diff --git a/.gitignore b/.gitignore
index e655dd6..5b378ab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/tomcatjss-7.2.1.tar.gz
+SOURCES/tomcatjss-7.2.5.tar.gz
diff --git a/.tomcatjss.metadata b/.tomcatjss.metadata
index f50e322..c5b75b1 100644
--- a/.tomcatjss.metadata
+++ b/.tomcatjss.metadata
@@ -1 +1 @@
-45e28de0d84a01b8e8dd4ee72737fa9426ac7109 SOURCES/tomcatjss-7.2.1.tar.gz
+12a73abd8fee071c6c06a350b42cc222262d6a32 SOURCES/tomcatjss-7.2.5.tar.gz
diff --git a/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch b/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch
deleted file mode 100644
index f2ed9ba..0000000
--- a/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 7ace773ac5a46704c131bd1cc788d6db4568e401 Mon Sep 17 00:00:00 2001
-From: Matthew Harmsen <mharmsen@redhat.com>
-Date: Mon, 12 Jun 2017 16:05:21 -0600
-Subject: [PATCH] Comply with ASF trademark rules
-
-- tomcatjss Pagure Issue #10 - Comply with ASF trademark rules (mharmsen)
----
- README | 26 ++++++++++++++++----------
- 1 file changed, 16 insertions(+), 10 deletions(-)
-
-diff --git a/README b/README
-index b8f3860..b3912ba 100644
---- a/README
-+++ b/README
-@@ -1,23 +1,29 @@
--tomcatjss, a JSSE module for Tomcat that uses JSS, a Java interface to
--Network Security Services(NSS).
-+JSS Connector for Apache Tomcat, installed via the tomcatjss package,
-+is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
-+uses Java Security Services (JSS), a Java interface to Network Security
-+Services (NSS).
-
--tomcatjss defines a number of attributes for a Connector including:
-+JSS Connector for Apache Tomcat defines a number of attributes for a Connector
-+including:
-
- clientauth: specify if client authentication is required in the connector (or
- port), it can be true or false. If true then client authentication is required.
-
- sslOptions: specify a comma-delimited list of ssl options to pass into the ssl
- implementation. Each option takes the form of: option=[true|false].
--tomcatjss supports the options: ssl2, ssl3, tls.
-+JSS Connector for Apache Tomcat supports the options: ssl2, ssl3, tls.
-
--ssl2Ciphers: specify a list of SSL2 ciphers that tomcatjss should accept
--or reject from the client. You can use + to denote "accept", - means "reject".
-+ssl2Ciphers: specify a list of SSL2 ciphers that JSS Connector for
-+Apache Tomcat should accept or reject from the client. You can use + to
-+denote "accept", - means "reject"
-
--ssl3Ciphers: specifies a list of SSL3 ciphers that tomcatjss should accept
--or reject from the client. You can use + to denote "accept", - means "reject".
-+ssl3Ciphers: specifies a list of SSL3 ciphers that JSS Connector for
-+Apache Tomcat should accept or reject from the client. You can use + to
-+denote "accept", - means "reject".
-
--tlsCiphers: specifies a list of TLS ciphers that tomcatjss should accept
--or reject from the client. You can use + to denote "accept", - means "reject".
-+tlsCiphers: specifies a list of TLS ciphers that JSS Connector for
-+Apache Tomcat should accept or reject from the client. You can use + to
-+denote "accept", - means "reject".
-
- serverCertNickFile: a file in which specify the nickname of the
- server certificate. The file should contain a single line that contains
---
-2.9.4
diff --git a/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch b/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch
deleted file mode 100644
index f948210..0000000
--- a/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From c14c8ec6b077721eddeddb125b9a4b0141e5e4aa Mon Sep 17 00:00:00 2001
-From: "Endi S. Dewata" <edewata@redhat.com>
-Date: Thu, 1 Jun 2017 00:29:37 +0200
-Subject: [PATCH] Fixed SSL cipher list parser.
-
-The SSL cipher list parsers have been modified to ignore spaces
-to allow more user-friendly formatting.
-
-https://pagure.io/tomcatjss/issue/9
-
-Change-Id: Ic21f0347e06e20f64ef37de95f9d1f1ac3d1f0d2
----
- .../apache/tomcat/util/net/jss/JSSImplementation.java | 5 +++--
- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java | 16 ++++++++++++++--
- 2 files changed, 17 insertions(+), 4 deletions(-)
-
-diff --git a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
-index 42dc8d2..8721844 100644
---- a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
-+++ b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
-@@ -25,6 +25,8 @@ import java.io.IOException;
- import java.net.Socket;
- import java.util.Properties;
-
-+import org.apache.commons.logging.Log;
-+import org.apache.commons.logging.LogFactory;
- import org.apache.tomcat.util.net.AbstractEndpoint;
- import org.apache.tomcat.util.net.SSLImplementation;
- import org.apache.tomcat.util.net.SSLSupport;
-@@ -35,8 +37,7 @@ public class JSSImplementation extends SSLImplementation {
- static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
- static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
-
-- static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
-- .getLog(JSSImplementation.class);
-+ static Log logger = LogFactory.getLog(JSSImplementation.class);
-
- private JSSFactory factory = null;
-
-diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-index 4992600..f974a89 100644
---- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-@@ -42,6 +42,8 @@ import javax.net.ssl.SSLContext;
- import javax.net.ssl.TrustManager;
-
- import org.apache.commons.lang.StringUtils;
-+import org.apache.commons.logging.Log;
-+import org.apache.commons.logging.LogFactory;
- // Imports required to "implement" Tomcat 7 Interface
- import org.apache.tomcat.util.net.AbstractEndpoint;
- import org.mozilla.jss.CertDatabaseException;
-@@ -61,6 +63,8 @@ public class JSSSocketFactory implements
- org.apache.tomcat.util.net.ServerSocketFactory,
- org.apache.tomcat.util.net.SSLUtil {
-
-+ static Log logger = LogFactory.getLog(JSSSocketFactory.class);
-+
- private static HashMap<String, Integer> cipherMap = new HashMap<String, Integer>();
- static {
- // SSLv2
-@@ -382,9 +386,13 @@ public class JSSSocketFactory implements
- debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
- return;
- }
-- StringTokenizer st = new StringTokenizer(ciphers, ",");
-+
-+ logger.debug("Processing " + attr + ":");
-+ StringTokenizer st = new StringTokenizer(ciphers, ", ");
- while (st.hasMoreTokens()) {
- String cipherstr = st.nextToken();
-+ logger.debug(" - " + cipherstr);
-+
- int cipherid = 0;
- String text;
- boolean state;
-@@ -456,9 +464,13 @@ public class JSSSocketFactory implements
- debugWrite("no sslOptions specified");
- return;
- }
-- StringTokenizer st = new StringTokenizer(options, ",");
-+
-+ logger.debug("Processing sslOptions:");
-+ StringTokenizer st = new StringTokenizer(options, ", ");
- while (st.hasMoreTokens()) {
- String option = st.nextToken();
-+ logger.debug(" - " + option);
-+
- StringTokenizer st1 = new StringTokenizer(option, "=");
- String name = st1.nextToken();
- String value = st1.nextToken();
---
-1.8.3.1
-
diff --git a/SOURCES/tomcatjss-add-TLS-SHA384-ciphers.patch b/SOURCES/tomcatjss-add-TLS-SHA384-ciphers.patch
deleted file mode 100644
index bf55593..0000000
--- a/SOURCES/tomcatjss-add-TLS-SHA384-ciphers.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 1970d6bf47e4ce3a43de370ada5c3e882d7a7cb0 Mon Sep 17 00:00:00 2001
-From: Christina Fu <cfu@redhat.com>
-Date: Fri, 29 Jun 2018 15:04:43 -0700
-Subject: [PATCH] Ticket #11 Add support for TLS_*_SHA384 ciphers
-
-This patch adds support for TLS_*_SHA384 ciphers which NSS now supports.
-
-fixes: https://pagure.io/tomcatjss/issue/11
----
- .../tomcat/util/net/jss/JSSSocketFactory.java | 43 +++++++++++++++++++++-
- 1 file changed, 41 insertions(+), 2 deletions(-)
-
-diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-index f974a89..b38b091 100644
---- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-@@ -290,6 +290,22 @@ public class JSSSocketFactory implements
- SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
- SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
-+
-+ // TLS_*_SHA384
-+ cipherMap.put("TLS_RSA_WITH_AES_256_GCM_SHA384",
-+ SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384);
-+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
-+ SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384);
-+ cipherMap.put("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
-+ SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
-+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
-+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
-+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
-+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
- }
-
- private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
-@@ -338,6 +354,22 @@ public class JSSSocketFactory implements
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
- */
-+
-+ // TLS_*_SHA384
-+ eccCipherMap.put(SSLSocket.TLS_RSA_WITH_AES_256_GCM_SHA384,
-+ "TLS_RSA_WITH_AES_256_GCM_SHA384");
-+ eccCipherMap.put(SSLSocket.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
-+ eccCipherMap.put(SSLSocket.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
-+ "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
-+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
- }
-
- private AbstractEndpoint endpoint;
-@@ -429,23 +461,30 @@ public class JSSSocketFactory implements
- }
- if (cipherid != 0) {
- try {
-- debugWrite("JSSSocketFactory setSSLCiphers: " + cipherstr
-+ debugWrite("JSSSocketFactory setSSLCiphers: setting: " + cipherstr
- + ": 0x" + Integer.toHexString(cipherid) + "\n");
- SSLSocket.setCipherPreferenceDefault(cipherid, state);
-+ debugWrite("JSSSocketFactory setSSLCiphers: done setting: " + cipherstr
-+ + ": 0x" + Integer.toHexString(cipherid) + "\n");
- } catch (Exception e) {
-- System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e);
-+ String errMsg = "SSLSocket.setCipherPreferenceDefault exception on: " + cipherstr + " : " +e;
-+ System.err.println(errMsg);
-+ debugWrite("JSSSocketFactory setSSLCiphers: " + errMsg);
- if (eccCipherMap.containsKey(cipherid)) {
-+ debugWrite("JSSSocketFactory setSSLCiphers: Warning: cipher exists in eccCipherMap");
- System.err
- .println("Warning: SSL ECC cipher \""
- + text
- + "\" unsupported by NSS. "
- + "This is probably O.K. unless ECC support has been installed.");
- } else {
-+ debugWrite("JSSSocketFactory setSSLCiphers: Error: cipher does not exist in eccCipherMap");
- System.err.println("Error: SSL cipher \"" + text
- + "\" unsupported by NSS");
- }
- }
- } else {
-+ debugWrite("JSSSocketFactory setSSLCiphers: Error: cipher not recognized by tomcatjss");
- System.err.println("Error: SSL cipher \"" + text
- + "\" not recognized by tomcatjss");
- }
---
-2.14.4
-
diff --git a/SOURCES/tomcatjss-enable-OCSP-from-peer-AIA-extension.patch b/SOURCES/tomcatjss-enable-OCSP-from-peer-AIA-extension.patch
deleted file mode 100644
index 81cf29c..0000000
--- a/SOURCES/tomcatjss-enable-OCSP-from-peer-AIA-extension.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From c7e9138d59833ca0b9437fd130d3d9cb2fdf393d Mon Sep 17 00:00:00 2001
-From: John Magne <jmagne@mharmsen-rhel7.usersys.redhat.com>
-Date: Thu, 20 Sep 2018 21:35:20 -0400
-Subject: [PATCH] Fix for Bug 1630469 - CC: tomcatjss: unable to enable OCSP
- checking from peer AIA extension.
-
- Now the server.xml can be configured to enable ocsp AND leave other settings null, to trigger
- NSS to use the AIA extension to locate the ocsp responder.
-
- ex:
-
- <Connector name="Secure" port="18443" ...
- .....
- enableOCSP="true" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" ocspMaxCacheEntryDuration="120" ocspTimeout="10"
----
- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-index b38b091..b91c7a4 100644
---- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-@@ -740,8 +740,11 @@ public class JSSSocketFactory implements
- "ocspResponderCertNickname");
- debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
- + ocspResponderCertNickname + "\n");
-- if (StringUtils.isNotEmpty(ocspResponderURL) &&
-- StringUtils.isNotEmpty(ocspResponderCertNickname)) {
-+
-+ if ((StringUtils.isNotEmpty(ocspResponderURL) &&
-+ StringUtils.isNotEmpty(ocspResponderCertNickname)) ||
-+ (StringUtils.isEmpty(ocspResponderURL)
-+ && StringUtils.isEmpty(ocspResponderCertNickname))) {
-
- ocspConfigured = true;
- try {
---
-1.8.3.1
-
diff --git a/SOURCES/tomcatjss-support-for-event-API.patch b/SOURCES/tomcatjss-support-for-event-API.patch
deleted file mode 100644
index f38a2f1..0000000
--- a/SOURCES/tomcatjss-support-for-event-API.patch
+++ /dev/null
@@ -1,294 +0,0 @@
-From c410c7a35b4aa78e7c35d11a72cc96ff932df982 Mon Sep 17 00:00:00 2001
-From: "Endi S. Dewata" <edewata@redhat.com>
-Date: Fri, 3 Mar 2017 09:19:58 +0100
-Subject: [PATCH 1/2] Renamed getEndpointAttribute().
-
-The getEndpointAttribute() in JSSSocketFactory has been renamed
-to getProperty() for clarity.
----
- .../tomcat/util/net/jss/JSSSocketFactory.java | 44 +++++++++++-----------
- 1 file changed, 22 insertions(+), 22 deletions(-)
-
-diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-index ebf5505..bc096c1 100644
---- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-@@ -377,7 +377,7 @@ public class JSSSocketFactory implements
- }
-
- public void setSSLCiphers(String attr) throws SocketException, IOException {
-- String ciphers = getEndpointAttribute(attr);
-+ String ciphers = getProperty(attr);
- if (StringUtils.isEmpty(ciphers)) {
- debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
- return;
-@@ -451,7 +451,7 @@ public class JSSSocketFactory implements
- * parameter is ignored.
- */
- public void setSSLOptions() throws SocketException, IOException {
-- String options = getEndpointAttribute("sslOptions");
-+ String options = getProperty("sslOptions");
- if (StringUtils.isEmpty(options)) {
- debugWrite("no sslOptions specified");
- return;
-@@ -562,7 +562,7 @@ public class JSSSocketFactory implements
- return -1;
- }
-
-- String getEndpointAttribute(String tag) {
-+ String getProperty(String tag) {
-
- // check <catalina.base>/conf/server.xml
- String value = (String)endpoint.getAttribute(tag);
-@@ -575,8 +575,8 @@ public class JSSSocketFactory implements
- return value;
- }
-
-- String getEndpointAttribute(String tag, String defaultValue) {
-- String value = getEndpointAttribute(tag);
-+ String getProperty(String tag, String defaultValue) {
-+ String value = getProperty(tag);
- if (value == null) {
- return defaultValue;
- }
-@@ -585,7 +585,7 @@ public class JSSSocketFactory implements
-
- void init() throws IOException {
- // debug enabled?
-- String deb = getEndpointAttribute("debug");
-+ String deb = getProperty("debug");
- if (StringUtils.equals(deb, "true")) {
- debug = true;
- debugFile = new FileWriter("/tmp/tomcatjss.log", true);
-@@ -613,14 +613,14 @@ public class JSSSocketFactory implements
-
- // MUST look for "clientauth" (ALL lowercase) since "clientAuth"
- // (camel case) has already been processed by Tomcat 7
-- String clientAuthStr = getEndpointAttribute("clientauth");
-+ String clientAuthStr = getProperty("clientauth");
- if (clientAuthStr == null) {
- debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want.");
- clientAuthStr = "want";
- }
- File file = null;
- try {
-- mServerCertNickPath = getEndpointAttribute("serverCertNickFile");
-+ mServerCertNickPath = getProperty("serverCertNickFile");
- if (mServerCertNickPath == null) {
- throw new IOException("serverCertNickFile not specified");
- }
-@@ -656,7 +656,7 @@ public class JSSSocketFactory implements
- "JSSSocketFactory: no serverCertNickFile defined");
- }
-
-- // serverCertNick = (String)getEndpointAttribute("serverCert");
-+ // serverCertNick = (String)getProperty("serverCert");
- if (clientAuthStr.equalsIgnoreCase("true")
- || clientAuthStr.equalsIgnoreCase("yes")) {
- requireClientAuth = true;
-@@ -670,7 +670,7 @@ public class JSSSocketFactory implements
- && ocspConfigured == false) {
- debugWrite("JSSSocketFactory init - checking for OCSP settings. \n");
- boolean enableOCSP = false;
-- String doOCSP = getEndpointAttribute("enableOCSP");
-+ String doOCSP = getProperty("enableOCSP");
-
- debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP + " \n");
-
-@@ -682,10 +682,10 @@ public class JSSSocketFactory implements
- + "\n");
-
- if (enableOCSP == true) {
-- String ocspResponderURL = getEndpointAttribute("ocspResponderURL");
-+ String ocspResponderURL = getProperty("ocspResponderURL");
- debugWrite("JSSSocketFactory init - ocspResponderURL "
- + ocspResponderURL + "\n");
-- String ocspResponderCertNickname = getEndpointAttribute(
-+ String ocspResponderCertNickname = getProperty(
- "ocspResponderCertNickname");
- debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
- + ocspResponderCertNickname + "\n");
-@@ -700,9 +700,9 @@ public class JSSSocketFactory implements
- int ocspMinCacheEntryDuration_i = 3600;
- int ocspMaxCacheEntryDuration_i = 86400;
-
-- String ocspCacheSize = getEndpointAttribute("ocspCacheSize");
-- String ocspMinCacheEntryDuration = getEndpointAttribute("ocspMinCacheEntryDuration");
-- String ocspMaxCacheEntryDuration = getEndpointAttribute("ocspMaxCacheEntryDuration");
-+ String ocspCacheSize = getProperty("ocspCacheSize");
-+ String ocspMinCacheEntryDuration = getProperty("ocspMinCacheEntryDuration");
-+ String ocspMaxCacheEntryDuration = getProperty("ocspMaxCacheEntryDuration");
-
- if (ocspCacheSize != null
- || ocspMinCacheEntryDuration != null
-@@ -729,7 +729,7 @@ public class JSSSocketFactory implements
- }
-
- // defualt to 60 seconds;
-- String ocspTimeout = getEndpointAttribute("ocspTimeout");
-+ String ocspTimeout = getProperty("ocspTimeout");
- if (ocspTimeout != null) {
- debugWrite("JSSSocketFactory init - ocspTimeout= \n" + ocspTimeout);
- int ocspTimeout_i = Integer.parseInt(ocspTimeout);
-@@ -760,7 +760,7 @@ public class JSSSocketFactory implements
- // 12 hours = 43200 seconds
- SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
-
-- String strictCiphersStr = getEndpointAttribute("strictCiphers");
-+ String strictCiphersStr = getProperty("strictCiphers");
- if (StringUtils.equalsIgnoreCase(strictCiphersStr, "true")
- || StringUtils.equalsIgnoreCase(strictCiphersStr, "yes")) {
- mStrictCiphers = true;
-@@ -773,7 +773,7 @@ public class JSSSocketFactory implements
- debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
- }
-
-- String sslVersionRangeStream = getEndpointAttribute("sslVersionRangeStream");
-+ String sslVersionRangeStream = getProperty("sslVersionRangeStream");
- if ((sslVersionRangeStream != null)
- && !sslVersionRangeStream.equals("")) {
- debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n");
-@@ -783,7 +783,7 @@ public class JSSSocketFactory implements
- debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n");
- }
-
-- String sslVersionRangeDatagram = getEndpointAttribute("sslVersionRangeDatagram");
-+ String sslVersionRangeDatagram = getProperty("sslVersionRangeDatagram");
- if ((sslVersionRangeDatagram != null)
- && !sslVersionRangeDatagram.equals("")) {
- debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n");
-@@ -854,11 +854,11 @@ public class JSSSocketFactory implements
-
- private void initializePasswordStore() throws InstantiationException, IllegalAccessException,
- ClassNotFoundException, IOException {
-- mPwdClass = getEndpointAttribute("passwordClass");
-+ mPwdClass = getProperty("passwordClass");
- if (mPwdClass == null) {
- throw new IOException("Misconfiguration: passwordClass is not defined");
- }
-- mPwdPath = getEndpointAttribute("passwordFile");
-+ mPwdPath = getProperty("passwordFile");
-
- mPasswordStore = (IPasswordStore) Class.forName(mPwdClass).newInstance();
- debugWrite("JSSSocketFactory init - password reader initialized\n");
-@@ -869,7 +869,7 @@ public class JSSSocketFactory implements
-
- private CryptoManager getCryptoManager() throws KeyDatabaseException, CertDatabaseException,
- GeneralSecurityException, NotInitializedException, IOException {
-- String certDir = getEndpointAttribute("certdbDir");
-+ String certDir = getProperty("certdbDir");
- if (certDir == null) {
- throw new IOException("Misconfiguration: certdir not defined");
- }
---
-1.8.3.1
-
-
-From 7612272aa337c413ac4b96cd13d5a1384b80b5aa Mon Sep 17 00:00:00 2001
-From: "Endi S. Dewata" <edewata@redhat.com>
-Date: Fri, 27 Jan 2017 04:31:41 +0100
-Subject: [PATCH 2/2] Added SSLSocketListener registry.
-
-A new TomcatJSS class has been added as a mechanism to register
-SSLSocketListeners for all SSLSockets created by TomcatJSS.
-
-https://pagure.io/tomcatjss/issue/4
----
- .../tomcat/util/net/jss/JSSSocketFactory.java | 4 ++
- src/org/apache/tomcat/util/net/jss/TomcatJSS.java | 69 ++++++++++++++++++++++
- 2 files changed, 73 insertions(+)
- create mode 100644 src/org/apache/tomcat/util/net/jss/TomcatJSS.java
-
-diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-index bc096c1..4992600 100644
---- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
-@@ -934,6 +934,10 @@ public class JSSSocketFactory implements
- SSLSocket asock = null;
- try {
- asock = (SSLSocket) socket.accept();
-+
-+ TomcatJSS tomcatjss = TomcatJSS.getInstance();
-+ asock.addSocketListener(tomcatjss);
-+
- if (wantClientAuth || requireClientAuth) {
- asock.requestClientAuth(true);
- if (requireClientAuth == true) {
-diff --git a/src/org/apache/tomcat/util/net/jss/TomcatJSS.java b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
-new file mode 100644
-index 0000000..9717921
---- /dev/null
-+++ b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
-@@ -0,0 +1,69 @@
-+/* BEGIN COPYRIGHT BLOCK
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2.1 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library; if not, write to the Free Software
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-+ *
-+ * Copyright (C) 2017 Red Hat, Inc.
-+ * All rights reserved.
-+ * END COPYRIGHT BLOCK */
-+
-+package org.apache.tomcat.util.net.jss;
-+
-+import java.util.ArrayList;
-+import java.util.Collection;
-+
-+import org.mozilla.jss.ssl.SSLAlertEvent;
-+import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
-+import org.mozilla.jss.ssl.SSLSocketListener;
-+
-+public class TomcatJSS implements SSLSocketListener {
-+
-+ public final static TomcatJSS INSTANCE = new TomcatJSS();
-+
-+ public static TomcatJSS getInstance() { return INSTANCE; }
-+
-+ Collection<SSLSocketListener> socketListeners = new ArrayList<SSLSocketListener>();
-+
-+ public void addSocketListener(SSLSocketListener listener) {
-+ socketListeners.add(listener);
-+ }
-+
-+ public void removeSocketListener(SSLSocketListener listener) {
-+ socketListeners.remove(listener);
-+ }
-+
-+ public Collection<SSLSocketListener> getSocketListeners() {
-+ return socketListeners;
-+ }
-+
-+ @Override
-+ public void alertReceived(SSLAlertEvent event) {
-+ for (SSLSocketListener listener : socketListeners) {
-+ listener.alertReceived(event);
-+ }
-+ }
-+
-+ @Override
-+ public void alertSent(SSLAlertEvent event) {
-+ for (SSLSocketListener listener : socketListeners) {
-+ listener.alertSent(event);
-+ }
-+ }
-+
-+ @Override
-+ public void handshakeCompleted(SSLHandshakeCompletedEvent event) {
-+ for (SSLSocketListener listener : socketListeners) {
-+ listener.handshakeCompleted(event);
-+ }
-+ }
-+}
---
-1.8.3.1
-
diff --git a/SPECS/tomcatjss.spec b/SPECS/tomcatjss.spec
index ae33f46..3f5bb80 100644
--- a/SPECS/tomcatjss.spec
+++ b/SPECS/tomcatjss.spec
@@ -1,7 +1,7 @@
Name: tomcatjss
-Version: 7.2.1
+Version: 7.2.5
#Release: 8%{?dist}
-Release: 8.el7_6
+Release: 1.el7
Summary: JSS Connector for Apache Tomcat, a JSSE module for Apache Tomcat that uses JSS
URL: http://pki.fedoraproject.org/
License: LGPLv2+
@@ -10,7 +10,7 @@ Group: System Environment/Libraries
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
-Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+Source0: https://github.com/dogtagpki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
# jpackage-utils requires versioning to meet both build and runtime requirements
# jss requires versioning to meet both build and runtime requirements
@@ -20,7 +20,7 @@ BuildRequires: ant
BuildRequires: apache-commons-lang
BuildRequires: java-devel
BuildRequires: jpackage-utils >= 0:1.7.5-15
-BuildRequires: jss >= 4.4.4-3
+BuildRequires: jss >= 4.4.7-1
%if 0%{?fedora} >= 23
BuildRequires: tomcat >= 8.0.18
%else
@@ -34,34 +34,13 @@ Requires: java-headless
Requires: java
%endif
Requires: jpackage-utils >= 0:1.7.5-15
-Requires: jss >= 4.4.4-3
+Requires: jss >= 4.4.7-1
%if 0%{?fedora} >= 23
Requires: tomcat >= 8.0.18
%else
Requires: tomcat >= 7.0.68
%endif
-#######################
-## tomcatjss-7.2.1-3
-#######################
-Patch1: tomcatjss-support-for-event-API.patch
-#######################
-## tomcatjss-7.2.1-4
-#######################
-Patch2: tomcatjss-Fixed-SSL-cipher-list-parser.patch
-#######################
-## tomcatjss-7.2.1-5
-#######################
-Patch3: tomcatjss-Comply-with-ASF-trademark-rules.patch
-#######################
-## tomcatjss-7.2.1-7
-#######################
-Patch4: tomcatjss-add-TLS-SHA384-ciphers.patch
-#######################
-## tomcatjss-7.2.1-8
-#######################
-Patch5: tomcatjss-enable-OCSP-from-peer-AIA-extension.patch
-
# The 'tomcatjss' package conflicts with the 'tomcat-native' package
# because it uses an underlying NSS security model rather than the
# OpenSSL security model, so these two packages may not co-exist.
@@ -86,11 +65,6 @@ NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
%prep
%setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
chmod -c -x LICENSE README
%build
@@ -121,6 +95,10 @@ rm -rf %{buildroot}
%{_javadir}/*
%changelog
+* Mon Aug 12 2019 Alexander Scheel <ascheel@redhat.com> 7.2.5-1
+- Rebase to upstream version 7.2.5
+ Bugzilla Bug #1659867 - Re-base tomcatjss from 7.2.1 to 7.2.x
+
* Mon Oct 29 2018 Jack Magne <jmagne@redhat.com> 7.2.1-8
- Bugzilla Bug #1632618 - CC: tomcatjss: unable to enable OCSP checking
from peer AIA extension [rhel-7.6.z] (jmagne)
@@ -239,5 +217,5 @@ rm -rf %{buildroot}
Bug #634375 - Build tomcatjss against tomcat6 (svn rev 106)
Bug #655915 - Disable socket timeouts when socket is first created. (svn rev 107)
-* Tue Dec 14 2010 John Dennis <jdennis@redhat.com>
+* Tue Dec 14 2010 John Dennis <jdennis@redhat.com>
- Updated 'tomcatjss' to utilize 'tomcat6'.