(tomcat) branch 9.0.x updated: Improve algorithm for possible edge cases

Thu, 25 Sep 2025 06:58:12 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new c4f890fa88 Improve algorithm for possible edge cases
c4f890fa88 is described below

commit c4f890fa88a175b41112187a339d909d70ae24c3
Author: remm <[email protected]>
AuthorDate: Thu Sep 25 15:40:51 2025 +0200

    Improve algorithm for possible edge cases
    
    If no server groups and no client groups, do not setNamedGroups.
    If no client groups, use server groups.
---
 java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index 996aeb1d75..1d639176eb 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -164,17 +164,24 @@ public abstract class AbstractJsseEndpoint<S, U> extends 
AbstractEndpoint<S,U> {
             List<String> supportedGroups = new ArrayList<>();
             LinkedHashSet<Group> serverSupportedGroups = 
sslHostConfig.getGroupList();
             if (serverSupportedGroups != null) {
-                for (Group group : clientSupportedGroups) {
-                    if (serverSupportedGroups.contains(group)) {
+                if (!clientSupportedGroups.isEmpty()) {
+                    for (Group group : clientSupportedGroups) {
+                        if (serverSupportedGroups.contains(group)) {
+                            supportedGroups.add(group.toString());
+                        }
+                    }
+                } else {
+                    for (Group group : serverSupportedGroups) {
                         supportedGroups.add(group.toString());
                     }
                 }
-            } else {
+                JreCompat.getInstance().setNamedGroupsMethod(sslParameters, 
supportedGroups.toArray(new String[0]));
+            } else if (!clientSupportedGroups.isEmpty()) {
                 for (Group group : clientSupportedGroups) {
                     supportedGroups.add(group.toString());
                 }
+                JreCompat.getInstance().setNamedGroupsMethod(sslParameters, 
supportedGroups.toArray(new String[0]));
             }
-            JreCompat.getInstance().setNamedGroupsMethod(sslParameters, 
supportedGroups.toArray(new String[0]));
         }
         switch (sslHostConfig.getCertificateVerification()) {
             case NONE:


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to