svn commit: r1809263 - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/JSSEUtil.java webapps/docs/changelog.xml

Fri, 22 Sep 2017 00:10:17 -0700 

Author: markt
Date: Fri Sep 22 07:09:59 2017
New Revision: 1809263

URL: http://svn.apache.org/viewvc?rev=1809263&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61557
Correct a further regression in the fix to enable the use of Java key stores 
that contain multiple keys that do not all have the same password. The 
regression broke support for some FIPS compliant key stores.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1809263&r1=1809262&r2=1809263&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Fri Sep 22 
07:09:59 2017
@@ -241,7 +241,13 @@ public class JSSEUtil extends SSLUtilBas
             Key k = ks.getKey(keyAlias, keyPassArray);
             if (k != null && "PKCS#8".equalsIgnoreCase(k.getFormat())) {
                 // Switch to in-memory key store
-                ksUsed = KeyStore.getInstance("JKS");
+                String provider = certificate.getCertificateKeystoreProvider();
+                if (provider == null) {
+                    ksUsed = 
KeyStore.getInstance(certificate.getCertificateKeystoreType());
+                } else {
+                    ksUsed = 
KeyStore.getInstance(certificate.getCertificateKeystoreType(),
+                            provider);
+                }
                 ksUsed.load(null,  null);
                 ksUsed.setKeyEntry(keyAlias, k, keyPassArray, 
ks.getCertificateChain(keyAlias));
             }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1809263&r1=1809262&r2=1809263&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Sep 22 07:09:59 2017
@@ -89,6 +89,12 @@
       <update>
         Add a way to set the property source in embedded mode. (remm)
       </update>
+      <fix>
+        <bug>61557</bug>: Correct a further regression in the fix to enable the
+        use of Java key stores that contain multiple keys that do not all have
+        the same password. The regression broke support for some FIPS compliant
+        key stores. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to