This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new e87cf37 Avoid keystores with OpenSSL and regular certificates
e87cf37 is described below
commit e87cf37c16c162db6f6c546dcfd40dcc568bb648
Author: remm <[email protected]>
AuthorDate: Thu Mar 7 13:18:48 2019 +0100
Avoid keystores with OpenSSL and regular certificates
The new harmonization code always processes certificates through a
keystore, even if the certificates will later be simply given to
OpenSSL. The problem is that this then restricts certificates to those
that JSSE can process.
---
java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
index 3d1e0eb..514aef2 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
@@ -80,6 +80,9 @@ public class OpenSSLUtil extends SSLUtilBase {
public static X509KeyManager chooseKeyManager(KeyManager[] managers)
throws Exception {
+ if (managers == null) {
+ return null;
+ }
for (KeyManager manager : managers) {
if (manager instanceof JSSEKeyManager) {
return (JSSEKeyManager) manager;
@@ -92,4 +95,15 @@ public class OpenSSLUtil extends SSLUtilBase {
}
throw new
IllegalStateException(sm.getString("openssl.keyManagerMissing"));
}
+
+
+ @Override
+ public KeyManager[] getKeyManagers() throws Exception {
+ if (certificate.getCertificateFile() == null) {
+ return super.getKeyManagers();
+ } else {
+ return null;
+ }
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
