This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new a370079465 Throw KeyManagementException on errors in SSLContext.init
a370079465 is described below
commit a37007946572010b7de3e4fbd72d0ec6094ced39
Author: remm <[email protected]>
AuthorDate: Sat Oct 26 00:36:56 2024 +0200
Throw KeyManagementException on errors in SSLContext.init
Align with JSSE.
---
java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java | 7 +++++--
.../org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 8 ++++++--
webapps/docs/changelog.xml | 7 +++++++
3 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index 42924c0413..a4fe9d7ac1 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -20,6 +20,7 @@ import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
@@ -302,9 +303,11 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
* @param tms Must contain a TrustManager of the type
* {@code X509TrustManager}
* @param sr Is not used for this implementation.
+ * @throws KeyManagementException if an error occurs
*/
@Override
- public synchronized void init(KeyManager[] kms, TrustManager[] tms,
SecureRandom sr) {
+ public synchronized void init(KeyManager[] kms, TrustManager[] tms,
SecureRandom sr)
+ throws KeyManagementException {
if (initialized) {
log.warn(sm.getString("openssl.doubleInit"));
return;
@@ -467,8 +470,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
sslHostConfig.setOpenSslContext(Long.valueOf(ctx));
initialized = true;
} catch (Exception e) {
- log.warn(sm.getString("openssl.errorSSLCtxInit"), e);
destroy();
+ throw new
KeyManagementException(sm.getString("openssl.errorSSLCtxInit"), e);
}
}
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 1823fd99e9..2fa18d1e6d 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -26,6 +26,7 @@ import java.lang.foreign.ValueLayout;
import java.lang.ref.Cleaner;
import java.lang.ref.Cleaner.Cleanable;
import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
@@ -456,14 +457,16 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
* @param tms Must contain a TrustManager of the type
* {@code X509TrustManager}
* @param sr Is not used for this implementation.
+ * @throws KeyManagementException if an error occurs
*/
@Override
- public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) {
+ public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr)
throws KeyManagementException {
if (initialized) {
log.warn(sm.getString("openssl.doubleInit"));
return;
}
boolean success = true;
+ Exception cause = null;
try (var localArena = Arena.ofConfined()) {
if (sslHostConfig.getInsecureRenegotiation()) {
openssl_h_Compatibility.SSL_CTX_set_options(state.sslCtx,
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION());
@@ -662,11 +665,12 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
sslHostConfig.setOpenSslContext(Long.valueOf(state.sslCtx.address()));
initialized = true;
} catch (Exception e) {
- log.warn(sm.getString("openssl.errorSSLCtxInit"), e);
+ cause = e;
success = false;
}
if (!success) {
destroy();
+ throw new
KeyManagementException(sm.getString("openssl.errorSSLCtxInit"), cause);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8a008e2ceb..cf11152a58 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -215,6 +215,13 @@
behavior was introduced on a previous refactoring to improve HTTP/2
performance. (remm)
</fix>
+ <fix>
+ <code>OpenSSLContext</code> will now throw a
+ <code>KeyManagementException</code> is something is known to have gone
+ wrong in the <code>init</code> method, which is the behavior
+ documented by <code>javax.net.ssl.SSLContext.init</code>. This makes
+ error handling more consistent. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Japser">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
