You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/01/19 18:13:27 UTC
[tomcat] branch 10.1.x updated: Log basic information for each configured TLS cert when Tomcat starts
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new dfb802cd31 Log basic information for each configured TLS cert when Tomcat starts
dfb802cd31 is described below
commit dfb802cd317445868b9d50237cf73becb5828fc8
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 19 18:08:10 2023 +0000
Log basic information for each configured TLS cert when Tomcat starts
---
.../apache/tomcat/util/net/AbstractEndpoint.java | 26 ++++++++++++++++++++++
.../tomcat/util/net/AbstractJsseEndpoint.java | 1 +
.../apache/tomcat/util/net/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/SSLUtilBase.java | 4 +++-
webapps/docs/changelog.xml | 8 +++++++
5 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 2ce72e8acb..bdf94f28ac 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -357,6 +357,32 @@ public abstract class AbstractEndpoint<S,U> {
protected abstract void createSSLContext(SSLHostConfig sslHostConfig) throws Exception;
+ protected void logCertificate(SSLHostConfigCertificate certificate) {
+ SSLHostConfig sslHostConfig = certificate.getSSLHostConfig();
+
+ String certificateSource = certificate.getCertificateKeystoreFile();
+ if (certificateSource == null) {
+ certificateSource = certificate.getCertificateKeyFile();
+ }
+
+ String keyAlias = certificate.getCertificateKeyAlias();
+ if (keyAlias == null) {
+ keyAlias = SSLUtilBase.DEFAULT_KEY_ALIAS;
+ }
+
+ String trustStoreSource = sslHostConfig.getTruststoreFile();
+ if (trustStoreSource == null) {
+ trustStoreSource = sslHostConfig.getCaCertificateFile();
+ }
+ if (trustStoreSource == null) {
+ trustStoreSource = sslHostConfig.getCaCertificatePath();
+ }
+
+ getLog().info(sm.getString("endpoint.tls.info", getName(), sslHostConfig.getHostName(), certificate.getType(),
+ certificateSource, keyAlias, trustStoreSource));
+ }
+
+
protected void destroySsl() throws Exception {
if (isSSLEnabled()) {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index 43fc71db7a..261ed118c2 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -106,6 +106,7 @@ public abstract class AbstractJsseEndpoint<S,U> extends AbstractEndpoint<S,U> {
throw new IllegalArgumentException(e.getMessage(), e);
}
+ logCertificate(certificate);
certificate.setSslContext(sslContext);
}
}
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 847d01144a..dc7b9b9361 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -114,6 +114,7 @@ endpoint.setAttribute=Set [{0}] to [{1}]
endpoint.setAttributeError=Unable to set attribute [{0}] to [{1}]
endpoint.socketOptionsError=Error setting socket options
endpoint.timeout.err=Error processing socket timeout
+endpoint.tls.info=Connector [{0}], TLS virtual host [{1}], certificate type [{2}] configured from [{3}] using alias [{4}] and with trust store [{5}]
endpoint.unknownSslHostName=The SSL host name [{0}] is not recognised for this endpoint
endpoint.warn.executorShutdown=The executor associated with thread pool [{0}] has not fully shutdown. Some application threads may still be running.
endpoint.warn.incorrectConnectionCount=Incorrect connection count, multiple calls to socket.close for the same socket.
diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java b/java/org/apache/tomcat/util/net/SSLUtilBase.java
index 76b485654f..d6dc329278 100644
--- a/java/org/apache/tomcat/util/net/SSLUtilBase.java
+++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java
@@ -71,6 +71,8 @@ public abstract class SSLUtilBase implements SSLUtil {
private static final Log log = LogFactory.getLog(SSLUtilBase.class);
private static final StringManager sm = StringManager.getManager(SSLUtilBase.class);
+ protected static final String DEFAULT_KEY_ALIAS = "tomcat";
+
protected final SSLHostConfig sslHostConfig;
protected final SSLHostConfigCertificate certificate;
@@ -324,7 +326,7 @@ public abstract class SSLUtilBase implements SSLUtil {
}
if (keyAlias == null) {
- keyAlias = "tomcat";
+ keyAlias = DEFAULT_KEY_ALIAS;
}
// Switch to in-memory key store
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 039010e0b6..1558ef3159 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,14 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <add>
+ Log basic information for each configured TLS certificate when Tomcat
+ starts. (markt)
+ </add>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<update>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org