This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 8e28004d00 Improve TLS KeyStore logging on connector creation
8e28004d00 is described below
commit 8e28004d004527c774d4166dd23f001652ac8f7c
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Nov 20 08:56:19 2025 +0000
Improve TLS KeyStore logging on connector creation
---
java/org/apache/tomcat/util/net/AbstractEndpoint.java | 10 ++++++++--
java/org/apache/tomcat/util/net/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 5 +++++
webapps/docs/changelog.xml | 5 +++++
4 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 286845fc2b..1c1c892b6c 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -443,8 +443,14 @@ public abstract class AbstractEndpoint<S, U> {
if (keyAlias == null) {
keyAlias = SSLUtilBase.DEFAULT_KEY_ALIAS;
}
- certificateInfo =
- sm.getString("endpoint.tls.info.cert.keystore",
certificate.getCertificateKeystoreFile(), keyAlias);
+ String keystoreFile;
+ if (certificate.getCertificateKeystoreInternal() != null) {
+ // Keystore was set directly. Original location is unknown.
+ keystoreFile =
sm.getString("endpoint.tls.info.cert.keystore.direct");
+ } else {
+ keystoreFile = certificate.getCertificateKeystoreFile();
+ }
+ certificateInfo = sm.getString("endpoint.tls.info.cert.keystore",
keystoreFile, keyAlias);
}
String trustStoreSource = sslHostConfig.getTruststoreFile();
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 1fbdfad007..1886680130 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -118,6 +118,7 @@ endpoint.tls.cert.encodingError=Certificate fingerprints
not available
endpoint.tls.cert.noCerts=Certificate details not available as the certificate
chain returned from the SSLContext was empty
endpoint.tls.info=Connector [{0}], TLS virtual host [{1}], certificate type
[{2}] configured from {3} with trust store [{4}]
endpoint.tls.info.cert.keystore=keystore [{0}] using alias [{1}]
+endpoint.tls.info.cert.keystore.direct=Set directly - location unknown
endpoint.tls.info.cert.pem=key [{0}], certificate [{1}] and certificate chain
[{2}]
endpoint.unknownSslHostName=The SSL host name [{0}] is not recognised for this
endpoint
endpoint.warn.executorShutdown=The executor associated with thread pool [{0}]
has not fully shutdown. Some application threads may still be running.
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index e3e6c12e29..8033bee5dd 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -255,6 +255,11 @@ public class SSLHostConfigCertificate implements
Serializable {
}
+ KeyStore getCertificateKeystoreInternal() {
+ return certificateKeystore;
+ }
+
+
public void setCertificateKeyManager(X509KeyManager certificateKeyManager)
{
this.certificateKeyManager = certificateKeyManager;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 211ed75b7c..670ff2b706 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -231,6 +231,11 @@
<bug>69866</bug>: Fix a memory leak when using a trust store with the
OpenSSL provider. Pull request <pr>912</pr> by aogburn. (markt)
</fix>
+ <fix>
+ Don't log an incorrect certificate <code>KeyStore</code> location when
+ creating a TLS connector if the <code>KeyStore</code> instance has been
+ set directly on the connector. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
