You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2016/08/02 23:13:59 UTC
svn commit: r1755009 - in /tomcat/trunk:
java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
webapps/docs/changelog.xml
Author: remm
Date: Tue Aug 2 23:13:59 2016
New Revision: 1755009
URL: http://svn.apache.org/viewvc?rev=1755009&view=rev
Log:
59910: Don't hardcode a key alias, JSSE can avoid using it.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java Tue Aug 2 23:13:59 2016
@@ -52,7 +52,7 @@ public class SSLHostConfigCertificate im
private String certificateKeyPassword = null;
// JSSE
- private String certificateKeyAlias = "tomcat";
+ private String certificateKeyAlias;
private String certificateKeystorePassword = "changeit";
private String certificateKeystoreFile = System.getProperty("user.home")+"/.keystore";
private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER;
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Tue Aug 2 23:13:59 2016
@@ -206,6 +206,9 @@ public class JSSEUtil extends SSLUtilBas
chain.addAll(certificateChainFile.getCertificates());
}
+ if (keyAlias == null) {
+ keyAlias = "tomcat";
+ }
ks.setKeyEntry(keyAlias, privateKeyFile.getPrivateKey(), keyPass.toCharArray(), chain.toArray(new Certificate[chain.size()]));
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Tue Aug 2 23:13:59 2016
@@ -267,6 +267,9 @@ public class OpenSSLContext implements o
} else {
X509KeyManager keyManager = chooseKeyManager(kms);
String alias = certificate.getCertificateKeyAlias();
+ if (alias == null) {
+ alias = "tomcat";
+ }
X509Certificate[] chain = keyManager.getCertificateChain(alias);
PrivateKey key = keyManager.getPrivateKey(alias);
StringBuilder sb = new StringBuilder(BEGIN_KEY);
@@ -330,12 +333,17 @@ public class OpenSSLContext implements o
}
}
- private static JSSEKeyManager chooseKeyManager(KeyManager[] managers) throws Exception {
+ private static X509KeyManager chooseKeyManager(KeyManager[] managers) throws Exception {
for (KeyManager manager : managers) {
if (manager instanceof JSSEKeyManager) {
return (JSSEKeyManager) manager;
}
}
+ for (KeyManager manager : managers) {
+ if (manager instanceof X509KeyManager) {
+ return (X509KeyManager) manager;
+ }
+ }
throw new IllegalStateException(sm.getString("openssl.keyManagerMissing"));
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Aug 2 23:13:59 2016
@@ -107,6 +107,11 @@
keystores that broke the automatic conversion of OpenSSL style PEM
key and certificate files for use with JSSE TLS connectors. (markt)
</fix>
+ <fix>
+ <bug>59867</bug>: Don't hardcode key alias value to "tomcat" for JSSE.
+ When using a keystore, OpenSSL will still need default to though.
+ (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org