This is an automated email from the ASF dual-hosted git repository.
rmaucher pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 6bda9fcbdc Only add OpenSSL commands once
6bda9fcbdc is described below
commit 6bda9fcbdc78400395f270b91b0585624b3366ec
Author: remm <[email protected]>
AuthorDate: Tue May 26 11:47:27 2026 +0200
Only add OpenSSL commands once
---
.../tomcat/util/net/openssl/OpenSSLContext.java | 36 ++++++++++++++++------
1 file changed, 26 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index 6522a9317d..7a6e228069 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -427,19 +427,35 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
// Client certificate verification based on trusted CA files
and dirs
SSLContext.setCACertificate(ctx,
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
- sslHostConfig.getOpenSslConf().addCmd(new
OpenSSLConfCmd(OpenSSLConfCmd.NO_OCSP_CHECK,
- Boolean.toString(!sslHostConfig.getOcspEnabled())));
- sslHostConfig.getOpenSslConf().addCmd(new
OpenSSLConfCmd(OpenSSLConfCmd.OCSP_SOFT_FAIL,
- Boolean.toString(sslHostConfig.getOcspSoftFail())));
- sslHostConfig.getOpenSslConf().addCmd(new
OpenSSLConfCmd(OpenSSLConfCmd.OCSP_TIMEOUT,
- Integer.toString(sslHostConfig.getOcspTimeout())));
- sslHostConfig.getOpenSslConf().addCmd(new
OpenSSLConfCmd(OpenSSLConfCmd.OCSP_VERIFY_FLAGS,
- Integer.toString(sslHostConfig.getOcspVerifyFlags())));
+ boolean foundOcspConfig = false;
+ for (OpenSSLConfCmd command :
sslHostConfig.getOpenSslConf().getCommands()) {
+ if
(OpenSSLConfCmd.NO_OCSP_CHECK.equals(command.getName())) {
+ foundOcspConfig = true;
+ }
+ }
+ if (!foundOcspConfig) {
+ sslHostConfig.getOpenSslConf().addCmd(new
OpenSSLConfCmd(OpenSSLConfCmd.NO_OCSP_CHECK,
+
Boolean.toString(!sslHostConfig.getOcspEnabled())));
+ sslHostConfig.getOpenSslConf().addCmd(new
OpenSSLConfCmd(OpenSSLConfCmd.OCSP_SOFT_FAIL,
+
Boolean.toString(sslHostConfig.getOcspSoftFail())));
+ sslHostConfig.getOpenSslConf().addCmd(new
OpenSSLConfCmd(OpenSSLConfCmd.OCSP_TIMEOUT,
+ Integer.toString(sslHostConfig.getOcspTimeout())));
+ sslHostConfig.getOpenSslConf().addCmd(new
OpenSSLConfCmd(OpenSSLConfCmd.OCSP_VERIFY_FLAGS,
+
Integer.toString(sslHostConfig.getOcspVerifyFlags())));
+ }
}
if (sslHostConfig.getGroupList() != null) {
- sslHostConfig.getOpenSslConf().addCmd(new
OpenSSLConfCmd(OpenSSLConfCmd.GROUPS,
- sslHostConfig.getGroups().replace(',', ':')));
+ boolean foundGroupsConfig = false;
+ for (OpenSSLConfCmd command :
sslHostConfig.getOpenSslConf().getCommands()) {
+ if (OpenSSLConfCmd.GROUPS.equals(command.getName())) {
+ foundGroupsConfig = true;
+ }
+ }
+ if (!foundGroupsConfig) {
+ sslHostConfig.getOpenSslConf().addCmd(new
OpenSSLConfCmd(OpenSSLConfCmd.GROUPS,
+ sslHostConfig.getGroups().replace(',', ':')));
+ }
}
if (negotiableProtocols != null && !negotiableProtocols.isEmpty())
{
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
