[tomcat] branch 8.5.x updated: Refactor fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63205

Wed, 03 Jul 2019 14:22:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new c4c62d4  Refactor fix for 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63205
c4c62d4 is described below

commit c4c62d48cfb27a4c3f625436fd2b2da5942c2936
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jul 3 22:20:19 2019 +0100

    Refactor fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63205
    
    JRE bug only applies to PKCS12 so only use with workaround with PKCS12
    keystores due to regressions with other keystore types
---
 java/org/apache/tomcat/util/security/KeyStoreUtil.java | 6 +++---
 webapps/docs/changelog.xml                             | 5 +++++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/security/KeyStoreUtil.java 
b/java/org/apache/tomcat/util/security/KeyStoreUtil.java
index c58245d..862ef22 100644
--- a/java/org/apache/tomcat/util/security/KeyStoreUtil.java
+++ b/java/org/apache/tomcat/util/security/KeyStoreUtil.java
@@ -52,9 +52,7 @@ public class KeyStoreUtil {
      */
     public static void load(KeyStore keystore, InputStream is, char[] 
storePass)
             throws NoSuchAlgorithmException, CertificateException, IOException 
{
-        if (is == null) {
-            keystore.load(null, storePass);
-        } else {
+        if (keystore.getType().equals("PKCS12")) {
             ByteArrayOutputStream baos = new ByteArrayOutputStream();
             byte[] buf = new byte[8192];
             int numRead;
@@ -67,6 +65,8 @@ public class KeyStoreUtil {
             ByteArrayInputStream bais = new 
ByteArrayInputStream(baos.toByteArray());
 
             keystore.load(bais, storePass);
+        } else {
+            keystore.load(is, storePass);
         }
     }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e622fd0..781ee9a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,11 @@
         Fix to avoid the possibility of long poll times for individual pollers
         when using mutliple pollers with APR. (markt)
       </fix>
+      <fix>
+        Refactor the fix for <bug>63205</bug> so it only applies when using
+        PKCS12 keystores as regressions have been reported with some other
+        keystore types. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to