This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 4996bd2 Correct regression in refactoring that broke TLS with a
single cert
4996bd2 is described below
commit 4996bd2e417dba57d44c4b5f66787e152ab27a21
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Feb 28 10:23:37 2019 +0000
Correct regression in refactoring that broke TLS with a single cert
When a single certificate is used the type is likely to be undefined.
That caused the lookup of the storage slot to return an incorrect value.
In this case just use the RSA slot as it is only convention that maps a
given slot to a specific type. Tomcat Native and OpenSSL don't actually
care.
---
java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index 9f3bb58..61fd8b4 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -425,7 +425,9 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
private static int getCertificateIndex(SSLHostConfigCertificate
certificate) {
int result;
- if (certificate.getType() == Type.RSA) {
+ // If the type is undefined there will only be one certificate
(enforced
+ // in SSLHostConfig) so use the RSA slot.
+ if (certificate.getType() == Type.RSA || certificate.getType() ==
Type.UNDEFINED) {
result = SSL.SSL_AIDX_RSA;
} else if (certificate.getType() == Type.EC) {
result = SSL.SSL_AIDX_ECC;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
