(tomcat) branch 11.0.x updated: Improve algorithm for possible edge cases

Thu, 25 Sep 2025 06:49:28 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/11.0.x by this push:
     new 8991b9fa1a Improve algorithm for possible edge cases
8991b9fa1a is described below

commit 8991b9fa1a7b4579add7ae7a4cdf74abb8b42231
Author: remm <[email protected]>
AuthorDate: Thu Sep 25 15:40:51 2025 +0200

    Improve algorithm for possible edge cases
    
    If no server groups and no client groups, do not setNamedGroups.
    If no client groups, use server groups.
---
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 1364e1db4d..2723527a35 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -539,20 +539,28 @@ public abstract class AbstractEndpoint<S, U> {
         }
         // Merge server groups with the client groups
         if (JreCompat.isJre20Available()) {
+            // Merge server groups with the client groups
             List<String> supportedGroups = new ArrayList<>();
             LinkedHashSet<Group> serverSupportedGroups = 
sslHostConfig.getGroupList();
             if (serverSupportedGroups != null) {
-                for (Group group : clientSupportedGroups) {
-                    if (serverSupportedGroups.contains(group)) {
+                if (!clientSupportedGroups.isEmpty()) {
+                    for (Group group : clientSupportedGroups) {
+                        if (serverSupportedGroups.contains(group)) {
+                            supportedGroups.add(group.toString());
+                        }
+                    }
+                } else {
+                    for (Group group : serverSupportedGroups) {
                         supportedGroups.add(group.toString());
                     }
                 }
-            } else {
+                JreCompat.getInstance().setNamedGroupsMethod(sslParameters, 
supportedGroups.toArray(new String[0]));
+            } else if (!clientSupportedGroups.isEmpty()) {
                 for (Group group : clientSupportedGroups) {
                     supportedGroups.add(group.toString());
                 }
+                JreCompat.getInstance().setNamedGroupsMethod(sslParameters, 
supportedGroups.toArray(new String[0]));
             }
-            JreCompat.getInstance().setNamedGroupsMethod(sslParameters, 
supportedGroups.toArray(new String[0]));
         }
         switch (sslHostConfig.getCertificateVerification()) {
             case NONE:


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to