This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 6a091d15d0 Allow getting certificates for OpenSSL
6a091d15d0 is described below
commit 6a091d15d080427638bb58ec3a1b5618e730f398
Author: remm <r...@apache.org>
AuthorDate: Wed Sep 25 14:20:38 2024 +0200
Allow getting certificates for OpenSSL
This reverts the fix for 62712 which was only for the APR connector
(OpenSSL seems to work properly for me). I will test again on Tomcat
9.0.
---
.../apache/catalina/manager/ManagerServlet.java | 63 +++++++++-------------
1 file changed, 25 insertions(+), 38 deletions(-)
diff --git a/java/org/apache/catalina/manager/ManagerServlet.java
b/java/org/apache/catalina/manager/ManagerServlet.java
index dab198ea2c..1cdc5173e5 100644
--- a/java/org/apache/catalina/manager/ManagerServlet.java
+++ b/java/org/apache/catalina/manager/ManagerServlet.java
@@ -1611,32 +1611,24 @@ public class ManagerServlet extends HttpServlet
implements ContainerServlet {
if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
SSLHostConfig[] sslHostConfigs =
connector.getProtocolHandler().findSslHostConfigs();
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
- if (sslHostConfig.getOpenSslContext().longValue() == 0) {
- // Not set. Must be JSSE based.
- Set<SSLHostConfigCertificate> sslHostConfigCerts =
sslHostConfig.getCertificates();
- for (SSLHostConfigCertificate sslHostConfigCert :
sslHostConfigCerts) {
- String name = connector.toString() + "-" +
sslHostConfig.getHostName() + "-" +
- sslHostConfigCert.getType();
- List<String> certList = new ArrayList<>();
- SSLContext sslContext =
sslHostConfigCert.getSslContext();
- String alias =
sslHostConfigCert.getCertificateKeyAlias();
- if (alias == null) {
- alias = SSLUtilBase.DEFAULT_KEY_ALIAS;
- }
- X509Certificate[] certs =
sslContext.getCertificateChain(alias);
- if (certs == null) {
-
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
- } else {
- for (Certificate cert : certs) {
- certList.add(cert.toString());
- }
+ Set<SSLHostConfigCertificate> sslHostConfigCerts =
sslHostConfig.getCertificates();
+ for (SSLHostConfigCertificate sslHostConfigCert :
sslHostConfigCerts) {
+ String name = connector.toString() + "-" +
sslHostConfig.getHostName() + "-" +
+ sslHostConfigCert.getType();
+ List<String> certList = new ArrayList<>();
+ SSLContext sslContext =
sslHostConfigCert.getSslContext();
+ String alias =
sslHostConfigCert.getCertificateKeyAlias();
+ if (alias == null) {
+ alias = SSLUtilBase.DEFAULT_KEY_ALIAS;
+ }
+ X509Certificate[] certs =
sslContext.getCertificateChain(alias);
+ if (certs == null) {
+
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
+ } else {
+ for (Certificate cert : certs) {
+ certList.add(cert.toString());
}
- result.put(name, certList);
}
- } else {
- List<String> certList = new ArrayList<>();
-
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
- String name = connector.toString() + "-" +
sslHostConfig.getHostName();
result.put(name, certList);
}
}
@@ -1661,21 +1653,16 @@ public class ManagerServlet extends HttpServlet
implements ContainerServlet {
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
String name = connector.toString() + "-" +
sslHostConfig.getHostName();
List<String> certList = new ArrayList<>();
- if (sslHostConfig.getOpenSslContext().longValue() == 0) {
- // Not set. Must be JSSE based.
- SSLContext sslContext =
sslHostConfig.getCertificates().iterator().next().getSslContext();
- X509Certificate[] certs =
sslContext.getAcceptedIssuers();
- if (certs == null) {
-
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
- } else if (certs.length == 0) {
-
certList.add(smClient.getString("managerServlet.trustedCertsNotConfigured"));
- } else {
- for (Certificate cert : certs) {
- certList.add(cert.toString());
- }
- }
- } else {
+ SSLContext sslContext =
sslHostConfig.getCertificates().iterator().next().getSslContext();
+ X509Certificate[] certs = sslContext.getAcceptedIssuers();
+ if (certs == null) {
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
+ } else if (certs.length == 0) {
+
certList.add(smClient.getString("managerServlet.trustedCertsNotConfigured"));
+ } else {
+ for (Certificate cert : certs) {
+ certList.add(cert.toString());
+ }
}
result.put(name, certList);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
