(tomcat) branch 10.1.x updated: Minor optimisation and ignore all Tomcat internal OCSP settings on store

Wed, 27 May 2026 03:44:23 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new cd25eb72a7 Minor optimisation and ignore all Tomcat internal OCSP 
settings on store
cd25eb72a7 is described below

commit cd25eb72a79a364f02d9b3586f1c59aedd9f7020
Author: Mark Thomas <[email protected]>
AuthorDate: Wed May 27 11:43:11 2026 +0100

    Minor optimisation and ignore all Tomcat internal OCSP settings on store
---
 java/org/apache/catalina/storeconfig/OpenSSLConfSF.java     | 3 ++-
 java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java 
b/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java
index 5469dcf694..d180e19c8e 100644
--- a/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java
+++ b/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java
@@ -33,7 +33,8 @@ public class OpenSSLConfSF extends StoreFactoryBase {
     public OpenSSLConfSF() {
     }
 
-    private static final Set<String> INTERNAL_COMMANDS = 
Set.of(OpenSSLConfCmd.NO_OCSP_CHECK);
+    private static final Set<String> INTERNAL_COMMANDS = 
Set.of(OpenSSLConfCmd.NO_OCSP_CHECK,
+            OpenSSLConfCmd.OCSP_SOFT_FAIL, OpenSSLConfCmd.OCSP_TIMEOUT, 
OpenSSLConfCmd.OCSP_VERIFY_FLAGS);
 
     /**
      * Store nested OpenSSLConfCmd elements.
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index ceb92147bb..fd236f68b4 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -420,6 +420,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                 for (OpenSSLConfCmd command : 
sslHostConfig.getOpenSslConf().getCommands()) {
                     if 
(OpenSSLConfCmd.NO_OCSP_CHECK.equals(command.getName())) {
                         foundOcspConfig = true;
+                        break;
                     }
                 }
                 if (!foundOcspConfig) {
@@ -439,6 +440,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                 for (OpenSSLConfCmd command : 
sslHostConfig.getOpenSslConf().getCommands()) {
                     if (OpenSSLConfCmd.GROUPS.equals(command.getName())) {
                         foundGroupsConfig = true;
+                        break;
                     }
                 }
                 if (!foundGroupsConfig) {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to