(tomcat) branch main updated: Follow-up to PR #912

Thu, 30 Oct 2025 07:53:39 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new c19b057886 Follow-up to PR #912
c19b057886 is described below

commit c19b05788690813876a1e210a18abb56258293ff
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Oct 30 14:52:03 2025 +0000

    Follow-up to PR #912
---
 .../apache/tomcat/util/net/openssl/OpenSSLCertificateVerifier.java  | 6 ++++--
 webapps/docs/changelog.xml                                          | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git 
a/java/org/apache/tomcat/util/net/openssl/OpenSSLCertificateVerifier.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLCertificateVerifier.java
index 6eede5eee6..04b000ec54 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLCertificateVerifier.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLCertificateVerifier.java
@@ -28,7 +28,7 @@ import org.apache.tomcat.util.res.StringManager;
 public class OpenSSLCertificateVerifier implements CertificateVerifier {
 
     private static final Log log = 
LogFactory.getLog(OpenSSLCertificateVerifier.class);
-    private static final StringManager sm = 
StringManager.getManager(OpenSSLContext.class);
+    private static final StringManager sm = 
StringManager.getManager(OpenSSLCertificateVerifier.class);
 
     private final X509TrustManager x509TrustManager;
 
@@ -43,7 +43,9 @@ public class OpenSSLCertificateVerifier implements 
CertificateVerifier {
             x509TrustManager.checkClientTrusted(peerCerts, auth);
             return true;
         } catch (Exception e) {
-            log.debug(sm.getString("openssl.certificateVerificationFailed"), 
e);
+            if (log.isDebugEnabled()) {
+                
log.debug(sm.getString("openssl.certificateVerificationFailed"), e);
+            }
         }
         return false;
     }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 66cc58e3f4..d16f529d7d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -218,6 +218,10 @@
       <fix>
         Graceful failure for OCSP on BoringSSL in the FFM code. (remm)
       </fix>
+      <fix>
+        <bug>69866</bug>: Fix a memory leak when using a trust store with the
+        OpenSSL provider. Pull request <pr>912</pr> by aogburn. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to