This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 95ff3079b4 Avoid changing Type toString
95ff3079b4 is described below
commit 95ff3079b4f15bcdb92411949b0d797cda3b3ed4
Author: remm <[email protected]>
AuthorDate: Thu Sep 18 11:26:00 2025 +0200
Avoid changing Type toString
Changing toString could have some unintended consequences, as a result
use a dedicated getter for the key type.
Use SSLUtilBase.DEFAULT_KEY_ALIAS in the FFM code.
---
java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 3 +--
java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java | 2 +-
java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 7 ++++---
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index 79e533c088..fc35da5ee4 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -345,8 +345,7 @@ public class SSLHostConfigCertificate implements
Serializable {
return compatibleAuthentications.contains(scheme.getAuth());
}
- @Override
- public String toString() {
+ public String getKeyType() {
if (keyType != null) {
return keyType;
}
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index 599b9a5c64..55f7029336 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -523,7 +523,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
Iterator<Type> iter = candidateTypes.iterator();
while (result == null && iter.hasNext()) {
- result = keyManager.chooseServerAlias(iter.next().toString(),
null, null);
+ result = keyManager.chooseServerAlias(iter.next().getKeyType(),
null, null);
}
return result;
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 20e303ca24..67297bf752 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -59,6 +59,7 @@ import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfig.CertificateVerification;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
+import org.apache.tomcat.util.net.SSLUtilBase;
import org.apache.tomcat.util.net.openssl.OpenSSLConf;
import org.apache.tomcat.util.net.openssl.OpenSSLConfCmd;
import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
@@ -1180,7 +1181,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
String alias = certificate.getCertificateKeyAlias();
X509KeyManager x509KeyManager =
certificate.getCertificateKeyManager();
if (alias == null) {
- alias = "tomcat";
+ alias = SSLUtilBase.DEFAULT_KEY_ALIAS;
}
X509Certificate[] chain =
x509KeyManager.getCertificateChain(alias);
if (chain == null) {
@@ -1284,7 +1285,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
Iterator<Type> iter = candidateTypes.iterator();
while (result == null && iter.hasNext()) {
- result = keyManager.chooseServerAlias(iter.next().toString(),
null, null);
+ result = keyManager.chooseServerAlias(iter.next().getKeyType(),
null, null);
}
return result;
@@ -1344,7 +1345,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
X509KeyManager x509KeyManager = certificate.getCertificateKeyManager();
if (x509KeyManager != null) {
if (alias == null) {
- alias = "tomcat";
+ alias = SSLUtilBase.DEFAULT_KEY_ALIAS;
}
chain = x509KeyManager.getCertificateChain(alias);
if (chain == null) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
