You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/12/16 14:46:08 UTC

[tomcat] branch master updated: Fix TLS config corruption via deprecated attributes

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new bbf0d08  Fix TLS config corruption via deprecated attributes
bbf0d08 is described below

commit bbf0d08ba0bfbe4eda24c465baebb707bb7aec35
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Dec 16 14:45:38 2019 +0000

    Fix TLS config corruption via deprecated attributes
    
    Corruption was possible if the deprecated attributes were used after the
    new SSLHostConfig[Certificate] were used.
---
 java/org/apache/tomcat/util/net/SSLHostConfig.java | 68 +++++++++++++++-------
 webapps/docs/changelog.xml                         |  6 ++
 2 files changed, 54 insertions(+), 20 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 943c598..0d817bf 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -209,9 +209,10 @@ public class SSLHostConfig implements Serializable {
 
     private void registerDefaultCertificate() {
         if (defaultCertificate == null) {
-            defaultCertificate = new SSLHostConfigCertificate(
+            SSLHostConfigCertificate defaultCertificate = new SSLHostConfigCertificate(
                     this, SSLHostConfigCertificate.Type.UNDEFINED);
-            certificates.add(defaultCertificate);
+            addCertificate(defaultCertificate);
+            this.defaultCertificate = defaultCertificate;
         }
     }
 
@@ -270,8 +271,11 @@ public class SSLHostConfig implements Serializable {
     // necessary to support the old configuration attributes (Tomcat 10?).
 
     public String getCertificateKeyPassword() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeyPassword();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeyPassword();
+        }
     }
     public void setCertificateKeyPassword(String certificateKeyPassword) {
         registerDefaultCertificate();
@@ -512,8 +516,11 @@ public class SSLHostConfig implements Serializable {
     // necessary to support the old configuration attributes (Tomcat 10?).
 
     public String getCertificateKeyAlias() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeyAlias();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeyAlias();
+        }
     }
     public void setCertificateKeyAlias(String certificateKeyAlias) {
         registerDefaultCertificate();
@@ -522,8 +529,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateKeystoreFile() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeystoreFile();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeystoreFile();
+        }
     }
     public void setCertificateKeystoreFile(String certificateKeystoreFile) {
         registerDefaultCertificate();
@@ -532,8 +542,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateKeystorePassword() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeystorePassword();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeystorePassword();
+        }
     }
     public void setCertificateKeystorePassword(String certificateKeystorePassword) {
         registerDefaultCertificate();
@@ -542,8 +555,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateKeystoreProvider() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeystoreProvider();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeystoreProvider();
+        }
     }
     public void setCertificateKeystoreProvider(String certificateKeystoreProvider) {
         registerDefaultCertificate();
@@ -552,8 +568,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateKeystoreType() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeystoreType();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeystoreType();
+        }
     }
     public void setCertificateKeystoreType(String certificateKeystoreType) {
         registerDefaultCertificate();
@@ -719,8 +738,11 @@ public class SSLHostConfig implements Serializable {
     // necessary to support the old configuration attributes (Tomcat 10?).
 
     public String getCertificateChainFile() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateChainFile();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateChainFile();
+        }
     }
     public void setCertificateChainFile(String certificateChainFile) {
         registerDefaultCertificate();
@@ -729,8 +751,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateFile() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateFile();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateFile();
+        }
     }
     public void setCertificateFile(String certificateFile) {
         registerDefaultCertificate();
@@ -739,8 +764,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateKeyFile() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeyFile();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeyFile();
+        }
     }
     public void setCertificateKeyFile(String certificateKeyFile) {
         registerDefaultCertificate();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e75c7d3..4e62349 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -71,6 +71,12 @@
         Ensure that Servlet Asynchronous processing timeouts fire when requests
         are made using HTTP/2. (markt)
       </fix>
+      <fix>
+        Fix the corrupton of the TLS configuration when using the deprecated TLS
+        attributes on the Connector if the configuration has already been set
+        via the new <code>SSLHostConfig</code> and
+        <code>SSLHostConfigCertificate</code> elements. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org