alipsitz-sf commented on PR #673: URL: https://github.com/apache/tomcat/pull/673#issuecomment-2158656022
Hey, I'm not really good navigating Bugzilla, so I don't know if it's been reported already but it looks like this PR broke the `AbstractHttp11Protocol.reloadSslHostConfigs()` API when relying on the generatedSslContext. You can see in my screenshot on the left side that the SSL Context would ALWAYS be regenerated (when the keystore content changed, the newer version of the certificate chain in the keystore would be used). On the right side, the SSL Context will only be regenerated if `getSslContext()` is null, which will never happen in this use case since that getter falls back to the existing `sslContextGenerated` (newer certificate within the keystore is never used unless a user provided SSL Context is created). Two ideas that come to mind would be to either edit the if-condition `sslContext==null || sslContext.equals(certificate.getSslContextGenerated())` or add and call another getter `certificate.getSslContextProvided()`.  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
