This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 3dd275020c Log basic information for each configured TLS cert when
Tomcat starts
3dd275020c is described below
commit 3dd275020c8d559812fdff3caa92df9337458008
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jan 19 18:08:10 2023 +0000
Log basic information for each configured TLS cert when Tomcat starts
---
.../apache/tomcat/util/net/AbstractEndpoint.java | 26 ++++++++++++++++++++++
.../tomcat/util/net/AbstractJsseEndpoint.java | 1 +
java/org/apache/tomcat/util/net/AprEndpoint.java | 1 +
.../apache/tomcat/util/net/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/SSLUtilBase.java | 4 +++-
webapps/docs/changelog.xml | 8 +++++++
6 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index bded5b63a3..ac7ba21bb5 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -366,6 +366,32 @@ public abstract class AbstractEndpoint<S,U> {
protected abstract void createSSLContext(SSLHostConfig sslHostConfig)
throws Exception;
+ protected void logCertificate(SSLHostConfigCertificate certificate) {
+ SSLHostConfig sslHostConfig = certificate.getSSLHostConfig();
+
+ String certificateSource = certificate.getCertificateKeystoreFile();
+ if (certificateSource == null) {
+ certificateSource = certificate.getCertificateKeyFile();
+ }
+
+ String keyAlias = certificate.getCertificateKeyAlias();
+ if (keyAlias == null) {
+ keyAlias = SSLUtilBase.DEFAULT_KEY_ALIAS;
+ }
+
+ String trustStoreSource = sslHostConfig.getTruststoreFile();
+ if (trustStoreSource == null) {
+ trustStoreSource = sslHostConfig.getCaCertificateFile();
+ }
+ if (trustStoreSource == null) {
+ trustStoreSource = sslHostConfig.getCaCertificatePath();
+ }
+
+ getLog().info(sm.getString("endpoint.tls.info", getName(),
sslHostConfig.getHostName(), certificate.getType(),
+ certificateSource, keyAlias, trustStoreSource));
+ }
+
+
protected void destroySsl() throws Exception {
if (isSSLEnabled()) {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index abbdba8e81..ab8767b10b 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -108,6 +108,7 @@ public abstract class AbstractJsseEndpoint<S,U> extends
AbstractEndpoint<S,U> {
throw new IllegalArgumentException(e.getMessage(), e);
}
+ logCertificate(certificate);
certificate.setSslContext(sslContext);
}
}
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index c30541f950..5c5b61fd3b 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -408,6 +408,7 @@ public class AprEndpoint extends
AbstractEndpoint<Long,Long> implements SNICallB
sslContext.addCertificate(certificate);
}
+ logCertificate(certificate);
certificate.setSslContext(sslContext);
}
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 18a006139b..ea7bdc04f7 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -127,6 +127,7 @@ endpoint.setAttribute=Set [{0}] to [{1}]
endpoint.setAttributeError=Unable to set attribute [{0}] to [{1}]
endpoint.socketOptionsError=Error setting socket options
endpoint.timeout.err=Error processing socket timeout
+endpoint.tls.info=Connector [{0}], TLS virtual host [{1}], certificate type
[{2}] configured from [{3}] using alias [{4}] and with trust store [{5}]
endpoint.unknownSslHostName=The SSL host name [{0}] is not recognised for this
endpoint
endpoint.warn.executorShutdown=The executor associated with thread pool [{0}]
has not fully shutdown. Some application threads may still be running.
endpoint.warn.incorrectConnectionCount=Incorrect connection count, multiple
calls to socket.close for the same socket.
diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java
b/java/org/apache/tomcat/util/net/SSLUtilBase.java
index 71e7e020d9..2b8cdd6618 100644
--- a/java/org/apache/tomcat/util/net/SSLUtilBase.java
+++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java
@@ -70,6 +70,8 @@ public abstract class SSLUtilBase implements SSLUtil {
private static final Log log = LogFactory.getLog(SSLUtilBase.class);
private static final StringManager sm =
StringManager.getManager(SSLUtilBase.class);
+ protected static final String DEFAULT_KEY_ALIAS = "tomcat";
+
protected final SSLHostConfig sslHostConfig;
protected final SSLHostConfigCertificate certificate;
@@ -324,7 +326,7 @@ public abstract class SSLUtilBase implements SSLUtil {
}
if (keyAlias == null) {
- keyAlias = "tomcat";
+ keyAlias = DEFAULT_KEY_ALIAS;
}
// Switch to in-memory key store
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b482d5d8ac..478d7f3251 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,14 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <add>
+ Log basic information for each configured TLS certificate when Tomcat
+ starts. (markt)
+ </add>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 8.5.85 (schultz)" rtext="release in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
