You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/12/16 14:46:08 UTC
[tomcat] branch master updated: Fix TLS config corruption via
deprecated attributes
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new bbf0d08 Fix TLS config corruption via deprecated attributes
bbf0d08 is described below
commit bbf0d08ba0bfbe4eda24c465baebb707bb7aec35
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Dec 16 14:45:38 2019 +0000
Fix TLS config corruption via deprecated attributes
Corruption was possible if the deprecated attributes were used after the
new SSLHostConfig[Certificate] were used.
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 68 +++++++++++++++-------
webapps/docs/changelog.xml | 6 ++
2 files changed, 54 insertions(+), 20 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 943c598..0d817bf 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -209,9 +209,10 @@ public class SSLHostConfig implements Serializable {
private void registerDefaultCertificate() {
if (defaultCertificate == null) {
- defaultCertificate = new SSLHostConfigCertificate(
+ SSLHostConfigCertificate defaultCertificate = new SSLHostConfigCertificate(
this, SSLHostConfigCertificate.Type.UNDEFINED);
- certificates.add(defaultCertificate);
+ addCertificate(defaultCertificate);
+ this.defaultCertificate = defaultCertificate;
}
}
@@ -270,8 +271,11 @@ public class SSLHostConfig implements Serializable {
// necessary to support the old configuration attributes (Tomcat 10?).
public String getCertificateKeyPassword() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeyPassword();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeyPassword();
+ }
}
public void setCertificateKeyPassword(String certificateKeyPassword) {
registerDefaultCertificate();
@@ -512,8 +516,11 @@ public class SSLHostConfig implements Serializable {
// necessary to support the old configuration attributes (Tomcat 10?).
public String getCertificateKeyAlias() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeyAlias();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeyAlias();
+ }
}
public void setCertificateKeyAlias(String certificateKeyAlias) {
registerDefaultCertificate();
@@ -522,8 +529,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateKeystoreFile() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeystoreFile();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeystoreFile();
+ }
}
public void setCertificateKeystoreFile(String certificateKeystoreFile) {
registerDefaultCertificate();
@@ -532,8 +542,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateKeystorePassword() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeystorePassword();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeystorePassword();
+ }
}
public void setCertificateKeystorePassword(String certificateKeystorePassword) {
registerDefaultCertificate();
@@ -542,8 +555,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateKeystoreProvider() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeystoreProvider();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeystoreProvider();
+ }
}
public void setCertificateKeystoreProvider(String certificateKeystoreProvider) {
registerDefaultCertificate();
@@ -552,8 +568,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateKeystoreType() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeystoreType();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeystoreType();
+ }
}
public void setCertificateKeystoreType(String certificateKeystoreType) {
registerDefaultCertificate();
@@ -719,8 +738,11 @@ public class SSLHostConfig implements Serializable {
// necessary to support the old configuration attributes (Tomcat 10?).
public String getCertificateChainFile() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateChainFile();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateChainFile();
+ }
}
public void setCertificateChainFile(String certificateChainFile) {
registerDefaultCertificate();
@@ -729,8 +751,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateFile() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateFile();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateFile();
+ }
}
public void setCertificateFile(String certificateFile) {
registerDefaultCertificate();
@@ -739,8 +764,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateKeyFile() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeyFile();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeyFile();
+ }
}
public void setCertificateKeyFile(String certificateKeyFile) {
registerDefaultCertificate();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e75c7d3..4e62349 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -71,6 +71,12 @@
Ensure that Servlet Asynchronous processing timeouts fire when requests
are made using HTTP/2. (markt)
</fix>
+ <fix>
+ Fix the corrupton of the TLS configuration when using the deprecated TLS
+ attributes on the Connector if the configuration has already been set
+ via the new <code>SSLHostConfig</code> and
+ <code>SSLHostConfigCertificate</code> elements. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org