This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 2f7618039f Add a note about a todo
2f7618039f is described below
commit 2f7618039f0f717ea1eea54ad6a85062195184a3
Author: remm <[email protected]>
AuthorDate: Thu Oct 26 17:11:06 2023 +0200
Add a note about a todo
Maybe repeated uses of PEM_read_bio_X509 on a memory BIO containing the
whole chain could work, and adding using SSL_CTX_add_extra_chain_cert.
---
java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 1 +
1 file changed, 1 insertion(+)
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 3dfdfc1a6b..ac1561639f 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -1199,6 +1199,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
// Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
+ // FIXME: Ideally this should be loaded in Java but still
processed through OpenSSL
var certificateChainFileNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()));
// SSLContext.setCertificateChainFile(state.ctx,
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
