(tomcat) branch 9.0.x updated: Unexpected i2d_X509 length

Wed, 08 Apr 2026 06:55:08 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 5b6ee22daa Unexpected i2d_X509 length
5b6ee22daa is described below

commit 5b6ee22daa7d55738963b341d04369e1c7e3800a
Author: Chenjp <[email protected]>
AuthorDate: Thu Feb 26 15:10:45 2026 +0800

    Unexpected i2d_X509 length
    
    Consider the possibility of zero length.
---
 java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 2 +-
 java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 097ed9b84f..208d30b508 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -813,7 +813,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                     MemorySegment/* (X509*) */ x509 = 
openssl_h_Compatibility.OPENSSL_sk_value(sk, i);
                     MemorySegment bufPointer = 
localArena.allocateFrom(ValueLayout.ADDRESS, MemorySegment.NULL);
                     int length = i2d_X509(x509, bufPointer);
-                    if (length < 0) {
+                    if (length <= 0) {
                         certificateChain[i] = new byte[0];
                         continue;
                     }
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 2cfb9a20cc..c55c0059f0 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -864,7 +864,7 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
                 MemorySegment/* (X509*) */ x509 = 
openssl_h_Compatibility.OPENSSL_sk_value(sk, i);
                 MemorySegment bufPointer = 
localArena.allocateFrom(ValueLayout.ADDRESS, MemorySegment.NULL);
                 int length = i2d_X509(x509, bufPointer);
-                if (length < 0) {
+                if (length <= 0) {
                     certificateChain[i] = new byte[0];
                     continue;
                 }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to