You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/03/28 23:15:30 UTC
[tomcat] branch master updated: Fix regression for PKCS#8 private
keys with OpenSSL
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 294d13b Fix regression for PKCS#8 private keys with OpenSSL
294d13b is described below
commit 294d13b16f244a54df018dffb9fb47231dcbd26b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Mar 28 23:15:02 2019 +0000
Fix regression for PKCS#8 private keys with OpenSSL
---
java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java | 5 ++++-
webapps/docs/changelog.xml | 5 +++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
index 6878deb..74e115f 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
@@ -16,6 +16,7 @@
*/
package org.apache.tomcat.util.net.openssl;
+import java.io.IOException;
import java.security.KeyStoreException;
import java.util.List;
import java.util.Set;
@@ -102,7 +103,9 @@ public class OpenSSLUtil extends SSLUtilBase {
public KeyManager[] getKeyManagers() throws Exception {
try {
return super.getKeyManagers();
- } catch (KeyStoreException e) {
+ } catch (KeyStoreException | IOException e) {
+ // Depending on what is presented, JSSE may throw either of the
+ // above exceptions if it doesn't understand the provided file.
if (certificate.getCertificateFile() != null) {
if (log.isDebugEnabled()) {
log.info(sm.getString("openssl.nonJsseCertficate",
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index fcd55ed..67ae696 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,11 @@
a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and
instead dropped the connection. (markt)
</fix>
+ <fix>
+ Correct a regression in the TLS connector refactoring in Tomcat 9.0.17
+ that prevented the use of PKCS#8 private keys with OpenSSL based
+ connectors. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org