On 06/05/2015 02:55, Konstantin Kolinko wrote: > 2015-05-05 22:48 GMT+03:00 <ma...@apache.org>: >> Author: markt >> Date: Tue May 5 19:48:53 2015 >> New Revision: 1677884 >> >> URL: http://svn.apache.org/r1677884 >> Log: >> Move alias, keystoreType and keystoreProvider to SSlHostConfig >> >> Modified: >> >> tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java >> tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java >> tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java >> tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java >> tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java >> tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >> tomcat/trunk/webapps/docs/config/http.xml >> > >> Modified: >> tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >> URL: >> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677884&r1=1677883&r2=1677884&view=diff >> ============================================================================== >> --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >> (original) >> +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >> Tue May 5 19:48:53 2015 >> @@ -337,13 +337,14 @@ public class JSSESocketFactory implement >> >> @Override >> public KeyManager[] getKeyManagers() throws Exception { >> - String keystoreType = endpoint.getKeystoreType(); >> + String keystoreType = sslHostConfig.getCertificateKeystoreType(); >> if (keystoreType == null) { >> keystoreType = defaultKeystoreType; >> } >> >> - return getKeyManagers(keystoreType, endpoint.getKeystoreProvider(), >> - sslHostConfig.getKeyManagerAlgorithm(), >> endpoint.getKeyAlias()); >> + return getKeyManagers(keystoreType, >> sslHostConfig.getCertificateKeystoreProvider(), >> + sslHostConfig.getKeyManagerAlgorithm(), >> + sslHostConfig.getCertificateKeyAlias()); >> } >> >> @Override >> @@ -353,7 +354,7 @@ public class JSSESocketFactory implement >> truststoreType = >> System.getProperty("javax.net.ssl.trustStoreType"); >> } >> if (truststoreType == null) { >> - truststoreType = endpoint.getKeystoreType(); >> + truststoreType = sslHostConfig.getCertificateKeystoreType(); >> } >> if (truststoreType == null) { >> truststoreType = defaultKeystoreType; >> @@ -364,7 +365,7 @@ public class JSSESocketFactory implement >> algorithm = TrustManagerFactory.getDefaultAlgorithm(); >> } >> >> - return getTrustManagers(truststoreType, >> endpoint.getKeystoreProvider(), >> + return getTrustManagers(truststoreType, >> sslHostConfig.getCertificateKeystoreProvider(), >> algorithm); >> } > > Noted when reviewing the above change. It was not introduced by this > commit, but existed before it. > > About the above "return getTrustManagers(truststoreType, " line: > > Reading documentation (config/http.html), there exists configuration > attribute "truststoreProvider". It is odd that the call uses > keystore Provider option instead of "truststoreProvider" as the second > argument to getTrustManagers().
I noticed that while I was working on the patch. Looking at it some more was on my TODO list. As far as I can tell, it is a bug in r1079387 that no-one has tripped over so far. This isn't really surprising as keyStoreProvider != trustStoreProvider is going to be rare. I'll get it fixed and back-ported. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
