From 1de74ad502e728e23b21053bb93ec467d03d164d Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 31 2020 09:38:06 +0000 Subject: import tomcatjss-7.2.5-1.el7 --- diff --git a/.gitignore b/.gitignore index e655dd6..5b378ab 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/tomcatjss-7.2.1.tar.gz +SOURCES/tomcatjss-7.2.5.tar.gz diff --git a/.tomcatjss.metadata b/.tomcatjss.metadata index f50e322..c5b75b1 100644 --- a/.tomcatjss.metadata +++ b/.tomcatjss.metadata @@ -1 +1 @@ -45e28de0d84a01b8e8dd4ee72737fa9426ac7109 SOURCES/tomcatjss-7.2.1.tar.gz +12a73abd8fee071c6c06a350b42cc222262d6a32 SOURCES/tomcatjss-7.2.5.tar.gz diff --git a/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch b/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch deleted file mode 100644 index f2ed9ba..0000000 --- a/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 7ace773ac5a46704c131bd1cc788d6db4568e401 Mon Sep 17 00:00:00 2001 -From: Matthew Harmsen -Date: Mon, 12 Jun 2017 16:05:21 -0600 -Subject: [PATCH] Comply with ASF trademark rules - -- tomcatjss Pagure Issue #10 - Comply with ASF trademark rules (mharmsen) ---- - README | 26 ++++++++++++++++---------- - 1 file changed, 16 insertions(+), 10 deletions(-) - -diff --git a/README b/README -index b8f3860..b3912ba 100644 ---- a/README -+++ b/README -@@ -1,23 +1,29 @@ --tomcatjss, a JSSE module for Tomcat that uses JSS, a Java interface to --Network Security Services(NSS). -+JSS Connector for Apache Tomcat, installed via the tomcatjss package, -+is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that -+uses Java Security Services (JSS), a Java interface to Network Security -+Services (NSS). - --tomcatjss defines a number of attributes for a Connector including: -+JSS Connector for Apache Tomcat defines a number of attributes for a Connector -+including: - - clientauth: specify if client authentication is required in the connector (or - port), it can be true or false. If true then client authentication is required. - - sslOptions: specify a comma-delimited list of ssl options to pass into the ssl - implementation. Each option takes the form of: option=[true|false]. --tomcatjss supports the options: ssl2, ssl3, tls. -+JSS Connector for Apache Tomcat supports the options: ssl2, ssl3, tls. - --ssl2Ciphers: specify a list of SSL2 ciphers that tomcatjss should accept --or reject from the client. You can use + to denote "accept", - means "reject". -+ssl2Ciphers: specify a list of SSL2 ciphers that JSS Connector for -+Apache Tomcat should accept or reject from the client. You can use + to -+denote "accept", - means "reject" - --ssl3Ciphers: specifies a list of SSL3 ciphers that tomcatjss should accept --or reject from the client. You can use + to denote "accept", - means "reject". -+ssl3Ciphers: specifies a list of SSL3 ciphers that JSS Connector for -+Apache Tomcat should accept or reject from the client. You can use + to -+denote "accept", - means "reject". - --tlsCiphers: specifies a list of TLS ciphers that tomcatjss should accept --or reject from the client. You can use + to denote "accept", - means "reject". -+tlsCiphers: specifies a list of TLS ciphers that JSS Connector for -+Apache Tomcat should accept or reject from the client. You can use + to -+denote "accept", - means "reject". - - serverCertNickFile: a file in which specify the nickname of the - server certificate. The file should contain a single line that contains --- -2.9.4 diff --git a/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch b/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch deleted file mode 100644 index f948210..0000000 --- a/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch +++ /dev/null @@ -1,94 +0,0 @@ -From c14c8ec6b077721eddeddb125b9a4b0141e5e4aa Mon Sep 17 00:00:00 2001 -From: "Endi S. Dewata" -Date: Thu, 1 Jun 2017 00:29:37 +0200 -Subject: [PATCH] Fixed SSL cipher list parser. - -The SSL cipher list parsers have been modified to ignore spaces -to allow more user-friendly formatting. - -https://pagure.io/tomcatjss/issue/9 - -Change-Id: Ic21f0347e06e20f64ef37de95f9d1f1ac3d1f0d2 ---- - .../apache/tomcat/util/net/jss/JSSImplementation.java | 5 +++-- - src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java | 16 ++++++++++++++-- - 2 files changed, 17 insertions(+), 4 deletions(-) - -diff --git a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java -index 42dc8d2..8721844 100644 ---- a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java -+++ b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java -@@ -25,6 +25,8 @@ import java.io.IOException; - import java.net.Socket; - import java.util.Properties; - -+import org.apache.commons.logging.Log; -+import org.apache.commons.logging.LogFactory; - import org.apache.tomcat.util.net.AbstractEndpoint; - import org.apache.tomcat.util.net.SSLImplementation; - import org.apache.tomcat.util.net.SSLSupport; -@@ -35,8 +37,7 @@ public class JSSImplementation extends SSLImplementation { - static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory"; - static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket"; - -- static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory -- .getLog(JSSImplementation.class); -+ static Log logger = LogFactory.getLog(JSSImplementation.class); - - private JSSFactory factory = null; - -diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -index 4992600..f974a89 100644 ---- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -@@ -42,6 +42,8 @@ import javax.net.ssl.SSLContext; - import javax.net.ssl.TrustManager; - - import org.apache.commons.lang.StringUtils; -+import org.apache.commons.logging.Log; -+import org.apache.commons.logging.LogFactory; - // Imports required to "implement" Tomcat 7 Interface - import org.apache.tomcat.util.net.AbstractEndpoint; - import org.mozilla.jss.CertDatabaseException; -@@ -61,6 +63,8 @@ public class JSSSocketFactory implements - org.apache.tomcat.util.net.ServerSocketFactory, - org.apache.tomcat.util.net.SSLUtil { - -+ static Log logger = LogFactory.getLog(JSSSocketFactory.class); -+ - private static HashMap cipherMap = new HashMap(); - static { - // SSLv2 -@@ -382,9 +386,13 @@ public class JSSSocketFactory implements - debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found"); - return; - } -- StringTokenizer st = new StringTokenizer(ciphers, ","); -+ -+ logger.debug("Processing " + attr + ":"); -+ StringTokenizer st = new StringTokenizer(ciphers, ", "); - while (st.hasMoreTokens()) { - String cipherstr = st.nextToken(); -+ logger.debug(" - " + cipherstr); -+ - int cipherid = 0; - String text; - boolean state; -@@ -456,9 +464,13 @@ public class JSSSocketFactory implements - debugWrite("no sslOptions specified"); - return; - } -- StringTokenizer st = new StringTokenizer(options, ","); -+ -+ logger.debug("Processing sslOptions:"); -+ StringTokenizer st = new StringTokenizer(options, ", "); - while (st.hasMoreTokens()) { - String option = st.nextToken(); -+ logger.debug(" - " + option); -+ - StringTokenizer st1 = new StringTokenizer(option, "="); - String name = st1.nextToken(); - String value = st1.nextToken(); --- -1.8.3.1 - diff --git a/SOURCES/tomcatjss-add-TLS-SHA384-ciphers.patch b/SOURCES/tomcatjss-add-TLS-SHA384-ciphers.patch deleted file mode 100644 index bf55593..0000000 --- a/SOURCES/tomcatjss-add-TLS-SHA384-ciphers.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 1970d6bf47e4ce3a43de370ada5c3e882d7a7cb0 Mon Sep 17 00:00:00 2001 -From: Christina Fu -Date: Fri, 29 Jun 2018 15:04:43 -0700 -Subject: [PATCH] Ticket #11 Add support for TLS_*_SHA384 ciphers - -This patch adds support for TLS_*_SHA384 ciphers which NSS now supports. - -fixes: https://pagure.io/tomcatjss/issue/11 ---- - .../tomcat/util/net/jss/JSSSocketFactory.java | 43 +++++++++++++++++++++- - 1 file changed, 41 insertions(+), 2 deletions(-) - -diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -index f974a89..b38b091 100644 ---- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -@@ -290,6 +290,22 @@ public class JSSSocketFactory implements - SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA); - cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", - SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA); -+ -+ // TLS_*_SHA384 -+ cipherMap.put("TLS_RSA_WITH_AES_256_GCM_SHA384", -+ SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384); -+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", -+ SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384); -+ cipherMap.put("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", -+ SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384); -+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", -+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384); -+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", -+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384); -+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", -+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384); -+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", -+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384); - } - - private static HashMap eccCipherMap = new HashMap(); -@@ -338,6 +354,22 @@ public class JSSSocketFactory implements - eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); - */ -+ -+ // TLS_*_SHA384 -+ eccCipherMap.put(SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384, -+ "TLS_RSA_WITH_AES_256_GCM_SHA384"); -+ eccCipherMap.put(SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, -+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"); -+ eccCipherMap.put(SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, -+ "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"); -+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, -+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); -+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, -+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); -+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, -+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); -+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, -+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); - } - - private AbstractEndpoint endpoint; -@@ -429,23 +461,30 @@ public class JSSSocketFactory implements - } - if (cipherid != 0) { - try { -- debugWrite("JSSSocketFactory setSSLCiphers: " + cipherstr -+ debugWrite("JSSSocketFactory setSSLCiphers: setting: " + cipherstr - + ": 0x" + Integer.toHexString(cipherid) + "\n"); - SSLSocket.setCipherPreferenceDefault(cipherid, state); -+ debugWrite("JSSSocketFactory setSSLCiphers: done setting: " + cipherstr -+ + ": 0x" + Integer.toHexString(cipherid) + "\n"); - } catch (Exception e) { -- System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e); -+ String errMsg = "SSLSocket.setCipherPreferenceDefault exception on: " + cipherstr + " : " +e; -+ System.err.println(errMsg); -+ debugWrite("JSSSocketFactory setSSLCiphers: " + errMsg); - if (eccCipherMap.containsKey(cipherid)) { -+ debugWrite("JSSSocketFactory setSSLCiphers: Warning: cipher exists in eccCipherMap"); - System.err - .println("Warning: SSL ECC cipher \"" - + text - + "\" unsupported by NSS. " - + "This is probably O.K. unless ECC support has been installed."); - } else { -+ debugWrite("JSSSocketFactory setSSLCiphers: Error: cipher does not exist in eccCipherMap"); - System.err.println("Error: SSL cipher \"" + text - + "\" unsupported by NSS"); - } - } - } else { -+ debugWrite("JSSSocketFactory setSSLCiphers: Error: cipher not recognized by tomcatjss"); - System.err.println("Error: SSL cipher \"" + text - + "\" not recognized by tomcatjss"); - } --- -2.14.4 - diff --git a/SOURCES/tomcatjss-enable-OCSP-from-peer-AIA-extension.patch b/SOURCES/tomcatjss-enable-OCSP-from-peer-AIA-extension.patch deleted file mode 100644 index 81cf29c..0000000 --- a/SOURCES/tomcatjss-enable-OCSP-from-peer-AIA-extension.patch +++ /dev/null @@ -1,39 +0,0 @@ -From c7e9138d59833ca0b9437fd130d3d9cb2fdf393d Mon Sep 17 00:00:00 2001 -From: John Magne -Date: Thu, 20 Sep 2018 21:35:20 -0400 -Subject: [PATCH] Fix for Bug 1630469 - CC: tomcatjss: unable to enable OCSP - checking from peer AIA extension. - - Now the server.xml can be configured to enable ocsp AND leave other settings null, to trigger - NSS to use the AIA extension to locate the ocsp responder. - - ex: - - -Date: Fri, 3 Mar 2017 09:19:58 +0100 -Subject: [PATCH 1/2] Renamed getEndpointAttribute(). - -The getEndpointAttribute() in JSSSocketFactory has been renamed -to getProperty() for clarity. ---- - .../tomcat/util/net/jss/JSSSocketFactory.java | 44 +++++++++++----------- - 1 file changed, 22 insertions(+), 22 deletions(-) - -diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -index ebf5505..bc096c1 100644 ---- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -@@ -377,7 +377,7 @@ public class JSSSocketFactory implements - } - - public void setSSLCiphers(String attr) throws SocketException, IOException { -- String ciphers = getEndpointAttribute(attr); -+ String ciphers = getProperty(attr); - if (StringUtils.isEmpty(ciphers)) { - debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found"); - return; -@@ -451,7 +451,7 @@ public class JSSSocketFactory implements - * parameter is ignored. - */ - public void setSSLOptions() throws SocketException, IOException { -- String options = getEndpointAttribute("sslOptions"); -+ String options = getProperty("sslOptions"); - if (StringUtils.isEmpty(options)) { - debugWrite("no sslOptions specified"); - return; -@@ -562,7 +562,7 @@ public class JSSSocketFactory implements - return -1; - } - -- String getEndpointAttribute(String tag) { -+ String getProperty(String tag) { - - // check /conf/server.xml - String value = (String)endpoint.getAttribute(tag); -@@ -575,8 +575,8 @@ public class JSSSocketFactory implements - return value; - } - -- String getEndpointAttribute(String tag, String defaultValue) { -- String value = getEndpointAttribute(tag); -+ String getProperty(String tag, String defaultValue) { -+ String value = getProperty(tag); - if (value == null) { - return defaultValue; - } -@@ -585,7 +585,7 @@ public class JSSSocketFactory implements - - void init() throws IOException { - // debug enabled? -- String deb = getEndpointAttribute("debug"); -+ String deb = getProperty("debug"); - if (StringUtils.equals(deb, "true")) { - debug = true; - debugFile = new FileWriter("/tmp/tomcatjss.log", true); -@@ -613,14 +613,14 @@ public class JSSSocketFactory implements - - // MUST look for "clientauth" (ALL lowercase) since "clientAuth" - // (camel case) has already been processed by Tomcat 7 -- String clientAuthStr = getEndpointAttribute("clientauth"); -+ String clientAuthStr = getProperty("clientauth"); - if (clientAuthStr == null) { - debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want."); - clientAuthStr = "want"; - } - File file = null; - try { -- mServerCertNickPath = getEndpointAttribute("serverCertNickFile"); -+ mServerCertNickPath = getProperty("serverCertNickFile"); - if (mServerCertNickPath == null) { - throw new IOException("serverCertNickFile not specified"); - } -@@ -656,7 +656,7 @@ public class JSSSocketFactory implements - "JSSSocketFactory: no serverCertNickFile defined"); - } - -- // serverCertNick = (String)getEndpointAttribute("serverCert"); -+ // serverCertNick = (String)getProperty("serverCert"); - if (clientAuthStr.equalsIgnoreCase("true") - || clientAuthStr.equalsIgnoreCase("yes")) { - requireClientAuth = true; -@@ -670,7 +670,7 @@ public class JSSSocketFactory implements - && ocspConfigured == false) { - debugWrite("JSSSocketFactory init - checking for OCSP settings. \n"); - boolean enableOCSP = false; -- String doOCSP = getEndpointAttribute("enableOCSP"); -+ String doOCSP = getProperty("enableOCSP"); - - debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP + " \n"); - -@@ -682,10 +682,10 @@ public class JSSSocketFactory implements - + "\n"); - - if (enableOCSP == true) { -- String ocspResponderURL = getEndpointAttribute("ocspResponderURL"); -+ String ocspResponderURL = getProperty("ocspResponderURL"); - debugWrite("JSSSocketFactory init - ocspResponderURL " - + ocspResponderURL + "\n"); -- String ocspResponderCertNickname = getEndpointAttribute( -+ String ocspResponderCertNickname = getProperty( - "ocspResponderCertNickname"); - debugWrite("JSSSocketFactory init - ocspResponderCertNickname" - + ocspResponderCertNickname + "\n"); -@@ -700,9 +700,9 @@ public class JSSSocketFactory implements - int ocspMinCacheEntryDuration_i = 3600; - int ocspMaxCacheEntryDuration_i = 86400; - -- String ocspCacheSize = getEndpointAttribute("ocspCacheSize"); -- String ocspMinCacheEntryDuration = getEndpointAttribute("ocspMinCacheEntryDuration"); -- String ocspMaxCacheEntryDuration = getEndpointAttribute("ocspMaxCacheEntryDuration"); -+ String ocspCacheSize = getProperty("ocspCacheSize"); -+ String ocspMinCacheEntryDuration = getProperty("ocspMinCacheEntryDuration"); -+ String ocspMaxCacheEntryDuration = getProperty("ocspMaxCacheEntryDuration"); - - if (ocspCacheSize != null - || ocspMinCacheEntryDuration != null -@@ -729,7 +729,7 @@ public class JSSSocketFactory implements - } - - // defualt to 60 seconds; -- String ocspTimeout = getEndpointAttribute("ocspTimeout"); -+ String ocspTimeout = getProperty("ocspTimeout"); - if (ocspTimeout != null) { - debugWrite("JSSSocketFactory init - ocspTimeout= \n" + ocspTimeout); - int ocspTimeout_i = Integer.parseInt(ocspTimeout); -@@ -760,7 +760,7 @@ public class JSSSocketFactory implements - // 12 hours = 43200 seconds - SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null); - -- String strictCiphersStr = getEndpointAttribute("strictCiphers"); -+ String strictCiphersStr = getProperty("strictCiphers"); - if (StringUtils.equalsIgnoreCase(strictCiphersStr, "true") - || StringUtils.equalsIgnoreCase(strictCiphersStr, "yes")) { - mStrictCiphers = true; -@@ -773,7 +773,7 @@ public class JSSSocketFactory implements - debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n"); - } - -- String sslVersionRangeStream = getEndpointAttribute("sslVersionRangeStream"); -+ String sslVersionRangeStream = getProperty("sslVersionRangeStream"); - if ((sslVersionRangeStream != null) - && !sslVersionRangeStream.equals("")) { - debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n"); -@@ -783,7 +783,7 @@ public class JSSSocketFactory implements - debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n"); - } - -- String sslVersionRangeDatagram = getEndpointAttribute("sslVersionRangeDatagram"); -+ String sslVersionRangeDatagram = getProperty("sslVersionRangeDatagram"); - if ((sslVersionRangeDatagram != null) - && !sslVersionRangeDatagram.equals("")) { - debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n"); -@@ -854,11 +854,11 @@ public class JSSSocketFactory implements - - private void initializePasswordStore() throws InstantiationException, IllegalAccessException, - ClassNotFoundException, IOException { -- mPwdClass = getEndpointAttribute("passwordClass"); -+ mPwdClass = getProperty("passwordClass"); - if (mPwdClass == null) { - throw new IOException("Misconfiguration: passwordClass is not defined"); - } -- mPwdPath = getEndpointAttribute("passwordFile"); -+ mPwdPath = getProperty("passwordFile"); - - mPasswordStore = (IPasswordStore) Class.forName(mPwdClass).newInstance(); - debugWrite("JSSSocketFactory init - password reader initialized\n"); -@@ -869,7 +869,7 @@ public class JSSSocketFactory implements - - private CryptoManager getCryptoManager() throws KeyDatabaseException, CertDatabaseException, - GeneralSecurityException, NotInitializedException, IOException { -- String certDir = getEndpointAttribute("certdbDir"); -+ String certDir = getProperty("certdbDir"); - if (certDir == null) { - throw new IOException("Misconfiguration: certdir not defined"); - } --- -1.8.3.1 - - -From 7612272aa337c413ac4b96cd13d5a1384b80b5aa Mon Sep 17 00:00:00 2001 -From: "Endi S. Dewata" -Date: Fri, 27 Jan 2017 04:31:41 +0100 -Subject: [PATCH 2/2] Added SSLSocketListener registry. - -A new TomcatJSS class has been added as a mechanism to register -SSLSocketListeners for all SSLSockets created by TomcatJSS. - -https://pagure.io/tomcatjss/issue/4 ---- - .../tomcat/util/net/jss/JSSSocketFactory.java | 4 ++ - src/org/apache/tomcat/util/net/jss/TomcatJSS.java | 69 ++++++++++++++++++++++ - 2 files changed, 73 insertions(+) - create mode 100644 src/org/apache/tomcat/util/net/jss/TomcatJSS.java - -diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -index bc096c1..4992600 100644 ---- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java -@@ -934,6 +934,10 @@ public class JSSSocketFactory implements - SSLSocket asock = null; - try { - asock = (SSLSocket) socket.accept(); -+ -+ TomcatJSS tomcatjss = TomcatJSS.getInstance(); -+ asock.addSocketListener(tomcatjss); -+ - if (wantClientAuth || requireClientAuth) { - asock.requestClientAuth(true); - if (requireClientAuth == true) { -diff --git a/src/org/apache/tomcat/util/net/jss/TomcatJSS.java b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java -new file mode 100644 -index 0000000..9717921 ---- /dev/null -+++ b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java -@@ -0,0 +1,69 @@ -+/* BEGIN COPYRIGHT BLOCK -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ * -+ * Copyright (C) 2017 Red Hat, Inc. -+ * All rights reserved. -+ * END COPYRIGHT BLOCK */ -+ -+package org.apache.tomcat.util.net.jss; -+ -+import java.util.ArrayList; -+import java.util.Collection; -+ -+import org.mozilla.jss.ssl.SSLAlertEvent; -+import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent; -+import org.mozilla.jss.ssl.SSLSocketListener; -+ -+public class TomcatJSS implements SSLSocketListener { -+ -+ public final static TomcatJSS INSTANCE = new TomcatJSS(); -+ -+ public static TomcatJSS getInstance() { return INSTANCE; } -+ -+ Collection socketListeners = new ArrayList(); -+ -+ public void addSocketListener(SSLSocketListener listener) { -+ socketListeners.add(listener); -+ } -+ -+ public void removeSocketListener(SSLSocketListener listener) { -+ socketListeners.remove(listener); -+ } -+ -+ public Collection getSocketListeners() { -+ return socketListeners; -+ } -+ -+ @Override -+ public void alertReceived(SSLAlertEvent event) { -+ for (SSLSocketListener listener : socketListeners) { -+ listener.alertReceived(event); -+ } -+ } -+ -+ @Override -+ public void alertSent(SSLAlertEvent event) { -+ for (SSLSocketListener listener : socketListeners) { -+ listener.alertSent(event); -+ } -+ } -+ -+ @Override -+ public void handshakeCompleted(SSLHandshakeCompletedEvent event) { -+ for (SSLSocketListener listener : socketListeners) { -+ listener.handshakeCompleted(event); -+ } -+ } -+} --- -1.8.3.1 - diff --git a/SPECS/tomcatjss.spec b/SPECS/tomcatjss.spec index ae33f46..3f5bb80 100644 --- a/SPECS/tomcatjss.spec +++ b/SPECS/tomcatjss.spec @@ -1,7 +1,7 @@ Name: tomcatjss -Version: 7.2.1 +Version: 7.2.5 #Release: 8%{?dist} -Release: 8.el7_6 +Release: 1.el7 Summary: JSS Connector for Apache Tomcat, a JSSE module for Apache Tomcat that uses JSS URL: http://pki.fedoraproject.org/ License: LGPLv2+ @@ -10,7 +10,7 @@ Group: System Environment/Libraries BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot -Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz +Source0: https://github.com/dogtagpki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz # jpackage-utils requires versioning to meet both build and runtime requirements # jss requires versioning to meet both build and runtime requirements @@ -20,7 +20,7 @@ BuildRequires: ant BuildRequires: apache-commons-lang BuildRequires: java-devel BuildRequires: jpackage-utils >= 0:1.7.5-15 -BuildRequires: jss >= 4.4.4-3 +BuildRequires: jss >= 4.4.7-1 %if 0%{?fedora} >= 23 BuildRequires: tomcat >= 8.0.18 %else @@ -34,34 +34,13 @@ Requires: java-headless Requires: java %endif Requires: jpackage-utils >= 0:1.7.5-15 -Requires: jss >= 4.4.4-3 +Requires: jss >= 4.4.7-1 %if 0%{?fedora} >= 23 Requires: tomcat >= 8.0.18 %else Requires: tomcat >= 7.0.68 %endif -####################### -## tomcatjss-7.2.1-3 -####################### -Patch1: tomcatjss-support-for-event-API.patch -####################### -## tomcatjss-7.2.1-4 -####################### -Patch2: tomcatjss-Fixed-SSL-cipher-list-parser.patch -####################### -## tomcatjss-7.2.1-5 -####################### -Patch3: tomcatjss-Comply-with-ASF-trademark-rules.patch -####################### -## tomcatjss-7.2.1-7 -####################### -Patch4: tomcatjss-add-TLS-SHA384-ciphers.patch -####################### -## tomcatjss-7.2.1-8 -####################### -Patch5: tomcatjss-enable-OCSP-from-peer-AIA-extension.patch - # The 'tomcatjss' package conflicts with the 'tomcat-native' package # because it uses an underlying NSS security model rather than the # OpenSSL security model, so these two packages may not co-exist. @@ -86,11 +65,6 @@ NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 chmod -c -x LICENSE README %build @@ -121,6 +95,10 @@ rm -rf %{buildroot} %{_javadir}/* %changelog +* Mon Aug 12 2019 Alexander Scheel 7.2.5-1 +- Rebase to upstream version 7.2.5 + Bugzilla Bug #1659867 - Re-base tomcatjss from 7.2.1 to 7.2.x + * Mon Oct 29 2018 Jack Magne 7.2.1-8 - Bugzilla Bug #1632618 - CC: tomcatjss: unable to enable OCSP checking from peer AIA extension [rhel-7.6.z] (jmagne) @@ -239,5 +217,5 @@ rm -rf %{buildroot} Bug #634375 - Build tomcatjss against tomcat6 (svn rev 106) Bug #655915 - Disable socket timeouts when socket is first created. (svn rev 107) -* Tue Dec 14 2010 John Dennis +* Tue Dec 14 2010 John Dennis - Updated 'tomcatjss' to utilize 'tomcat6'.