You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/12/16 14:46:46 UTC
[tomcat] branch 8.5.x updated: Fix TLS config corruption via
deprecated attributes
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new d035de3 Fix TLS config corruption via deprecated attributes
d035de3 is described below
commit d035de3d0697b75ef4b38f93620f47940fd38a76
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Dec 16 14:45:38 2019 +0000
Fix TLS config corruption via deprecated attributes
Corruption was possible if the deprecated attributes were used after the
new SSLHostConfig[Certificate] were used.
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 68 +++++++++++++++-------
webapps/docs/changelog.xml | 6 ++
2 files changed, 54 insertions(+), 20 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 7545272..8e6ccce 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -212,9 +212,10 @@ public class SSLHostConfig implements Serializable {
private void registerDefaultCertificate() {
if (defaultCertificate == null) {
- defaultCertificate = new SSLHostConfigCertificate(
+ SSLHostConfigCertificate defaultCertificate = new SSLHostConfigCertificate(
this, SSLHostConfigCertificate.Type.UNDEFINED);
- certificates.add(defaultCertificate);
+ addCertificate(defaultCertificate);
+ this.defaultCertificate = defaultCertificate;
}
}
@@ -273,8 +274,11 @@ public class SSLHostConfig implements Serializable {
// necessary to support the old configuration attributes (Tomcat 10?).
public String getCertificateKeyPassword() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeyPassword();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeyPassword();
+ }
}
public void setCertificateKeyPassword(String certificateKeyPassword) {
registerDefaultCertificate();
@@ -523,8 +527,11 @@ public class SSLHostConfig implements Serializable {
// necessary to support the old configuration attributes (Tomcat 10?).
public String getCertificateKeyAlias() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeyAlias();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeyAlias();
+ }
}
public void setCertificateKeyAlias(String certificateKeyAlias) {
registerDefaultCertificate();
@@ -533,8 +540,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateKeystoreFile() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeystoreFile();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeystoreFile();
+ }
}
public void setCertificateKeystoreFile(String certificateKeystoreFile) {
registerDefaultCertificate();
@@ -543,8 +553,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateKeystorePassword() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeystorePassword();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeystorePassword();
+ }
}
public void setCertificateKeystorePassword(String certificateKeystorePassword) {
registerDefaultCertificate();
@@ -553,8 +566,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateKeystoreProvider() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeystoreProvider();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeystoreProvider();
+ }
}
public void setCertificateKeystoreProvider(String certificateKeystoreProvider) {
registerDefaultCertificate();
@@ -563,8 +579,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateKeystoreType() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeystoreType();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeystoreType();
+ }
}
public void setCertificateKeystoreType(String certificateKeystoreType) {
registerDefaultCertificate();
@@ -730,8 +749,11 @@ public class SSLHostConfig implements Serializable {
// necessary to support the old configuration attributes (Tomcat 10?).
public String getCertificateChainFile() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateChainFile();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateChainFile();
+ }
}
public void setCertificateChainFile(String certificateChainFile) {
registerDefaultCertificate();
@@ -740,8 +762,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateFile() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateFile();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateFile();
+ }
}
public void setCertificateFile(String certificateFile) {
registerDefaultCertificate();
@@ -750,8 +775,11 @@ public class SSLHostConfig implements Serializable {
public String getCertificateKeyFile() {
- registerDefaultCertificate();
- return defaultCertificate.getCertificateKeyFile();
+ if (defaultCertificate == null) {
+ return null;
+ } else {
+ return defaultCertificate.getCertificateKeyFile();
+ }
}
public void setCertificateKeyFile(String certificateKeyFile) {
registerDefaultCertificate();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e2bf9b8..bbe52b5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -69,6 +69,12 @@
Ensure that Servlet Asynchronous processing timeouts fire when requests
are made using HTTP/2. (markt)
</fix>
+ <fix>
+ Fix the corrupton of the TLS configuration when using the deprecated TLS
+ attributes on the Connector if the configuration has already been set
+ via the new <code>SSLHostConfig</code> and
+ <code>SSLHostConfigCertificate</code> elements. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org