This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new e57d343dbb Improve TLS KeyStore logging on connector creation
e57d343dbb is described below
commit e57d343dbb4c67652bff5855a79218a082024811
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Nov 20 08:56:19 2025 +0000
Improve TLS KeyStore logging on connector creation
---
java/org/apache/tomcat/util/net/AbstractEndpoint.java | 10 ++++++++--
java/org/apache/tomcat/util/net/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 5 +++++
webapps/docs/changelog.xml | 9 +++++++++
4 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 84a4e3e700..0ff09d36f9 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -393,8 +393,14 @@ public abstract class AbstractEndpoint<S, U> {
if (keyAlias == null) {
keyAlias = SSLUtilBase.DEFAULT_KEY_ALIAS;
}
- certificateInfo =
- sm.getString("endpoint.tls.info.cert.keystore",
certificate.getCertificateKeystoreFile(), keyAlias);
+ String keystoreFile;
+ if (certificate.getCertificateKeystoreInternal() != null) {
+ // Keystore was set directly. Original location is unknown.
+ keystoreFile =
sm.getString("endpoint.tls.info.cert.keystore.direct");
+ } else {
+ keystoreFile = certificate.getCertificateKeystoreFile();
+ }
+ certificateInfo = sm.getString("endpoint.tls.info.cert.keystore",
keystoreFile, keyAlias);
}
String trustStoreSource = sslHostConfig.getTruststoreFile();
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 5a20bd58e9..2746156921 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -143,6 +143,7 @@ endpoint.tls.cert.encodingError=Certificate fingerprints
not available
endpoint.tls.cert.noCerts=Certificate details not available as the certificate
chain returned from the SSLContext was empty
endpoint.tls.info=Connector [{0}], TLS virtual host [{1}], certificate type
[{2}] configured from {3} with trust store [{4}]
endpoint.tls.info.cert.keystore=keystore [{0}] using alias [{1}]
+endpoint.tls.info.cert.keystore.direct=Set directly - location unknown
endpoint.tls.info.cert.pem=key [{0}], certificate [{1}] and certificate chain
[{2}]
endpoint.unknownSslHostName=The SSL host name [{0}] is not recognised for this
endpoint
endpoint.warn.executorShutdown=The executor associated with thread pool [{0}]
has not fully shutdown. Some application threads may still be running.
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index 8d163b2391..493104f86a 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -254,6 +254,11 @@ public class SSLHostConfigCertificate implements
Serializable {
}
+ KeyStore getCertificateKeystoreInternal() {
+ return certificateKeystore;
+ }
+
+
public void setCertificateKeyManager(X509KeyManager certificateKeyManager)
{
this.certificateKeyManager = certificateKeyManager;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a7d2eec391..a61b396350 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -117,6 +117,15 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Don't log an incorrect certificate <code>KeyStore</code> location when
+ creating a TLS connector if the <code>KeyStore</code> instance has been
+ set directly on the connector. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Jasper">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
