Issue #2010 Support FIPs Key Managers, by only wrapping the default Key Manager if we have wildcard CN's or more than 1 non wild CN. FIPs users will need to install a
keystore than has no multiple certificates than can only be resolved by SNI. They will also need to have no certificate aliases.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Updated the class with better formatting, added javadocs, updated old
javadocs, removed warnings, etc.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now waking up the flusher via iterate() after a reset has been received.
This ensures that frames that may have stalled are removed from the
flusher queue.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
CreateEndPoint and DestroyEndPoint are now submitted directly to
the Executor, rather than being submitted as selector actions.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #1966 Case Sensitive method (PR #1967)
* Modified the compliance violations to warn if case insensitivety is applied to a header
* removed duplicated if
* Fixed string comparison
* Improved compliance messages and comments
* updated expected violation messages
* Require a header colon only when in 7230 compliance mode
Tag for release: jetty-9.4.8-SNAPSHOT
+ 212 HttpClient should support pluggable AuthenticationStore
+ 215 Add Conscrypt for native ALPN/TLS/SSL
+ 272 WebSocket hangs in blockingWrite
+ 487 JDK 9 build compatibility
+ 901 Overriding SSL context KeyStoreType requires explicit override of
TrustStoreType
+ 922 Implements methods Connection.getBytes[In|Out]()
+ 1209 IllegalStateException when HTTP/2 push is disabled
+ 1213 Upgrade to ASM Version 6.0 for JDK9
+ 1509 Improve GZIPContentDecoder buffer pooling sizing
+ 1550 Resolve inconsistent Shutdown configuration with Jetty Runner
+ 1640 Introduce :run-distro goal for local jetty distribution deployment
+ 1692 Annotation scanning should ignore `module-info.class` files
+ 1696 Missing stacktraces on debug of WriteFlusher onFail
+ 1705 Rejected executions in QueuedThreadPool can lead to memory leaks
+ 1760 Update to apache jasper 8.5.20
+ 1768 Allow jetty properties to be set for the jetty:run-forked goal
+ 1782 Using assembly.tarLongFileMode=posix for jetty-home and
jetty-distribution assembly
+ 1797 JEP 238 - Multi-Release JAR files break bytecode scanning
+ 1806 Improved ReservedThreads idle timeout
+ 1807 Add new HttpChannel listener and events for metrics libraries
+ 1814 Move JavaVersion to jetty-util for future Java 9 support requirements
+ 1818 Improve Infinispan support on JDK 9
+ 1819 Race condition during annotation parsing
+ 1823 ResourceHandler with ranged requests does not return Content-Type
response header
+ 1829 OSGi webbundle classes scanned twice
+ 1833 Request.startAsync requires context path
+ 1835 Locker is not reentrant on ServerConnector#setConnectionFactories
+ 1836 Migrate Locker implementation to JVM ReentrantLock implementation
+ 1841 Reduce contention on ServletHolder
+ 1845 Allow null User-Agent in HttpClient
+ 1849 Refactoring of SelectorManager.defaultSchedulers()
+ 1851 Improve insufficient thread warnings/errors
+ 1854 Consistent IOException and timeout handling when extracting form
parameters
+ 1856 ResourceHandler without ServletContext throws NPE for welcome files if
used directly
+ 1857 GZIPContentTransformer fails to send entire message if used with
BufferedContentTransformer
+ 1865 Improve Exception on invalid redirect usage
+ 1867 Improve Exception thrown during Expect 100 Continue
+ 1868 Need a way to randomly select ports for tests
+ 1871 JMXify SslContextFactory
+ 1878 Handle 100 Continue response without Expect header
+ 1879 'Bad tld url' seen during :jetty-run when running integration tests
+ 1881 Improve support of WebSocket over Unix Domain Socket
+ 1885 SessionHandler get/set maxInactiveInterval is not symmetric with
negative values
+ 1888 Implement cookie matching on Path attribute per RFC 6265
+ 1891 Make HTTP/2 async error notifications configurable
+ 1892 NPE resulting from bad JEP 238 MultiReleaseJarFile structure
+ 1893 Add ability to set HttpClient Connection TTL
+ 1897 Introduce a round-robin connection pool for HttpClient
+ 1900 Update to CDI 2.0 for cdi module
+ 1901 Reimplement PathWatcher as scanner
+ 1909 Update to Apache Jasper 8.5.23
+ 1910 Remove unused jetty-jsp module
+ 1912 AbstractConnector EndPoint leak for failed SSL connections
+ 1914 HttpClient fails to parse Content-Type response header with RFC 2045
charset="utf-8" syntax
+ 1919 Review LowResourceMonitor
+ 1920 Connect Timeouts with NonBlocking CreateEndPoint
+ 1924 ManagedSelector can livelock under high load
+ 1931 Expose RolloverOutputStream for pluggable behaviour
+ 1933 Use CLASSPATH for scanning java9 system classes
+ 1956 Store and report build information of Jetty
+ 1958 Blocking Timeout has different behavior in HttpInput vs HttpOutput
+ 1970 ManagedSelector can lose selector thread under high concurrent load
+ 1980 PushCacheFilter does not push TLS offloaded HTTP/2 requests
+ 1981 Loading resource content failed
+ 1984 Remove jetty-client dependency in jetty-rewrite
PR #1987 AsyncICB need not execute
The HttpOutput AsyncICB is a blocking callback, thus it is always executed and
never runs in the selector thread. It thus does not need to execute its call
the Channel.handle
* HTTP/2 must execute async callbacks
* AsyncICBr need not execute
* Invert the sense of the fix. AsyncICB now executes, but is flagged as a non-blocking callback.
* removed import
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Updated references to Conscrypt 1.0.0.RC11.
Used "default" rather than "native" for the JSSE docs.
Changed "two-way authentication" to "client certificate authentication".
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Changed HttpChannel to call Request.setSecure() with the scheme of the
request URI.
Changed PushCacheFilter to rely on the referrer URI scheme, and only if
that is missing then using Request.isSecure().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>