(tomcat) branch 11.0.x updated: Better documentation for SSLHostConfig.truststoreProvider default

Wed, 29 Jan 2025 01:59:43 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/11.0.x by this push:
     new cf47e9f5e4 Better documentation for SSLHostConfig.truststoreProvider 
default
cf47e9f5e4 is described below

commit cf47e9f5e4bcaf53ce840a172dbdc4e41119dfc5
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jan 29 09:57:10 2025 +0000

    Better documentation for SSLHostConfig.truststoreProvider default
---
 webapps/docs/changelog.xml   | 5 +++++
 webapps/docs/config/http.xml | 9 +++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index feb77c567a..bc6b50132e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -253,6 +253,11 @@
         <code>mapperDirectoryRedirectEnabled</code> to <code>true</code>.
         (markt)
       </add>
+      <fix>
+        Documentation. Better document the default for the
+        <code>truststoreProvider</code> attribute of a
+        <code>SSLHostConfig</code> element. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 1400289003..1bf4517c4d 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1456,10 +1456,11 @@
       <p>The name of the truststore provider to be used for the server
       certificate. The default is the value of the
       <code>javax.net.ssl.trustStoreProvider</code> system property. If
-      that property is null, the value of <code>keystoreProvider</code> is used
-      as the default. If neither this attribute, the default system property 
nor
-      <code>keystoreProvider</code> is set, the list of registered providers is
-      traversed in preference order and the first provider that supports the
+      that property is null and a single certificate has been configured for
+      this TLS virtual host then default will be the the value of
+      <code>keystoreProvider</code> of the single certificate. If none of these
+      identify a default, the list of registered providers is traversed in
+      preference order and the first provider that supports the
       <code>truststoreType</code> is used.
       </p>
     </attribute>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to