You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/07/02 15:47:54 UTC
svn commit: r1834860 -
/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
Author: markt
Date: Mon Jul 2 15:47:54 2018
New Revision: 1834860
URL: http://svn.apache.org/viewvc?rev=1834860&view=rev
Log:
Don't use in-memory certs with DKS key stores
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1834860&r1=1834859&r2=1834860&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Mon Jul 2 15:47:54 2018
@@ -244,7 +244,8 @@ public class JSSEUtil extends SSLUtilBas
}
Key k = ks.getKey(keyAlias, keyPassArray);
- if (k != null && "PKCS#8".equalsIgnoreCase(k.getFormat())) {
+ if (k != null && !"DKS".equalsIgnoreCase(certificate.getCertificateKeystoreType()) &&
+ "PKCS#8".equalsIgnoreCase(k.getFormat())) {
// Switch to in-memory key store
String provider = certificate.getCertificateKeystoreProvider();
if (provider == null) {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org