This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push: new cec1d95 Fix BZ 65848 Revert attempt to align behaviour as root cause was config cec1d95 is described below commit cec1d95f6b100fb2085d0320157137344e0c8417 Author: Mark Thomas <ma...@apache.org> AuthorDate: Wed Feb 2 12:16:43 2022 +0000 Fix BZ 65848 Revert attempt to align behaviour as root cause was config https://bz.apache.org/bugzilla/show_bug.cgi?id=65848 --- .../apache/tomcat/util/net/openssl/OpenSSLContext.java | 18 ++++-------------- webapps/docs/changelog.xml | 10 ++++++++++ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java index d942d4c..ed0b5af 100644 --- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java +++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java @@ -379,20 +379,10 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { } } } else { - if (sslHostConfig.getCaCertificateFile() == null && sslHostConfig.getCaCertificatePath() == null) { - // No CA certificates configured. Reject all client certificates. - SSLContext.setCertVerifyCallback(ctx, new CertificateVerifier() { - @Override - public boolean verify(long ssl, byte[][] chain, String auth) { - return false; - } - }); - } else { - // Client certificate verification based on trusted CA files and dirs - SSLContext.setCACertificate(ctx, - SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()), - SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath())); - } + // Client certificate verification based on trusted CA files and dirs + SSLContext.setCACertificate(ctx, + SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()), + SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath())); } if (negotiableProtocols != null && negotiableProtocols.size() > 0) { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index b0c36ec..4e6499b 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -119,6 +119,16 @@ </add> </changelog> </subsection> + <subsection name="Coyote"> + <changelog> + <fix> + <bug>65848</bug>: Revert the change that attempted to align the + behaviour of client certificate authentication with NIO or NIO2 with + OpenSSL for TLS between MacOS and Linux/Windows as the root cause was + traced to configuration differences. (markt) + </fix> + </changelog> + </subsection> <subsection name="Web applications"> <changelog> <fix> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org