This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new cadde891eb Improve TLS KeyStore logging on connector creation
cadde891eb is described below
commit cadde891ebe71da174ea300926c5b4ad5430c958
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Nov 20 08:56:19 2025 +0000
Improve TLS KeyStore logging on connector creation
---
java/org/apache/tomcat/util/net/AbstractEndpoint.java | 10 ++++++++--
java/org/apache/tomcat/util/net/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 5 +++++
webapps/docs/changelog.xml | 9 +++++++++
4 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 8caab7648d..866f638a8e 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -444,8 +444,14 @@ public abstract class AbstractEndpoint<S, U> {
if (keyAlias == null) {
keyAlias = SSLUtilBase.DEFAULT_KEY_ALIAS;
}
- certificateInfo =
- sm.getString("endpoint.tls.info.cert.keystore",
certificate.getCertificateKeystoreFile(), keyAlias);
+ String keystoreFile;
+ if (certificate.getCertificateKeystoreInternal() != null) {
+ // Keystore was set directly. Original location is unknown.
+ keystoreFile =
sm.getString("endpoint.tls.info.cert.keystore.direct");
+ } else {
+ keystoreFile = certificate.getCertificateKeystoreFile();
+ }
+ certificateInfo = sm.getString("endpoint.tls.info.cert.keystore",
keystoreFile, keyAlias);
}
String trustStoreSource = sslHostConfig.getTruststoreFile();
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index d3e98da147..fd52feedad 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -125,6 +125,7 @@ endpoint.tls.cert.encodingError=Certificate fingerprints
not available
endpoint.tls.cert.noCerts=Certificate details not available as the certificate
chain returned from the SSLContext was empty
endpoint.tls.info=Connector [{0}], TLS virtual host [{1}], certificate type
[{2}] configured from {3} with trust store [{4}]
endpoint.tls.info.cert.keystore=keystore [{0}] using alias [{1}]
+endpoint.tls.info.cert.keystore.direct=Set directly - location unknown
endpoint.tls.info.cert.pem=key [{0}], certificate [{1}] and certificate chain
[{2}]
endpoint.unknownSslHostName=The SSL host name [{0}] is not recognised for this
endpoint
endpoint.warn.executorShutdown=The executor associated with thread pool [{0}]
has not fully shutdown. Some application threads may still be running.
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index ed23d4ddd9..5ae9a5fed0 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -256,6 +256,11 @@ public class SSLHostConfigCertificate implements
Serializable {
}
+ KeyStore getCertificateKeystoreInternal() {
+ return certificateKeystore;
+ }
+
+
public void setCertificateKeyManager(X509KeyManager certificateKeyManager)
{
this.certificateKeyManager = certificateKeyManager;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f19040c63b..3cb4a2c036 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -117,6 +117,15 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Don't log an incorrect certificate <code>KeyStore</code> location when
+ creating a TLS connector if the <code>KeyStore</code> instance has been
+ set directly on the connector. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Jasper">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
