(tomcat) branch 11.0.x updated: Unexpected i2d_X509 length

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/11.0.x by this push:
     new e41b1ebb12 Unexpected i2d_X509 length
e41b1ebb12 is described below

commit e41b1ebb129386932fb196d00dea58bf522b17c4
Author: Chenjp <ch...@msn.com>
AuthorDate: Thu Feb 26 15:10:45 2026 +0800

    Unexpected i2d_X509 length
    
    Consider the possibility of zero length.
---
 java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 2 +-
 java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 097ed9b84f..208d30b508 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -813,7 +813,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                     MemorySegment/* (X509*) */ x509 = 
openssl_h_Compatibility.OPENSSL_sk_value(sk, i);
                     MemorySegment bufPointer = 
localArena.allocateFrom(ValueLayout.ADDRESS, MemorySegment.NULL);
                     int length = i2d_X509(x509, bufPointer);
-                    if (length < 0) {
+                    if (length <= 0) {
                         certificateChain[i] = new byte[0];
                         continue;
                     }
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 0471c64164..315b506f13 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -864,7 +864,7 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
                 MemorySegment/* (X509*) */ x509 = 
openssl_h_Compatibility.OPENSSL_sk_value(sk, i);
                 MemorySegment bufPointer = 
localArena.allocateFrom(ValueLayout.ADDRESS, MemorySegment.NULL);
                 int length = i2d_X509(x509, bufPointer);
-                if (length < 0) {
+                if (length <= 0) {
                     certificateChain[i] = new byte[0];
                     continue;
                 }


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org