You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/07/03 21:22:45 UTC

[tomcat] branch 7.0.x updated: Refactor fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63205

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
     new a381fc2  Refactor fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63205
a381fc2 is described below

commit a381fc22a72c14afb7770aaed59063bdfc3342ec
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jul 3 22:20:19 2019 +0100

    Refactor fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63205
    
    JRE bug only applies to PKCS12 so only use with workaround with PKCS12
    keystores due to regressions with other keystore types
---
 java/org/apache/tomcat/util/security/KeyStoreUtil.java | 6 +++---
 webapps/docs/changelog.xml                             | 5 +++++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/security/KeyStoreUtil.java b/java/org/apache/tomcat/util/security/KeyStoreUtil.java
index c58245d..862ef22 100644
--- a/java/org/apache/tomcat/util/security/KeyStoreUtil.java
+++ b/java/org/apache/tomcat/util/security/KeyStoreUtil.java
@@ -52,9 +52,7 @@ public class KeyStoreUtil {
      */
     public static void load(KeyStore keystore, InputStream is, char[] storePass)
             throws NoSuchAlgorithmException, CertificateException, IOException {
-        if (is == null) {
-            keystore.load(null, storePass);
-        } else {
+        if (keystore.getType().equals("PKCS12")) {
             ByteArrayOutputStream baos = new ByteArrayOutputStream();
             byte[] buf = new byte[8192];
             int numRead;
@@ -67,6 +65,8 @@ public class KeyStoreUtil {
             ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
 
             keystore.load(bais, storePass);
+        } else {
+            keystore.load(is, storePass);
         }
     }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8c7c16b..66afc70 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -151,6 +151,11 @@
         Fix to avoid the possibility of long poll times for individual pollers
         when using mutliple pollers with APR. (markt)
       </fix>
+      <fix>
+        Refactor the fix for <bug>63205</bug> so it only applies when using
+        PKCS12 keystores as regressions have been reported with some other
+        keystore types. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org