You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2020/05/28 14:37:39 UTC
[tomcat] branch 9.0.x updated (914ee22 -> a40282b)
This is an automated email from the ASF dual-hosted git repository.
remm pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 914ee22 Add missing French translation (remm)
new 21419a1 Expose the local certificate through SSLSupport
new a40282b Checkstyle
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
java/org/apache/tomcat/util/net/SSLSupport.java | 11 +++++++++++
java/org/apache/tomcat/util/net/jsse/JSSESupport.java | 15 +++++++++++++++
webapps/docs/changelog.xml | 4 ++++
3 files changed, 30 insertions(+)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/02: Checkstyle
Posted by re...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit a40282bc6740bad923d46d20b77adba68ba43d59
Author: remm <re...@apache.org>
AuthorDate: Thu May 28 16:32:54 2020 +0200
Checkstyle
---
java/org/apache/tomcat/util/net/SSLSupport.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/SSLSupport.java b/java/org/apache/tomcat/util/net/SSLSupport.java
index f46d266..39c51e7 100644
--- a/java/org/apache/tomcat/util/net/SSLSupport.java
+++ b/java/org/apache/tomcat/util/net/SSLSupport.java
@@ -91,7 +91,7 @@ public interface SSLSupport {
* certificate first, followed by those of any certificate
* authorities
*/
- default public X509Certificate[] getLocalCertificateChain() {
+ public default X509Certificate[] getLocalCertificateChain() {
return null;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/02: Expose the local certificate through SSLSupport
Posted by re...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 21419a185c457d3b2b76573a56f85f92138b504b
Author: remm <re...@apache.org>
AuthorDate: Thu May 28 16:21:35 2020 +0200
Expose the local certificate through SSLSupport
To be used for more TLS env support in the rewrite resolver, it cannot
hurt.
Using a default since it's an API change and not there with OpenSSL.
---
java/org/apache/tomcat/util/net/SSLSupport.java | 11 +++++++++++
java/org/apache/tomcat/util/net/jsse/JSSESupport.java | 15 +++++++++++++++
webapps/docs/changelog.xml | 4 ++++
3 files changed, 30 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/SSLSupport.java b/java/org/apache/tomcat/util/net/SSLSupport.java
index 75740f9..f46d266 100644
--- a/java/org/apache/tomcat/util/net/SSLSupport.java
+++ b/java/org/apache/tomcat/util/net/SSLSupport.java
@@ -85,6 +85,17 @@ public interface SSLSupport {
public X509Certificate[] getPeerCertificateChain() throws IOException;
/**
+ * The server certificate chain (if any) that were sent to the peer.
+ *
+ * @return The certificate chain sent with the server
+ * certificate first, followed by those of any certificate
+ * authorities
+ */
+ default public X509Certificate[] getLocalCertificateChain() {
+ return null;
+ }
+
+ /**
* Get the keysize.
*
* What we're supposed to put here is ill-defined by the
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
index 98c6eb9..0ca7ba7 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
@@ -21,6 +21,7 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
@@ -87,6 +88,14 @@ public class JSSESupport implements SSLSupport, SSLSessionManager {
}
@Override
+ public X509Certificate[] getLocalCertificateChain() {
+ if (session == null) {
+ return null;
+ }
+ return convertCertificates(session.getLocalCertificates());
+ }
+
+ @Override
public java.security.cert.X509Certificate[] getPeerCertificateChain() throws IOException {
// Look up the current SSLSession
if (session == null)
@@ -99,6 +108,12 @@ public class JSSESupport implements SSLSupport, SSLSessionManager {
log.debug(sm.getString("jsseSupport.clientCertError"), t);
return null;
}
+
+ return convertCertificates(certs);
+ }
+
+
+ private static java.security.cert.X509Certificate[] convertCertificates(Certificate[] certs) {
if( certs==null ) return null;
java.security.cert.X509Certificate [] x509Certs =
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4f160b4..94f6836 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -83,6 +83,10 @@
<bug>64467</bug>: Improve performance of closing idle HTTP/2 streams.
(markt)
</fix>
+ <update>
+ Expose server certificate through the <code>SSLSupport</code>
+ interface. (remm)
+ </update>
</changelog>
</subsection>
<subsection name="WebSocket">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org