Author: markt
Date: Tue Apr 26 19:17:55 2016
New Revision: 1741080
URL: http://svn.apache.org/viewvc?rev=1741080&view=rev
Log:
Make the TLS certificate chain available to clients when using JSSE+OpenSSL
with the certificate chain stored in a Java KeyStore.
Modified:
tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java?rev=1741080&r1=1741079&r2=1741080&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java Tue
Apr 26 19:17:55 2016
@@ -66,9 +66,9 @@ public class AprLifecycleListener
protected static final int TCN_REQUIRED_MAJOR = 1;
protected static final int TCN_REQUIRED_MINOR = 2;
- protected static final int TCN_REQUIRED_PATCH = 2;
+ protected static final int TCN_REQUIRED_PATCH = 6;
protected static final int TCN_RECOMMENDED_MINOR = 2;
- protected static final int TCN_RECOMMENDED_PV = 2;
+ protected static final int TCN_RECOMMENDED_PV = 6;
// ---------------------------------------------- Properties
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1741080&r1=1741079&r2=1741080&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Tue Apr 26 19:17:55 2016
@@ -273,14 +273,9 @@ public class OpenSSLContext implements o
sb.append(Base64.getMimeEncoder(64, new byte[]
{'\n'}).encodeToString(key.getEncoded()));
sb.append(END_KEY);
SSLContext.setCertificateRaw(ctx, chain[0].getEncoded(),
sb.toString().getBytes(StandardCharsets.US_ASCII), SSL.SSL_AIDX_RSA);
- /*
- * Uncomment the code block below once there has been a
tc-native
- * release with this method and the minimum tc-native version
- * has been incremented.
for (int i = 1; i < chain.length; i++) {
SSLContext.addChainCertificateRaw(ctx,
chain[i].getEncoded());
}
- */
}
// Client certificate verification
int value = 0;
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1741080&r1=1741079&r2=1741080&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Apr 26 19:17:55 2016
@@ -209,6 +209,11 @@
<bug>59295</bug>: Add support for using pem encoded certificates with
JSSE SSL. Submitted by Emmanuel Bourg with additional tweaks. (remm)
</update>
+ <fix>
+ Make the TLS certificate chain available to clients when using
+ JSSE+OpenSSL with the certificate chain stored in a Java KeyStore.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="WebSocket">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
