You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/03/28 23:16:23 UTC

[tomcat] branch 8.5.x updated: Fix regression for PKCS#8 private keys with OpenSSL

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 8245479  Fix regression for PKCS#8 private keys with OpenSSL
8245479 is described below

commit 8245479675d068753232acdc9ef456e43fed8e8e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Mar 28 23:15:02 2019 +0000

    Fix regression for PKCS#8 private keys with OpenSSL
---
 java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java | 5 ++++-
 webapps/docs/changelog.xml                               | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
index 6878deb..74e115f 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
@@ -16,6 +16,7 @@
  */
 package org.apache.tomcat.util.net.openssl;
 
+import java.io.IOException;
 import java.security.KeyStoreException;
 import java.util.List;
 import java.util.Set;
@@ -102,7 +103,9 @@ public class OpenSSLUtil extends SSLUtilBase {
     public KeyManager[] getKeyManagers() throws Exception {
         try {
             return super.getKeyManagers();
-        } catch (KeyStoreException e) {
+        } catch (KeyStoreException | IOException e) {
+            // Depending on what is presented, JSSE may throw either of the
+            // above exceptions if it doesn't understand the provided file.
             if (certificate.getCertificateFile() != null) {
                 if (log.isDebugEnabled()) {
                     log.info(sm.getString("openssl.nonJsseCertficate",
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b482e9c..63a752b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -98,6 +98,11 @@
         a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and
         instead dropped the connection. (markt)
       </fix>
+      <fix>
+        Correct a regression in the TLS connector refactoring in Tomcat 9.0.17
+        that prevented the use of PKCS#8 private keys with OpenSSL based
+        connectors. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org