You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Jack <ja...@hotmail.com> on 2006/01/23 18:59:20 UTC

Is this a bug or not?

> Another of these useless messages and I will ban you.
Too bad to hear this.

Now I put everything here:
my ssl is ok, then I just add a new key to .keystore,
then my ssl doesn't work.
the client get the new key from the tomcat server.
after I delete the new key,
everything starts to work again.

With a little bit effort, i found that
In the getKeyManagers of org.apache.tomcat.util.net.jsse.JSSE14SocketFactory
we can see the following code:
        kms = kmf.getKeyManagers();
        if (keyAlias != null)
       {   if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType))
           {  keyAlias = keyAlias.toLowerCase();
            }
            for(int i=0; i<kms.length; i++)
            {   kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], 
keyAlias);
        }  }
        return kms;

When the keyAlias==null, we don't use our own JSSEKeyManager at all.
I believe that the for loop should be moved outside of the if statemet.

If I am right, pick it up.
If I am wrong, just let me know.
It is not my intention to spend my time to post useless messages.

jackzhp@hotmail.com




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org