This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new e0bca1ca88 66009: Use getSubjectX500Principal().toString()
e0bca1ca88 is described below
commit e0bca1ca88f473067babff7e75a7b3a72d28c156
Author: remm <[email protected]>
AuthorDate: Thu Apr 14 10:41:48 2022 +0200
66009: Use getSubjectX500Principal().toString()
Although this is configurable, the default was not supposed to change
after resolving the deprecation warning.
getSubjectX500Principal().getName(...) does not have the same output as
getSubjectDN().getName() however, while
getSubjectX500Principal().toString() does.
---
java/org/apache/catalina/realm/X509SubjectDnRetriever.java | 4 +---
webapps/docs/changelog.xml | 6 ++++++
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
b/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
index d342154a3b..6636e810a1 100644
--- a/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
+++ b/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
@@ -18,8 +18,6 @@ package org.apache.catalina.realm;
import java.security.cert.X509Certificate;
-import javax.security.auth.x500.X500Principal;
-
/**
* An X509UsernameRetriever that returns a certificate's entire
* SubjectDN as the username.
@@ -28,6 +26,6 @@ public class X509SubjectDnRetriever implements
X509UsernameRetriever {
@Override
public String getUsername(X509Certificate clientCert) {
- return
clientCert.getSubjectX500Principal().getName(X500Principal.RFC1779);
+ return clientCert.getSubjectX500Principal().toString();
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 76db0f1f13..e220ccc140 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -112,6 +112,12 @@
<code>boundOnInit</code> is used on a connector, during the check
for client certificate authentication availability. (remm)
</fix>
+ <fix>
+ <bug>66009</bug>: Use <code>getSubjectX500Principal().toString()</code>
+ rather than <code>getSubjectX500Principal().getName(...)</code> to
+ retrieve a certificate DN, to match the output of the deprecated
+ <code>getSubjectDN().getName()</code> that was used previously. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
