(tomcat) 01/02: Drop the unused certificate index from the FFM code

[remm]

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0248b8adad8e968435379d9eb1275ca5a7e6a5d2
Author: remm <r...@apache.org>
AuthorDate: Fri Sep 12 14:18:34 2025 +0200

    Drop the unused certificate index from the FFM code
---
 .../util/net/openssl/panama/OpenSSLContext.java    | 22 ++--------------------
 1 file changed, 2 insertions(+), 20 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 2d7d654357..65bed73be4 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -875,7 +875,6 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 
 
     public boolean addCertificate(SSLHostConfigCertificate certificate, Arena 
localArena) throws Exception {
-        int index = getCertificateIndex(certificate);
         // Load Server key and certificate
         if (certificate.getCertificateFile() != null) {
             // Pick right key password
@@ -1027,8 +1026,8 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                     logLastError("openssl.errorPrivateKeyCheck");
                     return false;
                 }
-                // Try to read DH parameters from the (first) 
SSLCertificateFile
-                if (index == SSL_AIDX_RSA) {
+                // Try to read DH parameters from the SSLCertificateFile
+                if (certificate.getType() == Type.RSA) {
                     BIO_reset(certificateBIO);
                     if (!openssl_h_Compatibility.BORINGSSL) {
                         if (!openssl_h_Compatibility.OPENSSL3) {
@@ -1249,23 +1248,6 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
     }
 
 
-    private static int getCertificateIndex(SSLHostConfigCertificate 
certificate) {
-        int result;
-        // If the type is undefined there will only be one certificate 
(enforced
-        // in SSLHostConfig) so use the RSA slot.
-        if (certificate.getType() == Type.RSA || certificate.getType() == 
Type.UNDEFINED) {
-            result = SSL_AIDX_RSA;
-        } else if (certificate.getType() == Type.EC) {
-            result = SSL_AIDX_ECC;
-        } else if (certificate.getType() == Type.DSA) {
-            result = SSL_AIDX_DSA;
-        } else {
-            result = SSL_AIDX_MAX;
-        }
-        return result;
-    }
-
-
     /*
      * Find a valid alias when none was specified in the config.
      */


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org