You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2016/08/02 23:13:59 UTC

svn commit: r1755009 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java java/org/apache/tomcat/util/net/jsse/JSSEUtil.java java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java webapps/docs/changelog.xml

Author: remm
Date: Tue Aug  2 23:13:59 2016
New Revision: 1755009

URL: http://svn.apache.org/viewvc?rev=1755009&view=rev
Log:
59910: Don't hardcode a key alias, JSSE can avoid using it.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java Tue Aug  2 23:13:59 2016
@@ -52,7 +52,7 @@ public class SSLHostConfigCertificate im
     private String certificateKeyPassword = null;
 
     // JSSE
-    private String certificateKeyAlias = "tomcat";
+    private String certificateKeyAlias;
     private String certificateKeystorePassword = "changeit";
     private String certificateKeystoreFile = System.getProperty("user.home")+"/.keystore";
     private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER;

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Tue Aug  2 23:13:59 2016
@@ -206,6 +206,9 @@ public class JSSEUtil extends SSLUtilBas
                 chain.addAll(certificateChainFile.getCertificates());
             }
 
+            if (keyAlias == null) {
+                keyAlias = "tomcat";
+            }
             ks.setKeyEntry(keyAlias, privateKeyFile.getPrivateKey(), keyPass.toCharArray(), chain.toArray(new Certificate[chain.size()]));
         }
 

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Tue Aug  2 23:13:59 2016
@@ -267,6 +267,9 @@ public class OpenSSLContext implements o
             } else {
                 X509KeyManager keyManager = chooseKeyManager(kms);
                 String alias = certificate.getCertificateKeyAlias();
+                if (alias == null) {
+                    alias = "tomcat";
+                }
                 X509Certificate[] chain = keyManager.getCertificateChain(alias);
                 PrivateKey key = keyManager.getPrivateKey(alias);
                 StringBuilder sb = new StringBuilder(BEGIN_KEY);
@@ -330,12 +333,17 @@ public class OpenSSLContext implements o
         }
     }
 
-    private static JSSEKeyManager chooseKeyManager(KeyManager[] managers) throws Exception {
+    private static X509KeyManager chooseKeyManager(KeyManager[] managers) throws Exception {
         for (KeyManager manager : managers) {
             if (manager instanceof JSSEKeyManager) {
                 return (JSSEKeyManager) manager;
             }
         }
+        for (KeyManager manager : managers) {
+            if (manager instanceof X509KeyManager) {
+                return (X509KeyManager) manager;
+            }
+        }
         throw new IllegalStateException(sm.getString("openssl.keyManagerMissing"));
     }
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Aug  2 23:13:59 2016
@@ -107,6 +107,11 @@
         keystores that broke the automatic conversion of OpenSSL style PEM
         key and certificate files for use with JSSE TLS connectors. (markt)
       </fix>
+      <fix>
+        <bug>59867</bug>: Don't hardcode key alias value to "tomcat" for JSSE.
+        When using a keystore, OpenSSL will still need default to though.
+        (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org