svn commit: r1834860 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java

Mon, 02 Jul 2018 08:47:59 -0700 

Author: markt
Date: Mon Jul  2 15:47:54 2018
New Revision: 1834860

URL: http://svn.apache.org/viewvc?rev=1834860&view=rev
Log:
Don't use in-memory certs with DKS key stores

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1834860&r1=1834859&r2=1834860&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Mon Jul  2 
15:47:54 2018
@@ -244,7 +244,8 @@ public class JSSEUtil extends SSLUtilBas
             }
 
             Key k = ks.getKey(keyAlias, keyPassArray);
-            if (k != null && "PKCS#8".equalsIgnoreCase(k.getFormat())) {
+            if (k != null && 
!"DKS".equalsIgnoreCase(certificate.getCertificateKeystoreType()) &&
+                    "PKCS#8".equalsIgnoreCase(k.getFormat())) {
                 // Switch to in-memory key store
                 String provider = certificate.getCertificateKeystoreProvider();
                 if (provider == null) {



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to