(tomcat) branch 10.1.x updated: Better documentation for SSLHostConfig.truststoreProvider default

Wed, 29 Jan 2025 02:00:41 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new a45e03e550 Better documentation for SSLHostConfig.truststoreProvider 
default
a45e03e550 is described below

commit a45e03e55059c6d2b40e70de7f7f7c4d3eb73804
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Jan 29 09:57:10 2025 +0000

    Better documentation for SSLHostConfig.truststoreProvider default
---
 webapps/docs/changelog.xml   | 5 +++++
 webapps/docs/config/http.xml | 9 +++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 036519edb7..8ac8af009e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -244,6 +244,11 @@
         <code>mapperDirectoryRedirectEnabled</code> to <code>true</code>.
         (markt)
       </add>
+      <fix>
+        Documentation. Better document the default for the
+        <code>truststoreProvider</code> attribute of a
+        <code>SSLHostConfig</code> element. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index ecd31b7e24..9516af68aa 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1481,10 +1481,11 @@
       <p>The name of the truststore provider to be used for the server
       certificate. The default is the value of the
       <code>javax.net.ssl.trustStoreProvider</code> system property. If
-      that property is null, the value of <code>keystoreProvider</code> is used
-      as the default. If neither this attribute, the default system property 
nor
-      <code>keystoreProvider</code> is set, the list of registered providers is
-      traversed in preference order and the first provider that supports the
+      that property is null and a single certificate has been configured for
+      this TLS virtual host then default will be the the value of
+      <code>keystoreProvider</code> of the single certificate. If none of these
+      identify a default, the list of registered providers is traversed in
+      preference order and the first provider that supports the
       <code>truststoreType</code> is used.
       </p>
     </attribute>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to