You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2020/02/15 12:28:00 UTC
[tomcat] branch 9.0.x updated: 64141: Allow overriding JVM trust
store
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new dc77c81 64141: Allow overriding JVM trust store
dc77c81 is described below
commit dc77c818d7b62f88af88b555a802ddf94bc1891a
Author: remm <re...@apache.org>
AuthorDate: Sat Feb 15 13:21:53 2020 +0100
64141: Allow overriding JVM trust store
If using a CA certificate, remove a default value for the trust store
file when not using a JSSE configuration.
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 25 +++++++++++++++++++---
webapps/docs/changelog.xml | 4 ++++
2 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 0d817bf..936accc 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -151,15 +151,24 @@ public class SSLHostConfig implements Serializable {
}
- void setProperty(String name, Type configType) {
+ /**
+ * Set property which belongs to the specified configuration type.
+ * @param name the property name
+ * @param configType the configuration type
+ * @return true if the property belongs to the current configuration,
+ * and false otherwise
+ */
+ boolean setProperty(String name, Type configType) {
if (this.configType == null) {
this.configType = configType;
} else {
if (configType != this.configType) {
log.warn(sm.getString("sslHostConfig.mismatch",
name, getHostName(), configType, this.configType));
+ return false;
}
}
+ return true;
}
@@ -788,7 +797,12 @@ public class SSLHostConfig implements Serializable {
public void setCaCertificateFile(String caCertificateFile) {
- setProperty("caCertificateFile", Type.OPENSSL);
+ if (setProperty("caCertificateFile", Type.OPENSSL)) {
+ // Reset default JSSE trust store if not a JSSE configuration
+ if (truststoreFile != null) {
+ truststoreFile = null;
+ }
+ }
this.caCertificateFile = caCertificateFile;
}
@@ -799,7 +813,12 @@ public class SSLHostConfig implements Serializable {
public void setCaCertificatePath(String caCertificatePath) {
- setProperty("caCertificatePath", Type.OPENSSL);
+ if (setProperty("caCertificatePath", Type.OPENSSL)) {
+ // Reset default JSSE trust store if not a JSSE configuration
+ if (truststoreFile != null) {
+ truststoreFile = null;
+ }
+ }
this.caCertificatePath = caCertificatePath;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 18dede0..ed478e1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -74,6 +74,10 @@
performed, the read/write would time out rather than return immediately.
(markt)
</fix>
+ <fix>
+ <bug>64141</bug>: If using a CA certificate, remove a default value
+ for the truststore file when not using a JSSE configuration. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org