(tomcat) branch main updated: Port BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths

remm Mon, 30 Oct 2023 09:35:24 -0700

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/main by this push:
     new 07a14381e0 Port BZ 67818: SSL#setVerify()/SSLContext#setVerify() 
silently set undocumented default verify paths
07a14381e0 is described below

commit 07a14381e0c4698d3a130eb13318ea4db1f0b5f1
Author: remm <[email protected]>
AuthorDate: Mon Oct 30 17:34:39 2023 +0100

    Port BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set
    undocumented default verify paths
---
 .../org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java   | 6 ------
 1 file changed, 6 deletions(-)

diff --git 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 65de58247e..dff89bb23b 100644
--- 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -600,12 +600,6 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                 break;
             }
 
-            // SSLContext.setVerify(state.ctx, value, 
sslHostConfig.getCertificateVerificationDepth());
-            if (SSL_CTX_set_default_verify_paths(state.sslCtx) > 0) {
-                var store = SSL_CTX_get_cert_store(state.sslCtx);
-                X509_STORE_set_flags(store, 0);
-            }
-
             // Set int verify_callback(int preverify_ok, X509_STORE_CTX 
*x509_ctx) callback
             var openSSLCallbackVerify =
                     
Linker.nativeLinker().upcallStub(openSSLCallbackVerifyHandle,


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(tomcat) branch main updated: Port BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set undocumented default verify paths

Reply via email to