This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 90de35fa32 Port BZ 67818: SSL#setVerify()/SSLContext#setVerify()
silently set undocumented default verify paths
90de35fa32 is described below
commit 90de35fa32b927b82dfb6992161a54192a56963a
Author: remm <r...@apache.org>
AuthorDate: Mon Oct 30 17:34:39 2023 +0100
Port BZ 67818: SSL#setVerify()/SSLContext#setVerify() silently set
undocumented default verify paths
---
.../org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 6 ------
1 file changed, 6 deletions(-)
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 81100fc323..90b2a97047 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -601,12 +601,6 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
break;
}
- // SSLContext.setVerify(state.ctx, value,
sslHostConfig.getCertificateVerificationDepth());
- if (SSL_CTX_set_default_verify_paths(state.sslCtx) > 0) {
- var store = SSL_CTX_get_cert_store(state.sslCtx);
- X509_STORE_set_flags(store, 0);
- }
-
// Set int verify_callback(int preverify_ok, X509_STORE_CTX
*x509_ctx) callback
var openSSLCallbackVerify =
Linker.nativeLinker().upcallStub(openSSLCallbackVerifyHandle,
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
