(tomcat) branch main updated: Fix regression in user provided SSLContext support

Mon, 18 Mar 2024 13:25:05 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 476f3bfc50 Fix regression in user provided SSLContext support
476f3bfc50 is described below

commit 476f3bfc50a4e8ee2c5bfce089f461aba5a6d87a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Mar 18 20:23:53 2024 +0000

    Fix regression in user provided SSLContext support
    
    This broke the TLSCertificateReloadListener
---
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 8 +++++++-
 webapps/docs/changelog.xml                            | 7 +++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 12d70bf007..2c8a77ddd2 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -409,8 +409,14 @@ public abstract class AbstractEndpoint<S,U> {
             }
 
             SSLContext sslContext = certificate.getSslContext();
+            SSLContext sslContextGenerated = 
certificate.getSslContextGenerated();
             // Generate the SSLContext from configuration unless (e.g. 
embedded) an SSLContext has been provided.
-            if (sslContext == null) {
+            // Need to handle both initial configuration and reload.
+            // Initial, SSLContext provided     - sslContext will be non-null 
and sslContextGenerated will be null
+            // Initial, SSLContext not provided - sslContext null and 
sslContextGenerated will be null
+            // Reload,  SSLContext provided     - sslContext will be non-null 
and sslContextGenerated will be null
+            // Reload,  SSLContext not provided - sslContext non-null and 
equal to sslContextGenerated
+            if (sslContext == null || sslContext == sslContextGenerated) {
                 try {
                     sslContext = sslUtil.createSSLContext(negotiableProtocols);
                 } catch (Exception e) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 07f1af22c5..1766e6ede2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -153,6 +153,13 @@
         configured with a <code>Max-Age</code> value of zero as RFC 6265 does
         not permit a value of zero in this case. (markt)
       </fix>
+      <fix>
+        Correct a regression in the support for user provided
+        <code>SSLContext</code> instances that broke the
+        <code>org.apache.catalina.security.TLSCertificateReloadListener</code>.
+        (markt)
+      </fix>
+      
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to