You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/03/29 18:29:38 UTC

[tomcat] branch 10.0.x updated: replace deprecated getSubjectDN()

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
     new d4f7a9d  replace deprecated getSubjectDN()
d4f7a9d is described below

commit d4f7a9de8d87ad9280c4f5b59f287fceacba4b5d
Author: sim-lus <67...@users.noreply.github.com>
AuthorDate: Wed Mar 16 12:45:36 2022 +0100

    replace deprecated getSubjectDN()
    
    According to java spec, getSubjectDN() should not be used:
    "denigrated, replaced by getSubjectX500Principal(). This method returns the subject as an implementation specific Principal object, which should not be relied upon by portable code."
    
    Not sure if my proposed change is correct, at least it is probably not compatible for all use cases.
---
 java/org/apache/catalina/realm/X509SubjectDnRetriever.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/realm/X509SubjectDnRetriever.java b/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
index 7aa5a3a..1602c91 100644
--- a/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
+++ b/java/org/apache/catalina/realm/X509SubjectDnRetriever.java
@@ -26,6 +26,6 @@ public class X509SubjectDnRetriever implements X509UsernameRetriever {
 
     @Override
     public String getUsername(X509Certificate clientCert) {
-        return clientCert.getSubjectDN().getName();
+        return clientCert.getSubjectX500Principal().getName();
     }
 }

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org