[Bug 66635] New: AbstractEndpoint#logCertificate() prints incorrect information

Thu, 08 Jun 2023 23:58:27 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=66635

            Bug ID: 66635
           Summary: AbstractEndpoint#logCertificate() prints incorrect
                    information
           Product: Tomcat 8
           Version: 8.5.x-trunk
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ----

This applies to other Tomcat versions as well, but only verified in 8.5.
Coming from:
https://www.mail-archive.com/[email protected]/msg141656.html

Tomcat logs the following line:
> 2023-06-08T12:38:54.938 INFORMATION [main] 
> org.apache.tomcat.util.net.AbstractEndpoint.logCertificate Connector 
> [https-openssl-apr-8444], TLS virtual host [deblndw024v.ad001.siemens.net], 
> certificate type [RSA] configured from [/net/home/smartld/.keystore] using 
> alias [tomcat] and with trust store [null] 

But I have never configured a Java keystore, but solely use APR + OpenSSL style
config:
> <Connector port="8444" connectionTimeout="20000" keepAliveTimeout="300000" 
> maxParameterCount="1000"
>   maxHttpHeaderSize="24576" maxThreads="250"
>   SSLEnabled="true" scheme="https" secure="true"
>   defaultSSLHostConfigName="deblndw024v.ad001.siemens.net">
>   <SSLHostConfig hostName="deblndw024v.ad001.siemens.net" 
> protocols="TLSv1.2+TLSv1.3"
>     honorCipherOrder="true" disableSessionTickets="true"
>     
> ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA1:!SHA256:!SHA384">
>     <Certificate 
> certificateFile="/opt/openssl/deblndw024v.ad001.siemens.net/cert.crt"
>       certificateKeyFile="/opt/openssl/deblndw024v.ad001.siemens.net/key.crt"
>       certificateKeyPassword="..." type="RSA" />
>   </SSLHostConfig>
> </Connector>

The Java code emitting this message does not check for store type to print the
correct information. The keystore [/net/home/smartld/.keystore] does not exist.

The called class does differentiate internallyb between store types, so should
this printer.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to