspMinCacheEntryDuration != null
@@ -729,7 +729,7 @@ public class JSSSocketFactory implements
}
// defualt to 60 seconds;
- String ocspTimeout = getEndpointAttribute("ocspTimeout");
+ String ocspTimeout = getProperty("ocspTimeout");
if (ocspTimeout != null) {
debugWrite("JSSSocketFactory init - ocspTimeout= \n" + ocspTimeout);
int ocspTimeout_i = Integer.parseInt(ocspTimeout);
@@ -760,7 +760,7 @@ public class JSSSocketFactory implements
// 12 hours = 43200 seconds
SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
- String strictCiphersStr = getEndpointAttribute("strictCiphers");
+ String strictCiphersStr = getProperty("strictCiphers");
if (StringUtils.equalsIgnoreCase(strictCiphersStr, "true")
|| StringUtils.equalsIgnoreCase(strictCiphersStr, "yes")) {
mStrictCiphers = true;
@@ -773,7 +773,7 @@ public class JSSSocketFactory implements
debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
}
- String sslVersionRangeStream = getEndpointAttribute("sslVersionRangeStream");
+ String sslVersionRangeStream = getProperty("sslVersionRangeStream");
if ((sslVersionRangeStream != null)
&& !sslVersionRangeStream.equals("")) {
debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n");
@@ -783,7 +783,7 @@ public class JSSSocketFactory implements
debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n");
}
- String sslVersionRangeDatagram = getEndpointAttribute("sslVersionRangeDatagram");
+ String sslVersionRangeDatagram = getProperty("sslVersionRangeDatagram");
if ((sslVersionRangeDatagram != null)
&& !sslVersionRangeDatagram.equals("")) {
debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n");
@@ -854,11 +854,11 @@ public class JSSSocketFactory implements
private void initializePasswordStore() throws InstantiationException, IllegalAccessException,
ClassNotFoundException, IOException {
- mPwdClass = getEndpointAttribute("passwordClass");
+ mPwdClass = getProperty("passwordClass");
if (mPwdClass == null) {
throw new IOException("Misconfiguration: passwordClass is not defined");
}
- mPwdPath = getEndpointAttribute("passwordFile");
+ mPwdPath = getProperty("passwordFile");
mPasswordStore = (IPasswordStore) Class.forName(mPwdClass).newInstance();
debugWrite("JSSSocketFactory init - password reader initialized\n");
@@ -869,7 +869,7 @@ public class JSSSocketFactory implements
private CryptoManager getCryptoManager() throws KeyDatabaseException, CertDatabaseException,
GeneralSecurityException, NotInitializedException, IOException {
- String certDir = getEndpointAttribute("certdbDir");
+ String certDir = getProperty("certdbDir");
if (certDir == null) {
throw new IOException("Misconfiguration: certdir not defined");
}
commit 48b7cd2b22ae345131b0e1adb82e200da0230bd8
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Tue Mar 21 15:42:47 2017 -0600
Updated jss build and runtime dependencies
diff --git a/tomcatjss.spec b/tomcatjss.spec
index 876c1e2..7654eb9 100644
--- a/tomcatjss.spec
+++ b/tomcatjss.spec
@@ -19,7 +19,7 @@ BuildRequires: ant
BuildRequires: apache-commons-lang
BuildRequires: java-devel
BuildRequires: jpackage-utils >= 0:1.7.5-15
-BuildRequires: jss >= 4.4.0-1
+BuildRequires: jss >= 4.4.0
%if 0%{?fedora} >= 23
BuildRequires: tomcat >= 8.0.18
%else
@@ -33,7 +33,7 @@ Requires: java-headless
Requires: java
%endif
Requires: jpackage-utils >= 0:1.7.5-15
-Requires: jss >= 4.4.0-1
+Requires: jss >= 4.4.0
%if 0%{?fedora} >= 23
Requires: tomcat >= 8.0.18
%else
commit 509434378d42cbbe9f1e27928c9f259e67ac5d7d
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Tue Mar 21 15:29:40 2017 -0600
Resolves: rhbz #1434541
- Bugzilla Bug #1434541 - tomcatjss 7.2.1 is incompatible with versions of
pki-base < 10.4.0
diff --git a/tomcatjss.spec b/tomcatjss.spec
index e0f01b2..876c1e2 100644
--- a/tomcatjss.spec
+++ b/tomcatjss.spec
@@ -1,6 +1,6 @@
Name: tomcatjss
Version: 7.2.1
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: JSSE implementation using JSS for Tomcat
URL: http://pki.fedoraproject.org/
License: LGPLv2+
@@ -14,6 +14,7 @@ Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.ta
# jpackage-utils requires versioning to meet both build and runtime requirements
# jss requires versioning to meet both build and runtime requirements
# tomcat requires versioning to meet both build and runtime requirements
+Conflicts: pki-base < 10.4.0
BuildRequires: ant
BuildRequires: apache-commons-lang
BuildRequires: java-devel
@@ -91,6 +92,10 @@ rm -rf %{buildroot}
%{_javadir}/*
%changelog
+* Tue Mar 21 2017 Matthew Harmsen <mharmsen at redhat.com> - 7.2.1-2
+- Bugzilla Bug #1434541 - tomcatjss 7.2.1 is incompatible with versions of
+ pki-base < 10.4.0
+
* Tue Mar 14 2017 Matthew Harmsen <mharmsen at redhat.com> 7.2.1-1
- Updated jss build and runtime dependencies
- Bumped version due to corrupted tarball
commit 5fbd778fba943d4e69fe767175d67aa3898c2466
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Tue Mar 14 11:22:16 2017 -0600
Updated jss build and runtime dependencies
Bumped version due to corrupted tarball
diff --git a/build.xml b/build.xml
index 615cb11..97200fe 100644
--- a/build.xml
+++ b/build.xml
@@ -37,8 +37,8 @@
<property name="Name" value="Tomcat JSS"/>
<property name="name" value="tomcatjss"/>
- <property name="version" value="7.2.0"/>
- <property name="manifest-version" value="7.2.0"/>
+ <property name="version" value="7.2.1"/>
+ <property name="manifest-version" value="7.2.1"/>
<!--
Set the properties that control various build options
diff --git a/tomcatjss.spec b/tomcatjss.spec
index 0a1c9b9..e0f01b2 100644
--- a/tomcatjss.spec
+++ b/tomcatjss.spec
@@ -1,6 +1,6 @@
Name: tomcatjss
-Version: 7.2.0
-Release: 2%{?dist}
+Version: 7.2.1
+Release: 1%{?dist}
Summary: JSSE implementation using JSS for Tomcat
URL: http://pki.fedoraproject.org/
License: LGPLv2+
@@ -18,7 +18,7 @@ BuildRequires: ant
BuildRequires: apache-commons-lang
BuildRequires: java-devel
BuildRequires: jpackage-utils >= 0:1.7.5-15
-BuildRequires: jss >= 4.2.6-35
+BuildRequires: jss >= 4.4.0-1
%if 0%{?fedora} >= 23
BuildRequires: tomcat >= 8.0.18
%else
@@ -32,7 +32,7 @@ Requires: java-headless
Requires: java
%endif
Requires: jpackage-utils >= 0:1.7.5-15
-Requires: jss >= 4.2.6-35
+Requires: jss >= 4.4.0-1
%if 0%{?fedora} >= 23
Requires: tomcat >= 8.0.18
%else
@@ -91,6 +91,10 @@ rm -rf %{buildroot}
%{_javadir}/*
%changelog
+* Tue Mar 14 2017 Matthew Harmsen <mharmsen at redhat.com> 7.2.1-1
+- Updated jss build and runtime dependencies
+- Bumped version due to corrupted tarball
+
* Mon Mar 13 2017 Matthew Harmsen <mharmsen at redhat.com> 7.2.0-2
- Changed build so that it did not package and depend upon the specfile being
included inside the tarball
commit b9722e2c2a4b6e5ee4ce9df256ffb4fa600fc4f2
More information about the Pkg-freeipa-devel
mailing list