(tomcat) branch 10.1.x updated: Add missing catch when PEMFile fails to process some keys

Thu, 28 Aug 2025 02:15:05 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new 8c7547fcc6 Add missing catch when PEMFile fails to process some keys
8c7547fcc6 is described below

commit 8c7547fcc68f46747aa3afbfc9aab8d738fc3b11
Author: remm <[email protected]>
AuthorDate: Thu Aug 28 11:10:00 2025 +0200

    Add missing catch when PEMFile fails to process some keys
    
    The keys should still be handed out to OpenSSL, with appropriate
    logging.
---
 java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java        | 3 ++-
 java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java | 3 ++-
 webapps/docs/changelog.xml                                      | 8 ++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
index 25c5030981..1c31d7e970 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
@@ -17,6 +17,7 @@
 package org.apache.tomcat.util.net.openssl;
 
 import java.io.IOException;
+import java.security.KeyException;
 import java.security.KeyStoreException;
 import java.util.List;
 import java.util.Set;
@@ -115,7 +116,7 @@ public class OpenSSLUtil extends SSLUtilBase {
                 log.info(msg);
             }
             return null;
-        } catch (KeyStoreException | IOException e) {
+        } catch (KeyStoreException | KeyException | IOException e) {
             // Depending on what is presented, JSSE may also throw
             // KeyStoreException or IOException if it doesn't understand the
             // provided file.
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
index 3cc9bce6b6..3475190e5a 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
@@ -17,6 +17,7 @@
 package org.apache.tomcat.util.net.openssl.panama;
 
 import java.io.IOException;
+import java.security.KeyException;
 import java.security.KeyStoreException;
 import java.util.List;
 import java.util.Set;
@@ -85,7 +86,7 @@ public class OpenSSLUtil extends SSLUtilBase {
                 log.info(msg);
             }
             return null;
-        } catch (KeyStoreException | IOException e) {
+        } catch (KeyStoreException | KeyException | IOException e) {
             // Depending on what is presented, JSSE may also throw
             // KeyStoreException or IOException if it doesn't understand the
             // provided file.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7eb05ab6b1..f15269c73f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -119,6 +119,14 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        Ensure keys are handed out to OpenSSL even if <code>PEMFile</code>
+        fails to process it, with appropriate logging. (remm)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name = "Other">
     <changelog>
       <scode>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to