[tomcat] branch main updated: Port Fix for BZ 65848

Wed, 02 Feb 2022 07:27:33 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 5d4939e  Port Fix for BZ 65848
5d4939e is described below

commit 5d4939e0dc0986b1d0672aa42bca790371250b62
Author: remm <r...@apache.org>
AuthorDate: Wed Feb 2 16:27:06 2022 +0100

    Port Fix for BZ 65848
    
    Revert attempt to align behavior as root cause was config.
---
 .../org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 2755a0d..ff249f0 100644
--- 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -626,7 +626,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                         log.debug(sm.getString("openssl.addedClientCaCert", 
caCert.toString()));
                     }
                 }
-            } else if (sslHostConfig.getCaCertificateFile() != null || 
sslHostConfig.getCaCertificatePath() != null) {
+            } else {
                 // Client certificate verification based on trusted CA files 
and dirs
                 //SSLContext.setCACertificate(state.ctx,
                 //        
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
@@ -655,12 +655,6 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                         log.warn(sm.getString("openssl.noCACerts"));
                     }
                 }
-            } else {
-                // No CA certificates configured. Reject all client 
certificates.
-                MemoryAddress openSSLCallbackCertVerify =
-                        
CLinker.getInstance().upcallStub(openSSLCallbackCertVerifyHandle,
-                                openSSLCallbackCertVerifyFunctionDescriptor, 
state.contextScope);
-                SSL_CTX_set_cert_verify_callback(state.sslCtx, 
openSSLCallbackCertVerify, MemoryAddress.NULL);
             }
 
             if (state.negotiableProtocols != null && 
state.negotiableProtocols.size() > 0) {

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to