[tomcat] branch master updated: 64141: Allow overriding JVM trust store

[remm]

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new d14c5b4  64141: Allow overriding JVM trust store
d14c5b4 is described below

commit d14c5b409d08df88ab437f76334342b8f8094b44
Author: remm <r...@apache.org>
AuthorDate: Sat Feb 15 13:21:53 2020 +0100

    64141: Allow overriding JVM trust store
    
    If using a CA certificate, remove a default value for the trust store
    file when not using a JSSE configuration.
---
 java/org/apache/tomcat/util/net/SSLHostConfig.java | 26 +++++++++++++++++++---
 webapps/docs/changelog.xml                         |  4 ++++
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java 
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 4a8549d..724497f 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -151,15 +151,24 @@ public class SSLHostConfig implements Serializable {
     }
 
 
-    void setProperty(String name, Type configType) {
+    /**
+     * Set property which belongs to the specified configuration type.
+     * @param name the property name
+     * @param configType the configuration type
+     * @return true if the property belongs to the current confuguration,
+     *   and false otherwise
+     */
+    boolean setProperty(String name, Type configType) {
         if (this.configType == null) {
             this.configType = configType;
         } else {
             if (configType != this.configType) {
                 log.warn(sm.getString("sslHostConfig.mismatch",
                         name, getHostName(), configType, this.configType));
+                return false;
             }
         }
+        return true;
     }
 
 
@@ -662,7 +671,13 @@ public class SSLHostConfig implements Serializable {
 
 
     public void setCaCertificateFile(String caCertificateFile) {
-        setProperty("caCertificateFile", Type.OPENSSL);
+        if (setProperty("caCertificateFile", Type.OPENSSL)) {
+            // Reset default JSSE trust store if not a JSSE configuration
+            if (truststoreFile != null) {
+                System.out.println("RESET !!!!!!!!!!!!!!!!!");
+                truststoreFile = null;
+            }
+        }
         this.caCertificateFile = caCertificateFile;
     }
 
@@ -673,7 +688,12 @@ public class SSLHostConfig implements Serializable {
 
 
     public void setCaCertificatePath(String caCertificatePath) {
-        setProperty("caCertificatePath", Type.OPENSSL);
+        if (setProperty("caCertificatePath", Type.OPENSSL)) {
+            // Reset default JSSE trust store if not a JSSE configuration
+            if (truststoreFile != null) {
+                truststoreFile = null;
+            }
+        }
         this.caCertificatePath = caCertificatePath;
     }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 753fb4c..e0673d1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -51,6 +51,10 @@
         Fix support of native jakarta servlet attributes in AJP connector.
         (remm)
       </fix>
+      <fix>
+        <bug>64141</bug>: If using a CA certificate, remove a default value
+        for the truststore file when not using a JSSE configuration. (remm)
+      </fix>
     </changelog>
   </subsection>
 </section>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org