You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/12/16 14:46:46 UTC

[tomcat] branch 8.5.x updated: Fix TLS config corruption via deprecated attributes

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new d035de3  Fix TLS config corruption via deprecated attributes
d035de3 is described below

commit d035de3d0697b75ef4b38f93620f47940fd38a76
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Dec 16 14:45:38 2019 +0000

    Fix TLS config corruption via deprecated attributes
    
    Corruption was possible if the deprecated attributes were used after the
    new SSLHostConfig[Certificate] were used.
---
 java/org/apache/tomcat/util/net/SSLHostConfig.java | 68 +++++++++++++++-------
 webapps/docs/changelog.xml                         |  6 ++
 2 files changed, 54 insertions(+), 20 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 7545272..8e6ccce 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -212,9 +212,10 @@ public class SSLHostConfig implements Serializable {
 
     private void registerDefaultCertificate() {
         if (defaultCertificate == null) {
-            defaultCertificate = new SSLHostConfigCertificate(
+            SSLHostConfigCertificate defaultCertificate = new SSLHostConfigCertificate(
                     this, SSLHostConfigCertificate.Type.UNDEFINED);
-            certificates.add(defaultCertificate);
+            addCertificate(defaultCertificate);
+            this.defaultCertificate = defaultCertificate;
         }
     }
 
@@ -273,8 +274,11 @@ public class SSLHostConfig implements Serializable {
     // necessary to support the old configuration attributes (Tomcat 10?).
 
     public String getCertificateKeyPassword() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeyPassword();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeyPassword();
+        }
     }
     public void setCertificateKeyPassword(String certificateKeyPassword) {
         registerDefaultCertificate();
@@ -523,8 +527,11 @@ public class SSLHostConfig implements Serializable {
     // necessary to support the old configuration attributes (Tomcat 10?).
 
     public String getCertificateKeyAlias() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeyAlias();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeyAlias();
+        }
     }
     public void setCertificateKeyAlias(String certificateKeyAlias) {
         registerDefaultCertificate();
@@ -533,8 +540,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateKeystoreFile() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeystoreFile();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeystoreFile();
+        }
     }
     public void setCertificateKeystoreFile(String certificateKeystoreFile) {
         registerDefaultCertificate();
@@ -543,8 +553,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateKeystorePassword() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeystorePassword();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeystorePassword();
+        }
     }
     public void setCertificateKeystorePassword(String certificateKeystorePassword) {
         registerDefaultCertificate();
@@ -553,8 +566,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateKeystoreProvider() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeystoreProvider();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeystoreProvider();
+        }
     }
     public void setCertificateKeystoreProvider(String certificateKeystoreProvider) {
         registerDefaultCertificate();
@@ -563,8 +579,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateKeystoreType() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeystoreType();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeystoreType();
+        }
     }
     public void setCertificateKeystoreType(String certificateKeystoreType) {
         registerDefaultCertificate();
@@ -730,8 +749,11 @@ public class SSLHostConfig implements Serializable {
     // necessary to support the old configuration attributes (Tomcat 10?).
 
     public String getCertificateChainFile() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateChainFile();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateChainFile();
+        }
     }
     public void setCertificateChainFile(String certificateChainFile) {
         registerDefaultCertificate();
@@ -740,8 +762,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateFile() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateFile();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateFile();
+        }
     }
     public void setCertificateFile(String certificateFile) {
         registerDefaultCertificate();
@@ -750,8 +775,11 @@ public class SSLHostConfig implements Serializable {
 
 
     public String getCertificateKeyFile() {
-        registerDefaultCertificate();
-        return defaultCertificate.getCertificateKeyFile();
+        if (defaultCertificate == null) {
+            return null;
+        } else {
+            return defaultCertificate.getCertificateKeyFile();
+        }
     }
     public void setCertificateKeyFile(String certificateKeyFile) {
         registerDefaultCertificate();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e2bf9b8..bbe52b5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -69,6 +69,12 @@
         Ensure that Servlet Asynchronous processing timeouts fire when requests
         are made using HTTP/2. (markt)
       </fix>
+      <fix>
+        Fix the corrupton of the TLS configuration when using the deprecated TLS
+        attributes on the Connector if the configuration has already been set
+        via the new <code>SSLHostConfig</code> and
+        <code>SSLHostConfigCertificate</code> elements. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org