This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new 5d4939e Port Fix for BZ 65848 5d4939e is described below commit 5d4939e0dc0986b1d0672aa42bca790371250b62 Author: remm <r...@apache.org> AuthorDate: Wed Feb 2 16:27:06 2022 +0100 Port Fix for BZ 65848 Revert attempt to align behavior as root cause was config. --- .../org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java index 2755a0d..ff249f0 100644 --- a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java +++ b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java @@ -626,7 +626,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { log.debug(sm.getString("openssl.addedClientCaCert", caCert.toString())); } } - } else if (sslHostConfig.getCaCertificateFile() != null || sslHostConfig.getCaCertificatePath() != null) { + } else { // Client certificate verification based on trusted CA files and dirs //SSLContext.setCACertificate(state.ctx, // SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()), @@ -655,12 +655,6 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { log.warn(sm.getString("openssl.noCACerts")); } } - } else { - // No CA certificates configured. Reject all client certificates. - MemoryAddress openSSLCallbackCertVerify = - CLinker.getInstance().upcallStub(openSSLCallbackCertVerifyHandle, - openSSLCallbackCertVerifyFunctionDescriptor, state.contextScope); - SSL_CTX_set_cert_verify_callback(state.sslCtx, openSSLCallbackCertVerify, MemoryAddress.NULL); } if (state.negotiableProtocols != null && state.negotiableProtocols.size() > 0) { --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org