On Sat, Feb 15, 2020 at 2:22 PM <r...@apache.org> wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> remm pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
> new d14c5b4 64141: Allow overriding JVM trust store
> d14c5b4 is described below
>
> commit d14c5b409d08df88ab437f76334342b8f8094b44
> Author: remm <r...@apache.org>
> AuthorDate: Sat Feb 15 13:21:53 2020 +0100
>
> 64141: Allow overriding JVM trust store
>
> If using a CA certificate, remove a default value for the trust store
> file when not using a JSSE configuration.
> ---
> java/org/apache/tomcat/util/net/SSLHostConfig.java | 26
> +++++++++++++++++++---
> webapps/docs/changelog.xml | 4 ++++
> 2 files changed, 27 insertions(+), 3 deletions(-)
>
> diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
> b/java/org/apache/tomcat/util/net/SSLHostConfig.java
> index 4a8549d..724497f 100644
> --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
> +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
> @@ -151,15 +151,24 @@ public class SSLHostConfig implements Serializable {
> }
>
>
> - void setProperty(String name, Type configType) {
> + /**
> + * Set property which belongs to the specified configuration type.
> + * @param name the property name
> + * @param configType the configuration type
> + * @return true if the property belongs to the current confuguration,
> + * and false otherwise
> + */
> + boolean setProperty(String name, Type configType) {
> if (this.configType == null) {
> this.configType = configType;
> } else {
> if (configType != this.configType) {
> log.warn(sm.getString("sslHostConfig.mismatch",
> name, getHostName(), configType,
> this.configType));
> + return false;
> }
> }
> + return true;
> }
>
>
> @@ -662,7 +671,13 @@ public class SSLHostConfig implements Serializable {
>
>
> public void setCaCertificateFile(String caCertificateFile) {
> - setProperty("caCertificateFile", Type.OPENSSL);
> + if (setProperty("caCertificateFile", Type.OPENSSL)) {
> + // Reset default JSSE trust store if not a JSSE configuration
> + if (truststoreFile != null) {
> + System.out.println("RESET !!!!!!!!!!!!!!!!!");
>
Debug leftover.
> + truststoreFile = null;
> + }
> + }
> this.caCertificateFile = caCertificateFile;
> }
>
> @@ -673,7 +688,12 @@ public class SSLHostConfig implements Serializable {
>
>
> public void setCaCertificatePath(String caCertificatePath) {
> - setProperty("caCertificatePath", Type.OPENSSL);
> + if (setProperty("caCertificatePath", Type.OPENSSL)) {
> + // Reset default JSSE trust store if not a JSSE configuration
> + if (truststoreFile != null) {
> + truststoreFile = null;
> + }
> + }
> this.caCertificatePath = caCertificatePath;
> }
>
> diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
> index 753fb4c..e0673d1 100644
> --- a/webapps/docs/changelog.xml
> +++ b/webapps/docs/changelog.xml
> @@ -51,6 +51,10 @@
> Fix support of native jakarta servlet attributes in AJP connector.
> (remm)
> </fix>
> + <fix>
> + <bug>64141</bug>: If using a CA certificate, remove a default
> value
> + for the truststore file when not using a JSSE configuration.
> (remm)
> + </fix>
> </changelog>
> </subsection>
> </section>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>
