Update Jetty adapter to 11.0.15

Update Jetty from version 9.4 to 11.0, which also increases the minimum
compatible Java version from 1.8 to 11. As Jetty 10.0 also requires
Java 11, we can skip over that version.

Author: weavejester

ring-jetty-adapter/checkouts/ring-jakarta-servlet

@@ -0,0 +1 @@
+../../ring-jakarta-servlet/

ring-jetty-adapter/checkouts/ring-servlet

@@ -6,8 +6,8 @@
             :url "http://opensource.org/licenses/MIT"}
   :dependencies [[org.clojure/clojure "1.7.0"]
                  [ring/ring-core "1.10.0"]
-                 [ring/ring-servlet "1.10.0"]
-                 [org.eclipse.jetty/jetty-server "9.4.51.v20230217"]]
+                 [ring/ring-jakarta-servlet "1.10.0"]
+                 [org.eclipse.jetty/jetty-server "11.0.15"]]
   :aliases {"test-all" ["with-profile" "default:+1.8:+1.9:+1.10:+1.11" "test"]}
   :profiles
   {:dev  {:dependencies [[clj-http "3.12.3"]

ring-jetty-adapter/project.clj

@@ -2,7 +2,7 @@
   "A Ring adapter that uses the Jetty 9 embedded web server.
 
   Adapters are used to convert Ring handlers into running web servers."
-  (:require [ring.util.servlet :as servlet])
+  (:require [ring.util.jakarta.servlet :as servlet])
   (:import [org.eclipse.jetty.server
             Request
             Server
@@ -16,8 +16,8 @@
            [org.eclipse.jetty.util BlockingArrayQueue]
            [org.eclipse.jetty.util.thread ThreadPool QueuedThreadPool]
            [org.eclipse.jetty.util.ssl SslContextFactory$Server KeyStoreScanner]
-           [javax.servlet AsyncContext DispatcherType AsyncEvent AsyncListener]
-           [javax.servlet.http HttpServletRequest HttpServletResponse]))
+           [jakarta.servlet AsyncContext DispatcherType AsyncEvent AsyncListener]
+           [jakarta.servlet.http HttpServletRequest HttpServletResponse]))
 
 (defn- ^AbstractHandler proxy-handler [handler]
   (proxy [AbstractHandler] []
@@ -113,13 +113,16 @@
           (.addExcludeProtocols context-server protocols))))
     context-server))
 
+
 (defn- ^ServerConnector ssl-connector [^Server server options]
   (let [ssl-port     (options :ssl-port 443)
+        customizer   (doto (SecureRequestCustomizer.)
+                       (.setSniHostCheck (options :sni-host-check? true)))
         http-factory (HttpConnectionFactory.
                       (doto (http-config options)
                         (.setSecureScheme "https")
                         (.setSecurePort ssl-port)
-                        (.addCustomizer (SecureRequestCustomizer.))))
+                        (.addCustomizer customizer)))
         ssl-context  (ssl-context-factory options)
         ssl-factory  (SslConnectionFactory. ssl-context "http/1.1")]
     (when-let [scan-interval (options :keystore-scan-interval)]
@@ -175,6 +178,7 @@
   :ssl-port               - the SSL port to listen on (defaults to 443, implies
                             :ssl? is true)
   :ssl-context            - an optional SSLContext to use for SSL connections
+  :sni-host-check?        - use SNI to check the hostname (default true)
   :exclude-ciphers        - when :ssl? is true, additionally exclude these
                             cipher suites
   :exclude-protocols      - when :ssl? is true, additionally exclude these

ring-jetty-adapter/src/ring/adapter/jetty.clj

@@ -82,12 +82,13 @@
   (doto (KeyStore/getInstance (KeyStore/getDefaultType)) (.load nil)))
 
 (def test-ssl-options
-  {:port         test-port
-   :ssl?         true
-   :ssl-port     test-ssl-port
-   :keystore     nil-keystore
-   :key-password "hunter2"
-   :join?        false})
+  {:port            test-port
+   :ssl?            true
+   :ssl-port        test-ssl-port
+   :keystore        nil-keystore
+   :key-password    "hunter2"
+   :join?           false
+   :sni-host-check? false})
 
 (deftest test-run-jetty
   (testing "HTTP server"
@@ -102,7 +103,8 @@
     (with-server hello-world {:port test-port
                               :ssl-port test-ssl-port
                               :keystore "test/keystore.jks"
-                              :key-password "password"}
+                              :key-password "password"
+                              :sni-host-check? false}
       (let [response (http/get test-ssl-url {:insecure? true})]
         (is (= (:status response) 200))
         (is (= (:body response) "Hello World")))))
@@ -122,7 +124,8 @@
                               :port test-port
                               :ssl-port test-ssl-port
                               :keystore "test/keystore.jks"
-                              :key-password "password"}
+                              :key-password "password"
+                              :sni-host-check? false}
       (let [response (http/get test-ssl-url {:insecure? true})]
         (is (= (:status response) 200))
         (is (= (:body response) "Hello World")))
@@ -135,7 +138,8 @@
                                       :key-password "password"
                                       :port test-port
                                       :ssl? true
-                                      :ssl-port test-ssl-port}
+                                      :ssl-port test-ssl-port
+                                      :sni-host-check? false}
       (is (thrown? java.io.IOException
                    (http/get test-ssl-url {:insecure? true}))
           "missing client certs will cause an exception")
@@ -153,7 +157,8 @@
                                       :key-password "password"
                                       :port test-port
                                       :ssl? true
-                                      :ssl-port test-ssl-port}
+                                      :ssl-port test-ssl-port
+                                      :sni-host-check? false}
       (let [response (http/get test-ssl-url {:insecure? true
                                              :throw-exceptions false})]
         (is (= 403 (:status response))
@@ -169,7 +174,8 @@
   (testing "HTTPS server using :ssl-context"
     (with-server hello-world {:port test-port
                               :ssl-port test-ssl-port
-                              :ssl-context (ssl-context)}
+                              :ssl-context (ssl-context)
+                              :sni-host-check? false}
       (let [response (http/get test-ssl-url {:insecure? true})]
         (is (= (:status response) 200))
         (is (= (:body response) "Hello World")))))
@@ -179,7 +185,8 @@
                                       :ssl-context (ssl-context)
                                       :port test-port
                                       :ssl? true
-                                      :ssl-port test-ssl-port}
+                                      :ssl-port test-ssl-port
+                                      :sni-host-check? false}
       (is (thrown? java.io.IOException
                    (http/get test-ssl-url {:insecure? true}))
           "missing client certs will cause an exception")
@@ -196,7 +203,8 @@
                                       :ssl-context (ssl-context)
                                       :port test-port
                                       :ssl? true
-                                      :ssl-port test-ssl-port}
+                                      :ssl-port test-ssl-port
+                                      :sni-host-check? false}
       (let [response (http/get test-ssl-url {:insecure? true
                                              :throw-exceptions false})]
         (is (= 403 (:status response))
@@ -243,7 +251,8 @@
                                          :keystore "test/keystore.jks"
                                          :key-password "password"
                                          :join? false
-                                         :max-idle-time 5000})
+                                         :max-idle-time 5000
+                                         :sni-host-check? false})
           connectors (. server getConnectors)]
       (is (= 5000 (. (first connectors) getIdleTimeout)))
       (is (= 5000 (. (second connectors) getIdleTimeout)))
@@ -254,6 +263,7 @@
                                          :ssl-port test-ssl-port
                                          :keystore "test/keystore.jks"
                                          :key-password "password"
+                                         :sni-host-check? false
                                          :join? false})
           connectors (. server getConnectors)]
       (is (= 200000 (. (first connectors) getIdleTimeout)))