svn commit: r1804040 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SSLHostConfig.java webapps/docs/changelog.xml

Thu, 03 Aug 2017 12:33:05 -0700 

Author: markt
Date: Thu Aug  3 19:32:43 2017
New Revision: 1804040

URL: http://svn.apache.org/viewvc?rev=1804040&view=rev
Log:
If an invalid option is specified for the certificateVerification attribute of 
an SSLHostConfig element, treat it as required which is the most secure / 
restrictive option in addition to reporting the configuration error.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1804040&r1=1804039&r2=1804040&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Thu Aug  3 
19:32:43 2017
@@ -274,7 +274,15 @@ public class SSLHostConfig implements Se
 
 
     public void setCertificateVerification(String certificateVerification) {
-        this.certificateVerification = 
CertificateVerification.fromString(certificateVerification);
+        try {
+            this.certificateVerification =
+                    
CertificateVerification.fromString(certificateVerification);
+        } catch (IllegalArgumentException iae) {
+            // If the specified value is not recognised, default to the
+            // strictest possible option.
+            this.certificateVerification = CertificateVerification.REQUIRED;
+            throw iae;
+        }
     }
 
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1804040&r1=1804039&r2=1804040&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Aug  3 19:32:43 2017
@@ -45,6 +45,17 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 9.0.0.M27 (markt)" rtext="in development">
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        If an invalid option is specified for the
+        <code>certificateVerification</code> attribute of an
+        <code>SSLHostConfig</code> element, treat it as <code>required</code>
+        which is the most secure / restrictive option in addition to reporting
+        the configuration error. (markt)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 9.0.0.M26 (markt)" rtext="release in progress">
   <subsection name="Catalina">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to