diff --git a/.gitignore b/.gitignore
index a88dd95..e655dd6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/tomcatjss-7.1.2.tar.gz
+SOURCES/tomcatjss-7.2.1.tar.gz
diff --git a/.tomcatjss.metadata b/.tomcatjss.metadata
index 5506bd5..f50e322 100644
--- a/.tomcatjss.metadata
+++ b/.tomcatjss.metadata
@@ -1 +1 @@
-add33e765de6154beee8927ea3bd5879cfa353bc SOURCES/tomcatjss-7.1.2.tar.gz
+45e28de0d84a01b8e8dd4ee72737fa9426ac7109 SOURCES/tomcatjss-7.2.1.tar.gz
diff --git a/SOURCES/tomcatjss-Build-Tomcat-7.0.68.patch b/SOURCES/tomcatjss-Build-Tomcat-7.0.68.patch
deleted file mode 100644
index b3eb8dc..0000000
--- a/SOURCES/tomcatjss-Build-Tomcat-7.0.68.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-04-20 12:34:46.000000000 -0600
-+++ src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-08-05 15:10:53.000000000 -0600
-@@ -97,6 +97,10 @@ class JSSSupport implements SSLSupport {
- return null;
- }
-
-+ public String getProtocol() throws IOException {
-+ return null;
-+ }
-+
- public String getSessionId() throws IOException {
- return null;
- }
diff --git a/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch b/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch
new file mode 100644
index 0000000..f2ed9ba
--- /dev/null
+++ b/SOURCES/tomcatjss-Comply-with-ASF-trademark-rules.patch
@@ -0,0 +1,56 @@
+From 7ace773ac5a46704c131bd1cc788d6db4568e401 Mon Sep 17 00:00:00 2001
+From: Matthew Harmsen <mharmsen@redhat.com>
+Date: Mon, 12 Jun 2017 16:05:21 -0600
+Subject: [PATCH] Comply with ASF trademark rules
+
+- tomcatjss Pagure Issue #10 - Comply with ASF trademark rules (mharmsen)
+---
+ README | 26 ++++++++++++++++----------
+ 1 file changed, 16 insertions(+), 10 deletions(-)
+
+diff --git a/README b/README
+index b8f3860..b3912ba 100644
+--- a/README
++++ b/README
+@@ -1,23 +1,29 @@
+-tomcatjss, a JSSE module for Tomcat that uses JSS, a Java interface to
+-Network Security Services(NSS).
++JSS Connector for Apache Tomcat, installed via the tomcatjss package,
++is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
++uses Java Security Services (JSS), a Java interface to Network Security
++Services (NSS).
+
+-tomcatjss defines a number of attributes for a Connector including:
++JSS Connector for Apache Tomcat defines a number of attributes for a Connector
++including:
+
+ clientauth: specify if client authentication is required in the connector (or
+ port), it can be true or false. If true then client authentication is required.
+
+ sslOptions: specify a comma-delimited list of ssl options to pass into the ssl
+ implementation. Each option takes the form of: option=[true|false].
+-tomcatjss supports the options: ssl2, ssl3, tls.
++JSS Connector for Apache Tomcat supports the options: ssl2, ssl3, tls.
+
+-ssl2Ciphers: specify a list of SSL2 ciphers that tomcatjss should accept
+-or reject from the client. You can use + to denote "accept", - means "reject".
++ssl2Ciphers: specify a list of SSL2 ciphers that JSS Connector for
++Apache Tomcat should accept or reject from the client. You can use + to
++denote "accept", - means "reject"
+
+-ssl3Ciphers: specifies a list of SSL3 ciphers that tomcatjss should accept
+-or reject from the client. You can use + to denote "accept", - means "reject".
++ssl3Ciphers: specifies a list of SSL3 ciphers that JSS Connector for
++Apache Tomcat should accept or reject from the client. You can use + to
++denote "accept", - means "reject".
+
+-tlsCiphers: specifies a list of TLS ciphers that tomcatjss should accept
+-or reject from the client. You can use + to denote "accept", - means "reject".
++tlsCiphers: specifies a list of TLS ciphers that JSS Connector for
++Apache Tomcat should accept or reject from the client. You can use + to
++denote "accept", - means "reject".
+
+ serverCertNickFile: a file in which specify the nickname of the
+ server certificate. The file should contain a single line that contains
+--
+2.9.4
diff --git a/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch b/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch
new file mode 100644
index 0000000..f948210
--- /dev/null
+++ b/SOURCES/tomcatjss-Fixed-SSL-cipher-list-parser.patch
@@ -0,0 +1,94 @@
+From c14c8ec6b077721eddeddb125b9a4b0141e5e4aa Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata@redhat.com>
+Date: Thu, 1 Jun 2017 00:29:37 +0200
+Subject: [PATCH] Fixed SSL cipher list parser.
+
+The SSL cipher list parsers have been modified to ignore spaces
+to allow more user-friendly formatting.
+
+https://pagure.io/tomcatjss/issue/9
+
+Change-Id: Ic21f0347e06e20f64ef37de95f9d1f1ac3d1f0d2
+---
+ .../apache/tomcat/util/net/jss/JSSImplementation.java | 5 +++--
+ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java | 16 ++++++++++++++--
+ 2 files changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
+index 42dc8d2..8721844 100644
+--- a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
+@@ -25,6 +25,8 @@ import java.io.IOException;
+ import java.net.Socket;
+ import java.util.Properties;
+
++import org.apache.commons.logging.Log;
++import org.apache.commons.logging.LogFactory;
+ import org.apache.tomcat.util.net.AbstractEndpoint;
+ import org.apache.tomcat.util.net.SSLImplementation;
+ import org.apache.tomcat.util.net.SSLSupport;
+@@ -35,8 +37,7 @@ public class JSSImplementation extends SSLImplementation {
+ static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
+ static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
+
+- static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
+- .getLog(JSSImplementation.class);
++ static Log logger = LogFactory.getLog(JSSImplementation.class);
+
+ private JSSFactory factory = null;
+
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+index 4992600..f974a89 100644
+--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+@@ -42,6 +42,8 @@ import javax.net.ssl.SSLContext;
+ import javax.net.ssl.TrustManager;
+
+ import org.apache.commons.lang.StringUtils;
++import org.apache.commons.logging.Log;
++import org.apache.commons.logging.LogFactory;
+ // Imports required to "implement" Tomcat 7 Interface
+ import org.apache.tomcat.util.net.AbstractEndpoint;
+ import org.mozilla.jss.CertDatabaseException;
+@@ -61,6 +63,8 @@ public class JSSSocketFactory implements
+ org.apache.tomcat.util.net.ServerSocketFactory,
+ org.apache.tomcat.util.net.SSLUtil {
+
++ static Log logger = LogFactory.getLog(JSSSocketFactory.class);
++
+ private static HashMap<String, Integer> cipherMap = new HashMap<String, Integer>();
+ static {
+ // SSLv2
+@@ -382,9 +386,13 @@ public class JSSSocketFactory implements
+ debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
+ return;
+ }
+- StringTokenizer st = new StringTokenizer(ciphers, ",");
++
++ logger.debug("Processing " + attr + ":");
++ StringTokenizer st = new StringTokenizer(ciphers, ", ");
+ while (st.hasMoreTokens()) {
+ String cipherstr = st.nextToken();
++ logger.debug(" - " + cipherstr);
++
+ int cipherid = 0;
+ String text;
+ boolean state;
+@@ -456,9 +464,13 @@ public class JSSSocketFactory implements
+ debugWrite("no sslOptions specified");
+ return;
+ }
+- StringTokenizer st = new StringTokenizer(options, ",");
++
++ logger.debug("Processing sslOptions:");
++ StringTokenizer st = new StringTokenizer(options, ", ");
+ while (st.hasMoreTokens()) {
+ String option = st.nextToken();
++ logger.debug(" - " + option);
++
+ StringTokenizer st1 = new StringTokenizer(option, "=");
+ String name = st1.nextToken();
+ String value = st1.nextToken();
+--
+1.8.3.1
+
diff --git a/SOURCES/tomcatjss-missing-ciphers.patch b/SOURCES/tomcatjss-missing-ciphers.patch
deleted file mode 100644
index 953b20c..0000000
--- a/SOURCES/tomcatjss-missing-ciphers.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-diff -up src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
---- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu 2016-06-29 18:54:38.498127146 -0600
-+++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java 2016-06-29 18:56:38.646778769 -0600
-@@ -96,8 +96,12 @@ public class JSSSocketFactory implements
- SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
- SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
-+
- cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
- SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
-+ // deprecated SSL3.0 names replaced by IANA-registered TLS names
-+ cipherMap.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
- SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
-@@ -116,14 +120,23 @@ public class JSSSocketFactory implements
- SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
- SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
-+
- cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
- SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
-+ // deprecated SSL3.0 names replaced by IANA-registered TLS names
-+ cipherMap.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
-+
- cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
- SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
- SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
-+
- cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
- SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
-+ // deprecated SSL3.0 names replaced by IANA-registered TLS names
-+ cipherMap.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
- SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
-@@ -264,6 +277,12 @@ public class JSSSocketFactory implements
- cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
- SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
-
-+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
-+ SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
-+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
-+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
-+ cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
-+ SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
- }
-
- private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
-@@ -308,6 +327,8 @@ public class JSSSocketFactory implements
- "TLS_ECDH_RSA_WITH_NULL_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
- "TLS_ECDH_ECDSA_WITH_NULL_SHA");
-+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-+ "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
- }
-
- private AbstractEndpoint endpoint;
-@@ -393,6 +414,7 @@ public class JSSSocketFactory implements
- + ": 0x" + Integer.toHexString(cipherid) + "\n");
- SSLSocket.setCipherPreferenceDefault(cipherid, state);
- } catch (Exception e) {
-+ System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e);
- if (eccCipherMap.containsKey(cipherid)) {
- System.err
- .println("Warning: SSL ECC cipher \""
diff --git a/SOURCES/tomcatjss-support-for-event-API.patch b/SOURCES/tomcatjss-support-for-event-API.patch
new file mode 100644
index 0000000..f38a2f1
--- /dev/null
+++ b/SOURCES/tomcatjss-support-for-event-API.patch
@@ -0,0 +1,294 @@
+From c410c7a35b4aa78e7c35d11a72cc96ff932df982 Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata@redhat.com>
+Date: Fri, 3 Mar 2017 09:19:58 +0100
+Subject: [PATCH 1/2] Renamed getEndpointAttribute().
+
+The getEndpointAttribute() in JSSSocketFactory has been renamed
+to getProperty() for clarity.
+---
+ .../tomcat/util/net/jss/JSSSocketFactory.java | 44 +++++++++++-----------
+ 1 file changed, 22 insertions(+), 22 deletions(-)
+
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+index ebf5505..bc096c1 100644
+--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+@@ -377,7 +377,7 @@ public class JSSSocketFactory implements
+ }
+
+ public void setSSLCiphers(String attr) throws SocketException, IOException {
+- String ciphers = getEndpointAttribute(attr);
++ String ciphers = getProperty(attr);
+ if (StringUtils.isEmpty(ciphers)) {
+ debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
+ return;
+@@ -451,7 +451,7 @@ public class JSSSocketFactory implements
+ * parameter is ignored.
+ */
+ public void setSSLOptions() throws SocketException, IOException {
+- String options = getEndpointAttribute("sslOptions");
++ String options = getProperty("sslOptions");
+ if (StringUtils.isEmpty(options)) {
+ debugWrite("no sslOptions specified");
+ return;
+@@ -562,7 +562,7 @@ public class JSSSocketFactory implements
+ return -1;
+ }
+
+- String getEndpointAttribute(String tag) {
++ String getProperty(String tag) {
+
+ // check <catalina.base>/conf/server.xml
+ String value = (String)endpoint.getAttribute(tag);
+@@ -575,8 +575,8 @@ public class JSSSocketFactory implements
+ return value;
+ }
+
+- String getEndpointAttribute(String tag, String defaultValue) {
+- String value = getEndpointAttribute(tag);
++ String getProperty(String tag, String defaultValue) {
++ String value = getProperty(tag);
+ if (value == null) {
+ return defaultValue;
+ }
+@@ -585,7 +585,7 @@ public class JSSSocketFactory implements
+
+ void init() throws IOException {
+ // debug enabled?
+- String deb = getEndpointAttribute("debug");
++ String deb = getProperty("debug");
+ if (StringUtils.equals(deb, "true")) {
+ debug = true;
+ debugFile = new FileWriter("/tmp/tomcatjss.log", true);
+@@ -613,14 +613,14 @@ public class JSSSocketFactory implements
+
+ // MUST look for "clientauth" (ALL lowercase) since "clientAuth"
+ // (camel case) has already been processed by Tomcat 7
+- String clientAuthStr = getEndpointAttribute("clientauth");
++ String clientAuthStr = getProperty("clientauth");
+ if (clientAuthStr == null) {
+ debugWrite("JSSSocketFactory init - \"clientauth\" not found, default to want.");
+ clientAuthStr = "want";
+ }
+ File file = null;
+ try {
+- mServerCertNickPath = getEndpointAttribute("serverCertNickFile");
++ mServerCertNickPath = getProperty("serverCertNickFile");
+ if (mServerCertNickPath == null) {
+ throw new IOException("serverCertNickFile not specified");
+ }
+@@ -656,7 +656,7 @@ public class JSSSocketFactory implements
+ "JSSSocketFactory: no serverCertNickFile defined");
+ }
+
+- // serverCertNick = (String)getEndpointAttribute("serverCert");
++ // serverCertNick = (String)getProperty("serverCert");
+ if (clientAuthStr.equalsIgnoreCase("true")
+ || clientAuthStr.equalsIgnoreCase("yes")) {
+ requireClientAuth = true;
+@@ -670,7 +670,7 @@ public class JSSSocketFactory implements
+ && ocspConfigured == false) {
+ debugWrite("JSSSocketFactory init - checking for OCSP settings. \n");
+ boolean enableOCSP = false;
+- String doOCSP = getEndpointAttribute("enableOCSP");
++ String doOCSP = getProperty("enableOCSP");
+
+ debugWrite("JSSSocketFactory init - doOCSP flag:" + doOCSP + " \n");
+
+@@ -682,10 +682,10 @@ public class JSSSocketFactory implements
+ + "\n");
+
+ if (enableOCSP == true) {
+- String ocspResponderURL = getEndpointAttribute("ocspResponderURL");
++ String ocspResponderURL = getProperty("ocspResponderURL");
+ debugWrite("JSSSocketFactory init - ocspResponderURL "
+ + ocspResponderURL + "\n");
+- String ocspResponderCertNickname = getEndpointAttribute(
++ String ocspResponderCertNickname = getProperty(
+ "ocspResponderCertNickname");
+ debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
+ + ocspResponderCertNickname + "\n");
+@@ -700,9 +700,9 @@ public class JSSSocketFactory implements
+ int ocspMinCacheEntryDuration_i = 3600;
+ int ocspMaxCacheEntryDuration_i = 86400;
+
+- String ocspCacheSize = getEndpointAttribute("ocspCacheSize");
+- String ocspMinCacheEntryDuration = getEndpointAttribute("ocspMinCacheEntryDuration");
+- String ocspMaxCacheEntryDuration = getEndpointAttribute("ocspMaxCacheEntryDuration");
++ String ocspCacheSize = getProperty("ocspCacheSize");
++ String ocspMinCacheEntryDuration = getProperty("ocspMinCacheEntryDuration");
++ String ocspMaxCacheEntryDuration = getProperty("ocspMaxCacheEntryDuration");
+
+ if (ocspCacheSize != null
+ || ocspMinCacheEntryDuration != null
+@@ -729,7 +729,7 @@ public class JSSSocketFactory implements
+ }
+
+ // defualt to 60 seconds;
+- String ocspTimeout = getEndpointAttribute("ocspTimeout");
++ String ocspTimeout = getProperty("ocspTimeout");
+ if (ocspTimeout != null) {
+ debugWrite("JSSSocketFactory init - ocspTimeout= \n" + ocspTimeout);
+ int ocspTimeout_i = Integer.parseInt(ocspTimeout);
+@@ -760,7 +760,7 @@ public class JSSSocketFactory implements
+ // 12 hours = 43200 seconds
+ SSLServerSocket.configServerSessionIDCache(0, 43200, 43200, null);
+
+- String strictCiphersStr = getEndpointAttribute("strictCiphers");
++ String strictCiphersStr = getProperty("strictCiphers");
+ if (StringUtils.equalsIgnoreCase(strictCiphersStr, "true")
+ || StringUtils.equalsIgnoreCase(strictCiphersStr, "yes")) {
+ mStrictCiphers = true;
+@@ -773,7 +773,7 @@ public class JSSSocketFactory implements
+ debugWrite("SSSocketFactory init - before setSSLCiphers, strictCiphers is false\n");
+ }
+
+- String sslVersionRangeStream = getEndpointAttribute("sslVersionRangeStream");
++ String sslVersionRangeStream = getProperty("sslVersionRangeStream");
+ if ((sslVersionRangeStream != null)
+ && !sslVersionRangeStream.equals("")) {
+ debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type STREAM\n");
+@@ -783,7 +783,7 @@ public class JSSSocketFactory implements
+ debugWrite("SSSocketFactory init - after setSSLVersionRangeDefault() for type STREAM\n");
+ }
+
+- String sslVersionRangeDatagram = getEndpointAttribute("sslVersionRangeDatagram");
++ String sslVersionRangeDatagram = getProperty("sslVersionRangeDatagram");
+ if ((sslVersionRangeDatagram != null)
+ && !sslVersionRangeDatagram.equals("")) {
+ debugWrite("SSSocketFactory init - calling setSSLVersionRangeDefault() for type DATA_GRAM\n");
+@@ -854,11 +854,11 @@ public class JSSSocketFactory implements
+
+ private void initializePasswordStore() throws InstantiationException, IllegalAccessException,
+ ClassNotFoundException, IOException {
+- mPwdClass = getEndpointAttribute("passwordClass");
++ mPwdClass = getProperty("passwordClass");
+ if (mPwdClass == null) {
+ throw new IOException("Misconfiguration: passwordClass is not defined");
+ }
+- mPwdPath = getEndpointAttribute("passwordFile");
++ mPwdPath = getProperty("passwordFile");
+
+ mPasswordStore = (IPasswordStore) Class.forName(mPwdClass).newInstance();
+ debugWrite("JSSSocketFactory init - password reader initialized\n");
+@@ -869,7 +869,7 @@ public class JSSSocketFactory implements
+
+ private CryptoManager getCryptoManager() throws KeyDatabaseException, CertDatabaseException,
+ GeneralSecurityException, NotInitializedException, IOException {
+- String certDir = getEndpointAttribute("certdbDir");
++ String certDir = getProperty("certdbDir");
+ if (certDir == null) {
+ throw new IOException("Misconfiguration: certdir not defined");
+ }
+--
+1.8.3.1
+
+
+From 7612272aa337c413ac4b96cd13d5a1384b80b5aa Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata@redhat.com>
+Date: Fri, 27 Jan 2017 04:31:41 +0100
+Subject: [PATCH 2/2] Added SSLSocketListener registry.
+
+A new TomcatJSS class has been added as a mechanism to register
+SSLSocketListeners for all SSLSockets created by TomcatJSS.
+
+https://pagure.io/tomcatjss/issue/4
+---
+ .../tomcat/util/net/jss/JSSSocketFactory.java | 4 ++
+ src/org/apache/tomcat/util/net/jss/TomcatJSS.java | 69 ++++++++++++++++++++++
+ 2 files changed, 73 insertions(+)
+ create mode 100644 src/org/apache/tomcat/util/net/jss/TomcatJSS.java
+
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+index bc096c1..4992600 100644
+--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+@@ -934,6 +934,10 @@ public class JSSSocketFactory implements
+ SSLSocket asock = null;
+ try {
+ asock = (SSLSocket) socket.accept();
++
++ TomcatJSS tomcatjss = TomcatJSS.getInstance();
++ asock.addSocketListener(tomcatjss);
++
+ if (wantClientAuth || requireClientAuth) {
+ asock.requestClientAuth(true);
+ if (requireClientAuth == true) {
+diff --git a/src/org/apache/tomcat/util/net/jss/TomcatJSS.java b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
+new file mode 100644
+index 0000000..9717921
+--- /dev/null
++++ b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
+@@ -0,0 +1,69 @@
++/* BEGIN COPYRIGHT BLOCK
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
++ *
++ * Copyright (C) 2017 Red Hat, Inc.
++ * All rights reserved.
++ * END COPYRIGHT BLOCK */
++
++package org.apache.tomcat.util.net.jss;
++
++import java.util.ArrayList;
++import java.util.Collection;
++
++import org.mozilla.jss.ssl.SSLAlertEvent;
++import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
++import org.mozilla.jss.ssl.SSLSocketListener;
++
++public class TomcatJSS implements SSLSocketListener {
++
++ public final static TomcatJSS INSTANCE = new TomcatJSS();
++
++ public static TomcatJSS getInstance() { return INSTANCE; }
++
++ Collection<SSLSocketListener> socketListeners = new ArrayList<SSLSocketListener>();
++
++ public void addSocketListener(SSLSocketListener listener) {
++ socketListeners.add(listener);
++ }
++
++ public void removeSocketListener(SSLSocketListener listener) {
++ socketListeners.remove(listener);
++ }
++
++ public Collection<SSLSocketListener> getSocketListeners() {
++ return socketListeners;
++ }
++
++ @Override
++ public void alertReceived(SSLAlertEvent event) {
++ for (SSLSocketListener listener : socketListeners) {
++ listener.alertReceived(event);
++ }
++ }
++
++ @Override
++ public void alertSent(SSLAlertEvent event) {
++ for (SSLSocketListener listener : socketListeners) {
++ listener.alertSent(event);
++ }
++ }
++
++ @Override
++ public void handshakeCompleted(SSLHandshakeCompletedEvent event) {
++ for (SSLSocketListener listener : socketListeners) {
++ listener.handshakeCompleted(event);
++ }
++ }
++}
+--
+1.8.3.1
+
diff --git a/SPECS/tomcatjss.spec b/SPECS/tomcatjss.spec
index fb80df3..90c490d 100644
--- a/SPECS/tomcatjss.spec
+++ b/SPECS/tomcatjss.spec
@@ -1,7 +1,7 @@
Name: tomcatjss
-Version: 7.1.2
-Release: 3%{?dist}
-Summary: JSSE implementation using JSS for Tomcat
+Version: 7.2.1
+Release: 6%{?dist}
+Summary: JSS Connector for Apache Tomcat, a JSSE module for Apache Tomcat that uses JSS
URL: http://pki.fedoraproject.org/
License: LGPLv2+
Group: System Environment/Libraries
@@ -14,11 +14,16 @@ Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.ta
# jpackage-utils requires versioning to meet both build and runtime requirements
# jss requires versioning to meet both build and runtime requirements
# tomcat requires versioning to meet both build and runtime requirements
+Conflicts: pki-base < 10.4.0
BuildRequires: ant
BuildRequires: apache-commons-lang
BuildRequires: java-devel
BuildRequires: jpackage-utils >= 0:1.7.5-15
-BuildRequires: jss >= 4.2.6-35
+%if 0%{?fedora}
+BuildRequires: jss >= 4.4.2-2
+%else
+BuildRequires: jss >= 4.4.0-7
+%endif
%if 0%{?fedora} >= 23
BuildRequires: tomcat >= 8.0.18
%else
@@ -32,16 +37,29 @@ Requires: java-headless
Requires: java
%endif
Requires: jpackage-utils >= 0:1.7.5-15
-Requires: jss >= 4.2.6-35
+%if 0%{?fedora}
+Requires: jss >= 4.4.2-2
+%else
+Requires: jss >= 4.4.0-7
+%endif
%if 0%{?fedora} >= 23
Requires: tomcat >= 8.0.18
%else
Requires: tomcat >= 7.0.68
%endif
-## tomcatjss-7.1.2-2
-Patch1: tomcatjss-Build-Tomcat-7.0.68.patch
-Patch2: tomcatjss-missing-ciphers.patch
+#######################
+## tomcatjss-7.2.1-3
+#######################
+Patch1: tomcatjss-support-for-event-API.patch
+#######################
+## tomcatjss-7.2.1-4
+#######################
+Patch2: tomcatjss-Fixed-SSL-cipher-list-parser.patch
+#######################
+## tomcatjss-7.2.1-5
+#######################
+Patch3: tomcatjss-Comply-with-ASF-trademark-rules.patch
# The 'tomcatjss' package conflicts with the 'tomcat-native' package
# because it uses an underlying NSS security model rather than the
@@ -55,8 +73,10 @@ Conflicts: tomcat-native
%endif
%description
-A Java Secure Socket Extension (JSSE) implementation
-using Java Security Services (JSS) for Tomcat 7.
+JSS Connector for Apache Tomcat, installed via the tomcatjss package,
+is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that
+uses Java Security Services (JSS), a Java interface to Network Security
+Services (NSS).
NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
because it uses an underlying NSS security model rather than the
@@ -65,8 +85,9 @@ NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
%prep
%setup -q
-%patch1 -p0
-%patch2 -p0
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
chmod -c -x LICENSE README
%build
@@ -97,22 +118,52 @@ rm -rf %{buildroot}
%{_javadir}/*
%changelog
+* Mon Jun 12 2017 Matthew Harmsen <mharmsen@redhat.com> 7.2.1-6
+- Bugzilla Bug #1460040 - Comply with ASF trademark rules (mharmsen)
+
+* Mon Jun 12 2017 Matthew Harmsen <mharmsen@redhat.com> 7.2.1-5
+- Bugzilla Bug #1460037 - Comply with ASF trademark rules (mharmsen)
+
+* Mon Jun 5 2017 Endi Sukma Dewata <edewata@redhat.com> 7.2.1-4
+- Bugzilla Bug #1457524 - Problem parsing formatted cipher list (edewata)
+
+* Mon Mar 27 2017 Matthew Harmsen <mharmsen@redhat.com> - 7.2.1-3
+- Bugzilla Bug #1394416 - Rebase tomcatjss to 7.2.x in RHEL 7.4 (mharmsen)
+- ## 'tomcatjss-support-for-event-API.patch' resolves the following issues
+ ## ported from upstream:
+- tomcatjss Pagure Issue #4 - Support for Event API (edewata)
+
+* Tue Mar 21 2017 Matthew Harmsen <mharmsen@redhat.com> - 7.2.1-2
+- Added Conflicts statement due to incompatibility with pki-base < 10.4.0
+
+* Tue Mar 14 2017 Matthew Harmsen <mharmsen@redhat.com> 7.2.1-1
+- Updated jss build and runtime dependencies
+- Bumped version due to corrupted tarball
+
+* Mon Mar 13 2017 Matthew Harmsen <mharmsen@redhat.com> 7.2.0-2
+- Changed build so that it did not package and depend upon the specfile being
+ included inside the tarball
+
+* Sun Mar 12 2017 Matthew Harmsen <mharmsen@redhat.com> 7.2.0-1
+- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.0 in Fedora 25+ (mharmsen)
+- Bugzilla Bug #1394416 - Rebase tomcatjss to 7.2.0 in RHEL 7.4 (mharmsen)
+
* Wed Jun 29 2016 Christina Fu <cfu@redhat.com> 7.1.2-3
- Bugzilla Bug #1203407 - missing ciphers (cfu)
* Wed Mar 16 2016 Endi Sukma Dewata <edewata@redhat.com> 7.1.2-2
- Bugzilla Bug #1344804 - Build failure on RHEL 7.3
(patch for Bugzilla Bug #1245786 - Build failure on F23 was backported to
- RHEL 7 to coincide with Tomcat version change to 7.0.68+)
+ RHEL 7 to coincide with Apache Tomcat version change to 7.0.68+)
* Wed Mar 4 2015 Endi Sukma Dewata <edewata@redhat.com> 7.1.2-1
-- Bugzilla Bug #1198450 - Support for Tomcat 8
+- Bugzilla Bug #1198450 - Support for Apache Tomcat 8
- Bugzilla Bug #1214858 - Add nuxwdog support (alee)
* Tue Sep 30 2014 Christina Fu <cfu@redhat.com> 7.1.1-1
- Bugzilla Bug #1058366 NullPointerException in tomcatjss searching
for attribute "clientauth" (cfu)
-- Bugzilla Bug #871171 - Provide Tomcat support for TLS v1.1 and
+- Bugzilla Bug #871171 - Provide Apache Tomcat support for TLS v1.1 and
TLS v1.2 (cfu)
- Bumped revision to 7.1.1
@@ -140,8 +191,8 @@ rm -rf %{buildroot}
- Bugzila Bug #819554 tomcatjss: Please migrate from tomcat6 to tomcat7
* Thu Aug 2 2012 Matthew Harmsen <mharmsen@redhat.com> 7.0.0-3
-- PKI TRAC Ticket #283 - Dogtag 10: Integrate Tomcat 6 'tomcatjss.jar' and
- Tomcat 7 'tomcat7jss.jar' in Fedora 18 tomcatjss package
+- PKI TRAC Ticket #283 - Dogtag 10: Integrate Apache Tomcat 6 'tomcatjss.jar'
+ and Apache Tomcat 7 'tomcat7jss.jar' in Fedora 18 tomcatjss package
* Thu Jul 26 2012 Matthew Harmsen <mharmsen@redhat.com> 7.0.0-2
- Fixed runtime 'Requires' cut/paste typos