svn commit: r1737157 - /tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java

[markt]

Author: markt
Date: Wed Mar 30 19:30:20 2016
New Revision: 1737157

URL: http://svn.apache.org/viewvc?rev=1737157&view=rev
Log:
Add the code (commented out else it will cause problems on systems without the 
method) to set the certificate chain when using NIO/NIO2 + OpenSSL + JSSE config

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1737157&r1=1737156&r2=1737157&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
Wed Mar 30 19:30:20 2016
@@ -322,12 +322,20 @@ public class OpenSSLContext implements o
             } else {
                 X509KeyManager keyManager = chooseKeyManager(kms);
                 String alias = certificate.getCertificateKeyAlias();
-                X509Certificate certificate = 
keyManager.getCertificateChain(alias)[0];
+                X509Certificate[] chain = 
keyManager.getCertificateChain(alias);
                 PrivateKey key = keyManager.getPrivateKey(alias);
                 StringBuilder sb = new StringBuilder(BEGIN_KEY);
                 sb.append(Base64.getMimeEncoder(64, new byte[] 
{'\n'}).encodeToString(key.getEncoded()));
                 sb.append(END_KEY);
-                SSLContext.setCertificateRaw(ctx, certificate.getEncoded(), 
sb.toString().getBytes(StandardCharsets.US_ASCII), SSL.SSL_AIDX_RSA);
+                SSLContext.setCertificateRaw(ctx, chain[0].getEncoded(), 
sb.toString().getBytes(StandardCharsets.US_ASCII), SSL.SSL_AIDX_RSA);
+                /*
+                 * Uncomment the code block below once there has been a 
tc-native
+                 * release with this method and the minimum tc-native version
+                 * has been incremented.
+                for (int i = 1; i < chain.length; i++) {
+                    SSLContext.addChainCertificateRaw(ctx, 
chain[i].getEncoded());
+                }
+                */
             }
             // Client certificate verification
             int value = 0;



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org