This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new d14c5b4 64141: Allow overriding JVM trust store
d14c5b4 is described below
commit d14c5b409d08df88ab437f76334342b8f8094b44
Author: remm <[email protected]>
AuthorDate: Sat Feb 15 13:21:53 2020 +0100
64141: Allow overriding JVM trust store
If using a CA certificate, remove a default value for the trust store
file when not using a JSSE configuration.
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 26 +++++++++++++++++++---
webapps/docs/changelog.xml | 4 ++++
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 4a8549d..724497f 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -151,15 +151,24 @@ public class SSLHostConfig implements Serializable {
}
- void setProperty(String name, Type configType) {
+ /**
+ * Set property which belongs to the specified configuration type.
+ * @param name the property name
+ * @param configType the configuration type
+ * @return true if the property belongs to the current confuguration,
+ * and false otherwise
+ */
+ boolean setProperty(String name, Type configType) {
if (this.configType == null) {
this.configType = configType;
} else {
if (configType != this.configType) {
log.warn(sm.getString("sslHostConfig.mismatch",
name, getHostName(), configType, this.configType));
+ return false;
}
}
+ return true;
}
@@ -662,7 +671,13 @@ public class SSLHostConfig implements Serializable {
public void setCaCertificateFile(String caCertificateFile) {
- setProperty("caCertificateFile", Type.OPENSSL);
+ if (setProperty("caCertificateFile", Type.OPENSSL)) {
+ // Reset default JSSE trust store if not a JSSE configuration
+ if (truststoreFile != null) {
+ System.out.println("RESET !!!!!!!!!!!!!!!!!");
+ truststoreFile = null;
+ }
+ }
this.caCertificateFile = caCertificateFile;
}
@@ -673,7 +688,12 @@ public class SSLHostConfig implements Serializable {
public void setCaCertificatePath(String caCertificatePath) {
- setProperty("caCertificatePath", Type.OPENSSL);
+ if (setProperty("caCertificatePath", Type.OPENSSL)) {
+ // Reset default JSSE trust store if not a JSSE configuration
+ if (truststoreFile != null) {
+ truststoreFile = null;
+ }
+ }
this.caCertificatePath = caCertificatePath;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 753fb4c..e0673d1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -51,6 +51,10 @@
Fix support of native jakarta servlet attributes in AJP connector.
(remm)
</fix>
+ <fix>
+ <bug>64141</bug>: If using a CA certificate, remove a default value
+ for the truststore file when not using a JSSE configuration. (remm)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
