You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/04/26 21:17:56 UTC

svn commit: r1741080 - in /tomcat/trunk: java/org/apache/catalina/core/AprLifecycleListener.java java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java webapps/docs/changelog.xml

Author: markt
Date: Tue Apr 26 19:17:55 2016
New Revision: 1741080

URL: http://svn.apache.org/viewvc?rev=1741080&view=rev
Log:
Make the TLS certificate chain available to clients when using JSSE+OpenSSL with the certificate chain stored in a Java KeyStore.

Modified:
    tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java?rev=1741080&r1=1741079&r2=1741080&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java Tue Apr 26 19:17:55 2016
@@ -66,9 +66,9 @@ public class AprLifecycleListener
 
     protected static final int TCN_REQUIRED_MAJOR = 1;
     protected static final int TCN_REQUIRED_MINOR = 2;
-    protected static final int TCN_REQUIRED_PATCH = 2;
+    protected static final int TCN_REQUIRED_PATCH = 6;
     protected static final int TCN_RECOMMENDED_MINOR = 2;
-    protected static final int TCN_RECOMMENDED_PV = 2;
+    protected static final int TCN_RECOMMENDED_PV = 6;
 
 
     // ---------------------------------------------- Properties

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1741080&r1=1741079&r2=1741080&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Tue Apr 26 19:17:55 2016
@@ -273,14 +273,9 @@ public class OpenSSLContext implements o
                 sb.append(Base64.getMimeEncoder(64, new byte[] {'\n'}).encodeToString(key.getEncoded()));
                 sb.append(END_KEY);
                 SSLContext.setCertificateRaw(ctx, chain[0].getEncoded(), sb.toString().getBytes(StandardCharsets.US_ASCII), SSL.SSL_AIDX_RSA);
-                /*
-                 * Uncomment the code block below once there has been a tc-native
-                 * release with this method and the minimum tc-native version
-                 * has been incremented.
                 for (int i = 1; i < chain.length; i++) {
                     SSLContext.addChainCertificateRaw(ctx, chain[i].getEncoded());
                 }
-                */
             }
             // Client certificate verification
             int value = 0;

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1741080&r1=1741079&r2=1741080&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Apr 26 19:17:55 2016
@@ -209,6 +209,11 @@
         <bug>59295</bug>: Add support for using pem encoded certificates with
         JSSE SSL. Submitted by Emmanuel Bourg with additional tweaks. (remm)
       </update>
+      <fix>
+        Make the TLS certificate chain available to clients when using
+        JSSE+OpenSSL with the certificate chain stored in a Java KeyStore.
+        (markt) 
+      </fix>
     </changelog>
   </subsection>
   <subsection name="WebSocket">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: svn commit: r1741080 - in /tomcat/trunk: java/org/apache/catalina/core/AprLifecycleListener.java java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java webapps/docs/changelog.xml

Posted by Rémy Maucherat <re...@apache.org>.

2016-04-26 21:17 GMT+02:00 <ma...@apache.org>:

> Author: markt
> Date: Tue Apr 26 19:17:55 2016
> New Revision: 1741080
>
> URL: http://svn.apache.org/viewvc?rev=1741080&view=rev
> Log:
> Make the TLS certificate chain available to clients when using
> JSSE+OpenSSL with the certificate chain stored in a Java KeyStore.
>
> Nice, I had completely forgotten this issue ...

Rémy