This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new be499209a9 Port Fix BZ 67666 - Fix PEM files and
TLSCertificateReloadListener
be499209a9 is described below
commit be499209a90299371fc882d792ae313684d20858
Author: remm <r...@apache.org>
AuthorDate: Wed Oct 25 00:09:47 2023 +0200
Port Fix BZ 67666 - Fix PEM files and TLSCertificateReloadListener
---
.../util/net/openssl/panama/OpenSSLContext.java | 8 +++++---
.../tomcat/util/net/openssl/panama/OpenSSLUtil.java | 20 --------------------
2 files changed, 5 insertions(+), 23 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index aedac6c61f..3dfdfc1a6b 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -70,6 +70,7 @@ import
org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
import org.apache.tomcat.util.net.openssl.OpenSSLConf;
import org.apache.tomcat.util.net.openssl.OpenSSLConfCmd;
import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
+import org.apache.tomcat.util.net.openssl.OpenSSLUtil;
import org.apache.tomcat.util.res.StringManager;
public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
@@ -576,9 +577,10 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
}
- if (certificate.getCertificateFile() == null) {
-
certificate.setCertificateKeyManager(OpenSSLUtil.chooseKeyManager(kms));
- }
+ // If there is no certificate file must be using a KeyStore so a
KeyManager is required.
+ // If there is a certificate file a KeyManager is helpful but not
strictly necessary.
+ certificate.setCertificateKeyManager(
+ OpenSSLUtil.chooseKeyManager(kms,
certificate.getCertificateFile() == null));
success = addCertificate(certificate, localArena);
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
index 781dd4889a..6080dfdfb4 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
@@ -22,14 +22,12 @@ import java.util.List;
import java.util.Set;
import javax.net.ssl.KeyManager;
-import javax.net.ssl.X509KeyManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.SSLContext;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLUtilBase;
-import org.apache.tomcat.util.net.jsse.JSSEKeyManager;
import org.apache.tomcat.util.res.StringManager;
public class OpenSSLUtil extends SSLUtilBase {
@@ -74,24 +72,6 @@ public class OpenSSLUtil extends SSLUtilBase {
}
- public static X509KeyManager chooseKeyManager(KeyManager[] managers)
throws Exception {
- if (managers == null) {
- return null;
- }
- for (KeyManager manager : managers) {
- if (manager instanceof JSSEKeyManager) {
- return (JSSEKeyManager) manager;
- }
- }
- for (KeyManager manager : managers) {
- if (manager instanceof X509KeyManager) {
- return (X509KeyManager) manager;
- }
- }
- throw new
IllegalStateException(sm.getString("openssl.keyManagerMissing"));
- }
-
-
@Override
public KeyManager[] getKeyManagers() throws Exception {
try {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
