This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new ddfc3ef79a Improve TLS KeyStore logging on connector creation
ddfc3ef79a is described below
commit ddfc3ef79a11051dc4c80c4f11061a3dadf5494a
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Nov 20 08:56:19 2025 +0000
Improve TLS KeyStore logging on connector creation
---
java/org/apache/tomcat/util/net/AbstractEndpoint.java | 10 ++++++++--
java/org/apache/tomcat/util/net/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 5 +++++
webapps/docs/changelog.xml | 9 +++++++++
4 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 1e6228edce..fc34c32a6d 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -376,8 +376,14 @@ public abstract class AbstractEndpoint<S, U> {
if (keyAlias == null) {
keyAlias = SSLUtilBase.DEFAULT_KEY_ALIAS;
}
- certificateInfo =
- sm.getString("endpoint.tls.info.cert.keystore",
certificate.getCertificateKeystoreFile(), keyAlias);
+ String keystoreFile;
+ if (certificate.getCertificateKeystoreInternal() != null) {
+ // Keystore was set directly. Original location is unknown.
+ keystoreFile =
sm.getString("endpoint.tls.info.cert.keystore.direct");
+ } else {
+ keystoreFile = certificate.getCertificateKeystoreFile();
+ }
+ certificateInfo = sm.getString("endpoint.tls.info.cert.keystore",
keystoreFile, keyAlias);
}
String trustStoreSource = sslHostConfig.getTruststoreFile();
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index d3e98da147..fd52feedad 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -125,6 +125,7 @@ endpoint.tls.cert.encodingError=Certificate fingerprints
not available
endpoint.tls.cert.noCerts=Certificate details not available as the certificate
chain returned from the SSLContext was empty
endpoint.tls.info=Connector [{0}], TLS virtual host [{1}], certificate type
[{2}] configured from {3} with trust store [{4}]
endpoint.tls.info.cert.keystore=keystore [{0}] using alias [{1}]
+endpoint.tls.info.cert.keystore.direct=Set directly - location unknown
endpoint.tls.info.cert.pem=key [{0}], certificate [{1}] and certificate chain
[{2}]
endpoint.unknownSslHostName=The SSL host name [{0}] is not recognised for this
endpoint
endpoint.warn.executorShutdown=The executor associated with thread pool [{0}]
has not fully shutdown. Some application threads may still be running.
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index 8d163b2391..493104f86a 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -254,6 +254,11 @@ public class SSLHostConfigCertificate implements
Serializable {
}
+ KeyStore getCertificateKeystoreInternal() {
+ return certificateKeystore;
+ }
+
+
public void setCertificateKeyManager(X509KeyManager certificateKeyManager)
{
this.certificateKeyManager = certificateKeyManager;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 44e17e261e..4ba45899d3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -117,6 +117,15 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Don't log an incorrect certificate <code>KeyStore</code> location when
+ creating a TLS connector if the <code>KeyStore</code> instance has been
+ set directly on the connector. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Jasper">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
