You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/09/22 07:09:59 UTC
svn commit: r1809263 - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/JSSEUtil.java webapps/docs/changelog.xml

Author: markt
Date: Fri Sep 22 07:09:59 2017
New Revision: 1809263

URL: http://svn.apache.org/viewvc?rev=1809263&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61557
Correct a further regression in the fix to enable the use of Java key stores that contain multiple keys that do not all have the same password. The regression broke support for some FIPS compliant key stores.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1809263&r1=1809262&r2=1809263&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Fri Sep 22 07:09:59 2017
@@ -241,7 +241,13 @@ public class JSSEUtil extends SSLUtilBas
             Key k = ks.getKey(keyAlias, keyPassArray);
             if (k != null && "PKCS#8".equalsIgnoreCase(k.getFormat())) {
                 // Switch to in-memory key store
-                ksUsed = KeyStore.getInstance("JKS");
+                String provider = certificate.getCertificateKeystoreProvider();
+                if (provider == null) {
+                    ksUsed = KeyStore.getInstance(certificate.getCertificateKeystoreType());
+                } else {
+                    ksUsed = KeyStore.getInstance(certificate.getCertificateKeystoreType(),
+                            provider);
+                }
                 ksUsed.load(null,  null);
                 ksUsed.setKeyEntry(keyAlias, k, keyPassArray, ks.getCertificateChain(keyAlias));
             }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1809263&r1=1809262&r2=1809263&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Sep 22 07:09:59 2017
@@ -89,6 +89,12 @@
       <update>
         Add a way to set the property source in embedded mode. (remm)
       </update>
+      <fix>
+        <bug>61557</bug>: Correct a further regression in the fix to enable the
+        use of Java key stores that contain multiple keys that do not all have
+        the same password. The regression broke support for some FIPS compliant
+        key stores. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org