(tomcat) branch 10.1.x updated: Improve algorithm for possible edge cases

Thu, 25 Sep 2025 06:54:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new 122a2860f4 Improve algorithm for possible edge cases
122a2860f4 is described below

commit 122a2860f4629a16120a6f6c9a9dd1f6aef82207
Author: remm <[email protected]>
AuthorDate: Thu Sep 25 15:40:51 2025 +0200

    Improve algorithm for possible edge cases
    
    If no server groups and no client groups, do not setNamedGroups.
    If no client groups, use server groups.
---
 java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index c776943e40..018c368c95 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -164,17 +164,24 @@ public abstract class AbstractJsseEndpoint<S, U> extends 
AbstractEndpoint<S,U> {
             List<String> supportedGroups = new ArrayList<>();
             LinkedHashSet<Group> serverSupportedGroups = 
sslHostConfig.getGroupList();
             if (serverSupportedGroups != null) {
-                for (Group group : clientSupportedGroups) {
-                    if (serverSupportedGroups.contains(group)) {
+                if (!clientSupportedGroups.isEmpty()) {
+                    for (Group group : clientSupportedGroups) {
+                        if (serverSupportedGroups.contains(group)) {
+                            supportedGroups.add(group.toString());
+                        }
+                    }
+                } else {
+                    for (Group group : serverSupportedGroups) {
                         supportedGroups.add(group.toString());
                     }
                 }
-            } else {
+                JreCompat.getInstance().setNamedGroupsMethod(sslParameters, 
supportedGroups.toArray(new String[0]));
+            } else if (!clientSupportedGroups.isEmpty()) {
                 for (Group group : clientSupportedGroups) {
                     supportedGroups.add(group.toString());
                 }
+                JreCompat.getInstance().setNamedGroupsMethod(sslParameters, 
supportedGroups.toArray(new String[0]));
             }
-            JreCompat.getInstance().setNamedGroupsMethod(sslParameters, 
supportedGroups.toArray(new String[0]));
         }
         switch (sslHostConfig.getCertificateVerification()) {
             case NONE:


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to