[tomcat] branch main updated: Align behaviour on MacOs with Linux/Windows

Wed, 01 Dec 2021 10:22:23 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 1320a0a  Align behaviour on MacOs with Linux/Windows
1320a0a is described below

commit 1320a0aa934bdc3a721201eea405c16592c61dac
Author: remm <r...@apache.org>
AuthorDate: Wed Dec 1 19:21:59 2021 +0100

    Align behaviour on MacOs with Linux/Windows
    
    Port of 41ec23a78bc0522db9cc5e4e1a71face73461109
---
 .../org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 4a56e39..e3c6f49 100644
--- 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -650,6 +650,12 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                         log.warn(sm.getString("openssl.noCACerts"));
                     }
                 }
+            } else {
+                // No CA certificates configured. Reject all client 
certificates.
+                MemoryAddress openSSLCallbackCertVerify =
+                        
CLinker.getInstance().upcallStub(openSSLCallbackCertVerifyHandle,
+                                openSSLCallbackCertVerifyFunctionDescriptor, 
contextScope);
+                SSL_CTX_set_cert_verify_callback(state.sslCtx, 
openSSLCallbackCertVerify, MemoryAddress.NULL);
             }
 
             if (state.negotiableProtocols != null && 
state.negotiableProtocols.size() > 0) {
@@ -813,7 +819,6 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
         }
         ContextState state = getState(param);
         if (state == null) {
-            log.warn(sm.getString("context.noSSL", 
Long.valueOf(param.toRawLongValue())));
             return 0;
         }
         MemoryAddress ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 
SSL_get_ex_data_X509_STORE_CTX_idx());

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to