Re: [PR] Fix bz67675 [tomcat]
michael-o commented on PR #674: URL: https://github.com/apache/tomcat/pull/674#issuecomment-1775942678 Thanks for the hard work. I will try this tomorrow/Wednesday! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix bz67675 [tomcat]
michael-o commented on code in PR #674:
URL: https://github.com/apache/tomcat/pull/674#discussion_r1369211534
##
test/org/apache/tomcat/util/net/jsse/TestPEMFile.java:
##
@@ -118,4 +127,17 @@ private String getPath(String file) throws IOException {
return f.getCanonicalPath();
}
+
+
+@Test
+public void testListSecretKeyFactories() {
+for (Provider provider : Security.getProviders()) {
+System.out.println( provider );
+for (Provider.Service service : provider.getServices()) {
+if ("Cipher".equals( service.getType())) {
+System.out.println( service.getAlgorithm() );
Review Comment:
Are the spaces on purpose?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix bz67675 [tomcat]
michael-o commented on PR #674: URL: https://github.com/apache/tomcat/pull/674#issuecomment-1775933882 The more ASN.1 I see in Tomcat the more I think is that we should import Kerby ASN.1 at some point in time... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-9.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/37/builds/741 Blamelist: Mark Thomas , Michael Osipov , remm Build Text: build successful Status Detected: restored build Build Source Stamp: [branch 9.0.x] a28c36053622aabd9375d5a65ca88ba19fb522f1 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix bz67675 [tomcat]
michael-o commented on code in PR #674:
URL: https://github.com/apache/tomcat/pull/674#discussion_r1369136617
##
java/org/apache/tomcat/util/net/jsse/PEMFile.java:
##
@@ -64,8 +66,40 @@ public class PEMFile {
private static final byte[] OID_EC_PUBLIC_KEY =
new byte[] { 0x06, 0x07, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE,
0x3D, 0x02, 0x01 };
+// 1.2.840.113549.1.5.13
+private static final byte[] OID_PBES2 =
+new byte[] { 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7,
0x0D, 0x01, 0x05, 0x0D };
+// 1.2.840.113549.1.5.12
+private static final byte[] OID_PBKDF2 =
+new byte[] { 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7,
0x0D, 0x01, 0x05, 0x0C };
+
+private static final Map OID_TO_PRF = new HashMap<>();
+static {
+// 1.2.840.113549.2.7
+OID_TO_PRF.put("2a864886f70d0207", "HmacSHA1");
+// 1.2.840.113549.2.8
+OID_TO_PRF.put("2a864886f70d0208", "HmacSHA224");
+// 1.2.840.113549.2.9
+OID_TO_PRF.put("2a864886f70d0209", "HmacSHA256");
+// 1.2.840.113549.2.10
+OID_TO_PRF.put("2a864886f70d020a", "HmacSHA384");
+// 1.2.840.113549.2.11
+OID_TO_PRF.put("2a864886f70d020b", "HmacSHA512");
+// 1.2.840.113549.2.12
+OID_TO_PRF.put("2a864886f70d020c", "HmacSHA512/224");
+// 1.2.840.113549.2.13
+OID_TO_PRF.put("2a864886f70d020d", "HmacSHA512/256");
+}
-private static final String PBES2 = "PBES2";
+private static final Map OID_TO_ALGOITHM = new
HashMap<>();
Review Comment:
Typo
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Fix bz67675 [tomcat]
michael-o commented on PR #674: URL: https://github.com/apache/tomcat/pull/674#issuecomment-1775825928 There is also AES128 with OpenSSL anf should be tried as well. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67675] Tomcat and/or Java do not read encrypted private keys with DES-EDE3-CBC generated by openssl-req(1)
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675 --- Comment #16 from Mark Thomas --- See https://github.com/apache/tomcat/pull/674 That should support any cert the current code supports plus the OpenSSL defaults. It is possible there are other combinations that need to be supported. It should be easy to add those as required. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Non preview FFM (formerly known as Panama) API
On Mon, Oct 23, 2023 at 6:57 PM Mark Thomas wrote: > > On 20/10/2023 08:30, Rémy Maucherat wrote: > > > > > Assuming Mark accepts working with an alpha build of Java 22 to > > produce the releases of Tomcat 11, it is now possible to merge the > > OpenSSL code. > > I'm fine with that. Java 22 will be released before Tomcat 11 will be > able to go stable. > > > The idea is to build the two packages that need it using a 22 release > > target, while the rest would release target 21 as usual. Using some > > conditionals, it should be possible to allow casual building with 21, > > as it would be bad to drive away contributors who would understandably > > not be very interested in alpha Java 22 yet. I would also add the > > jextract scripts in res/jextract (using jextract at this time is going > > to remain harder however). > > Sounds reasonable to me. Awesome, thanks a lot ! :) I'll work on the build adjustments. I hope we don't regret doing the move sooner rather than later, but I haven't had any 22 issues so far building or running Tomcat. So we would have to be really unlucky. Rémy > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Non preview FFM (formerly known as Panama) API
On 20/10/2023 08:30, Rémy Maucherat wrote: Assuming Mark accepts working with an alpha build of Java 22 to produce the releases of Tomcat 11, it is now possible to merge the OpenSSL code. I'm fine with that. Java 22 will be released before Tomcat 11 will be able to go stable. The idea is to build the two packages that need it using a 22 release target, while the rest would release target 21 as usual. Using some conditionals, it should be possible to allow casual building with 21, as it would be bad to drive away contributors who would understandably not be very interested in alpha Java 22 yet. I would also add the jextract scripts in res/jextract (using jextract at this time is going to remain harder however). Sounds reasonable to me. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Infer KeyStore type when configuring a KeyStore directly
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 7af21f6b75 Infer KeyStore type when configuring a KeyStore directly
7af21f6b75 is described below
commit 7af21f6b75aa809c9e8e79f8f1fbffcb3b577d64
Author: Mark Thomas
AuthorDate: Mon Oct 23 17:41:34 2023 +0100
Infer KeyStore type when configuring a KeyStore directly
---
java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 3 +++
webapps/docs/changelog.xml| 10 ++
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index 0c0ebb7274..68a6d2d378 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -224,6 +224,9 @@ public class SSLHostConfigCertificate implements
Serializable {
public void setCertificateKeystore(KeyStore certificateKeystore) {
this.certificateKeystore = certificateKeystore;
+if (certificateKeystore != null) {
+setCertificateKeystoreType(certificateKeystore.getType());
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index cccd9de7b2..34724b54a9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,6 +126,16 @@
+
+
+
+When calling
+SSLHostConfigCertificate.setCertificateKeystore(ks),
+automatically call
+setCertificateKeystoreType(ks.getType()). (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Infer KeyStore type when configuring a KeyStore directly
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new a28c360536 Infer KeyStore type when configuring a KeyStore directly
a28c360536 is described below
commit a28c36053622aabd9375d5a65ca88ba19fb522f1
Author: Mark Thomas
AuthorDate: Mon Oct 23 17:41:34 2023 +0100
Infer KeyStore type when configuring a KeyStore directly
---
java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 3 +++
webapps/docs/changelog.xml| 10 ++
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index 0c0ebb7274..68a6d2d378 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -224,6 +224,9 @@ public class SSLHostConfigCertificate implements
Serializable {
public void setCertificateKeystore(KeyStore certificateKeystore) {
this.certificateKeystore = certificateKeystore;
+if (certificateKeystore != null) {
+setCertificateKeystoreType(certificateKeystore.getType());
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2a908b046a..3f46719f49 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,6 +126,16 @@
+
+
+
+When calling
+SSLHostConfigCertificate.setCertificateKeystore(ks),
+automatically call
+setCertificateKeystoreType(ks.getType()). (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Infer KeyStore type when configuring a KeyStore directly
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new cd4903db91 Infer KeyStore type when configuring a KeyStore directly
cd4903db91 is described below
commit cd4903db91714822b38d5017169599d4e15544aa
Author: Mark Thomas
AuthorDate: Mon Oct 23 17:41:34 2023 +0100
Infer KeyStore type when configuring a KeyStore directly
---
java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 3 +++
webapps/docs/changelog.xml| 10 ++
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index 0c0ebb7274..68a6d2d378 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -224,6 +224,9 @@ public class SSLHostConfigCertificate implements
Serializable {
public void setCertificateKeystore(KeyStore certificateKeystore) {
this.certificateKeystore = certificateKeystore;
+if (certificateKeystore != null) {
+setCertificateKeystoreType(certificateKeystore.getType());
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0e028ed263..5100bd9a16 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,6 +126,16 @@
+
+
+
+When calling
+SSLHostConfigCertificate.setCertificateKeystore(ks),
+automatically call
+setCertificateKeystoreType(ks.getType()). (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Infer KeyStore type when configuring a KeyStore directly
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 8096ce4a97 Infer KeyStore type when configuring a KeyStore directly
8096ce4a97 is described below
commit 8096ce4a97afb78541df2cb49336f67aeccc95b6
Author: Mark Thomas
AuthorDate: Mon Oct 23 17:41:34 2023 +0100
Infer KeyStore type when configuring a KeyStore directly
---
java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 3 +++
webapps/docs/changelog.xml| 10 ++
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index 0c0ebb7274..68a6d2d378 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -224,6 +224,9 @@ public class SSLHostConfigCertificate implements
Serializable {
public void setCertificateKeystore(KeyStore certificateKeystore) {
this.certificateKeystore = certificateKeystore;
+if (certificateKeystore != null) {
+setCertificateKeystoreType(certificateKeystore.getType());
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 85805e6cad..3b927d8e04 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,6 +131,16 @@
+
+
+
+When calling
+SSLHostConfigCertificate.setCertificateKeystore(ks),
+automatically call
+setCertificateKeystoreType(ks.getType()). (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Add more complex password picker
Thanks for catching up! - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add more complex password picker
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 683eee6cc5 Add more complex password picker
683eee6cc5 is described below
commit 683eee6cc58dcc2452102c2e5ec2edae43f53a6e
Author: remm
AuthorDate: Mon Oct 23 13:54:14 2023 +0200
Add more complex password picker
With FIXMEs since the API is not there yet.
---
.../util/net/openssl/panama/OpenSSLContext.java| 40 +-
.../net/openssl/panama/LocalStrings.properties | 1 +
2 files changed, 33 insertions(+), 8 deletions(-)
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 5932fb7a15..da8c8e1046 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -16,8 +16,10 @@
*/
package org.apache.tomcat.util.net.openssl.panama;
+import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
+import java.io.InputStreamReader;
import java.lang.foreign.Arena;
import java.lang.foreign.FunctionDescriptor;
import java.lang.foreign.Linker;
@@ -977,6 +979,29 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
int index = getCertificateIndex(certificate);
// Load Server key and certificate
if (certificate.getCertificateFile() != null) {
+// Pick right key password
+String keyPassToUse = null;
+String keyPass = certificate.getCertificateKeyPassword();
+if (keyPass == null) {
+keyPass = certificate.getCertificateKeystorePassword();
+}
+String keyPassFile = null;//FIXME Tomcat
9.0.83:certificate.getCertificateKeyPasswordFile();
+if (keyPassFile == null) {
+keyPassFile = null;//FIXME Tomcat
9.0.83:certificate.getCertificateKeystorePasswordFile();
+}
+if (keyPassFile != null) {
+try (BufferedReader reader =
+new BufferedReader(new InputStreamReader(
+
ConfigFileLoader.getSource().getResource(keyPassFile).getInputStream(),
+StandardCharsets.UTF_8))) {
+keyPassToUse = reader.readLine();
+} catch (IOException e) {
+log.error(sm.getString("openssl.errorLoadingPassword",
keyPassFile), e);
+return false;
+}
+} else {
+keyPassToUse = keyPass;
+}
// Set certificate
//SSLContext.setCertificate(state.ctx,
//
SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()),
@@ -1007,9 +1032,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
MemorySegment passwordAddress = MemorySegment.NULL;
int passwordLength = 0;
-String callbackPassword =
certificate.getCertificateKeyPassword();
-if (callbackPassword != null && callbackPassword.length()
> 0) {
-passwordAddress =
localArena.allocateFrom(callbackPassword);
+if (keyPassToUse != null && keyPassToUse.length() > 0) {
+passwordAddress =
localArena.allocateFrom(keyPassToUse);
passwordLength = (int) (passwordAddress.byteSize() -
1);
}
if (PKCS12_verify_mac(p12, passwordAddress,
passwordLength) <= 0) {
@@ -1049,7 +1073,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
key = MemorySegment.NULL;
for (int i = 0; i < 3; i++) {
try {
-
callbackPasswordTheadLocal.set(certificate.getCertificateKeyPassword());
+callbackPasswordTheadLocal.set(keyPassToUse);
key = PEM_read_bio_PrivateKey(keyBIO,
MemorySegment.NULL, openSSLCallbackPassword, MemorySegment.NULL);
} finally {
callbackPasswordTheadLocal.set(null);
@@ -1076,7 +1100,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
// Load certificate
try {
-
callbackPasswordTheadLocal.set(certificate.getCertificateKeyPassword());
+
[Bug 64826] libtcnative prompts for private key password in some situations
https://bz.apache.org/bugzilla/show_bug.cgi?id=64826 --- Comment #1 from Michael Osipov --- Last point has been addressed with Bug 66670. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile [tomcat]
michael-o commented on PR #672: URL: https://github.com/apache/tomcat/pull/672#issuecomment-1774954495 Merged into all branches. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile [tomcat]
michael-o closed pull request #672: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile URL: https://github.com/apache/tomcat/pull/672 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66670] Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
https://bz.apache.org/bugzilla/show_bug.cgi?id=66670 Michael Osipov changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #16 from Michael Osipov --- Fixed in: - main for 11.0.0-M14 and onwards - 10.1.x for 10.1.16 and onwards - 9.0.x for 9.0.83 and onwards - 8.5.x for 8.5.96 and onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 8768cb1607 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and
SSLHostConfig#certificateKeystorePasswordFile
8768cb1607 is described below
commit 8768cb160766487e43f861de9ded9d527fd9d334
Author: Michael Osipov
AuthorDate: Wed Sep 27 11:23:19 2023 +0200
BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and
SSLHostConfig#certificateKeystorePasswordFile
---
.../coyote/http11/AbstractHttp11Protocol.java | 34
java/org/apache/tomcat/util/net/SSLHostConfig.java | 34 +++-
.../tomcat/util/net/SSLHostConfigCertificate.java | 27 -
java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 --
.../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++-
test/org/apache/tomcat/util/net/TestSsl.java | 22 +-
test/org/apache/tomcat/util/net/TesterSupport.java | 12 +-
.../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++---
test/org/apache/tomcat/util/net/jsse/key-password | 1 +
test/org/apache/tomcat/util/net/key-password | 1 +
test/org/apache/tomcat/util/net/keystore-password | 1 +
webapps/docs/changelog.xml | 4 ++
webapps/docs/config/http.xml | 20 -
14 files changed, 267 insertions(+), 23 deletions(-)
diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
index 8e4f3efe98..18005783e2 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -1013,6 +1013,17 @@ public abstract class AbstractHttp11Protocol extends
AbstractProtocol {
}
+public String getKeystorePassFile() {
+registerDefaultSSLHostConfig();
+return defaultSSLHostConfig.getCertificateKeystorePasswordFile();
+}
+
+public void setKeystorePassFile(String certificateKeystorePasswordFile) {
+registerDefaultSSLHostConfig();
+
defaultSSLHostConfig.setCertificateKeystorePasswordFile(certificateKeystorePasswordFile);
+}
+
+
public String getKeyPass() {
registerDefaultSSLHostConfig();
return defaultSSLHostConfig.getCertificateKeyPassword();
@@ -1023,6 +1034,18 @@ public abstract class AbstractHttp11Protocol extends
AbstractProtocol {
defaultSSLHostConfig.setCertificateKeyPassword(certificateKeyPassword);
}
+
+public String getKeyPassFile() {
+registerDefaultSSLHostConfig();
+return defaultSSLHostConfig.getCertificateKeyPasswordFile();
+}
+
+public void setKeyPassFile(String certificateKeyPasswordFile) {
+registerDefaultSSLHostConfig();
+
defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile);
+}
+
+
public String getSSLPassword() {
registerDefaultSSLHostConfig();
return defaultSSLHostConfig.getCertificateKeyPassword();
@@ -1034,6 +1057,17 @@ public abstract class AbstractHttp11Protocol extends
AbstractProtocol {
}
+public String getSSLPasswordFile() {
+registerDefaultSSLHostConfig();
+return defaultSSLHostConfig.getCertificateKeyPasswordFile();
+}
+
+public void setSSLPasswordFile(String certificateKeyPasswordFile) {
+registerDefaultSSLHostConfig();
+
defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile);
+}
+
+
public String getCrlFile() {
registerDefaultSSLHostConfig();
return defaultSSLHostConfig.getCertificateRevocationListFile();
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 7563015373..c9b921026e 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -306,12 +306,29 @@ public class SSLHostConfig implements Serializable {
return defaultCertificate.getCertificateKeyPassword();
}
}
+
+
public void setCertificateKeyPassword(String certificateKeyPassword) {
registerDefaultCertificate();
defaultCertificate.setCertificateKeyPassword(certificateKeyPassword);
}
+public String getCertificateKeyPasswordFile() {
+if (defaultCertificate == null) {
+return null;
+} else {
+return defaultCertificate.getCertificateKeyPasswordFile();
+}
+}
+
+
+public void setCertificateKeyPasswordFile(String
certificateKeyPasswordFile) {
+registerDefaultCertificate();
+
defaultCertificate.setCertificateKeyPasswordFile(certificateKeyPasswordFile);
+
[tomcat] branch 9.0.x updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 3d8db8cd57 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and
SSLHostConfig#certificateKeystorePasswordFile
3d8db8cd57 is described below
commit 3d8db8cd57b1e89be75b004b7401eb9581f531a2
Author: Michael Osipov
AuthorDate: Wed Sep 27 11:23:19 2023 +0200
BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and
SSLHostConfig#certificateKeystorePasswordFile
---
.../coyote/http11/AbstractHttp11Protocol.java | 34
java/org/apache/tomcat/util/net/SSLHostConfig.java | 34 +++-
.../tomcat/util/net/SSLHostConfigCertificate.java | 27 -
java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 --
.../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++-
test/org/apache/tomcat/util/net/TestSsl.java | 22 +-
test/org/apache/tomcat/util/net/TesterSupport.java | 12 +-
.../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++---
test/org/apache/tomcat/util/net/jsse/key-password | 1 +
test/org/apache/tomcat/util/net/key-password | 1 +
test/org/apache/tomcat/util/net/keystore-password | 1 +
webapps/docs/changelog.xml | 4 ++
webapps/docs/config/http.xml | 20 -
14 files changed, 267 insertions(+), 23 deletions(-)
diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
index cc6988d308..9f12ae8ec4 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -1009,6 +1009,17 @@ public abstract class AbstractHttp11Protocol extends
AbstractProtocol {
}
+public String getKeystorePassFile() {
+registerDefaultSSLHostConfig();
+return defaultSSLHostConfig.getCertificateKeystorePasswordFile();
+}
+
+public void setKeystorePassFile(String certificateKeystorePasswordFile) {
+registerDefaultSSLHostConfig();
+
defaultSSLHostConfig.setCertificateKeystorePasswordFile(certificateKeystorePasswordFile);
+}
+
+
public String getKeyPass() {
registerDefaultSSLHostConfig();
return defaultSSLHostConfig.getCertificateKeyPassword();
@@ -1019,6 +1030,18 @@ public abstract class AbstractHttp11Protocol extends
AbstractProtocol {
defaultSSLHostConfig.setCertificateKeyPassword(certificateKeyPassword);
}
+
+public String getKeyPassFile() {
+registerDefaultSSLHostConfig();
+return defaultSSLHostConfig.getCertificateKeyPasswordFile();
+}
+
+public void setKeyPassFile(String certificateKeyPasswordFile) {
+registerDefaultSSLHostConfig();
+
defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile);
+}
+
+
public String getSSLPassword() {
registerDefaultSSLHostConfig();
return defaultSSLHostConfig.getCertificateKeyPassword();
@@ -1030,6 +1053,17 @@ public abstract class AbstractHttp11Protocol extends
AbstractProtocol {
}
+public String getSSLPasswordFile() {
+registerDefaultSSLHostConfig();
+return defaultSSLHostConfig.getCertificateKeyPasswordFile();
+}
+
+public void setSSLPasswordFile(String certificateKeyPasswordFile) {
+registerDefaultSSLHostConfig();
+
defaultSSLHostConfig.setCertificateKeyPasswordFile(certificateKeyPasswordFile);
+}
+
+
public String getCrlFile() {
registerDefaultSSLHostConfig();
return defaultSSLHostConfig.getCertificateRevocationListFile();
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index b2d944ee9b..af320dfbb6 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -305,12 +305,29 @@ public class SSLHostConfig implements Serializable {
return defaultCertificate.getCertificateKeyPassword();
}
}
+
+
public void setCertificateKeyPassword(String certificateKeyPassword) {
registerDefaultCertificate();
defaultCertificate.setCertificateKeyPassword(certificateKeyPassword);
}
+public String getCertificateKeyPasswordFile() {
+if (defaultCertificate == null) {
+return null;
+} else {
+return defaultCertificate.getCertificateKeyPasswordFile();
+}
+}
+
+
+public void setCertificateKeyPasswordFile(String
certificateKeyPasswordFile) {
+registerDefaultCertificate();
+
defaultCertificate.setCertificateKeyPasswordFile(certificateKeyPasswordFile);
+
[tomcat] branch 10.1.x updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 62bbe46266 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and
SSLHostConfig#certificateKeystorePasswordFile
62bbe46266 is described below
commit 62bbe462666b34eda971d1256cc1e830b500bdc1
Author: Michael Osipov
AuthorDate: Wed Sep 27 11:23:19 2023 +0200
BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and
SSLHostConfig#certificateKeystorePasswordFile
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 4 +-
.../tomcat/util/net/SSLHostConfigCertificate.java | 27 -
java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 --
.../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++-
test/org/apache/tomcat/util/net/TestSsl.java | 22 +-
test/org/apache/tomcat/util/net/TesterSupport.java | 12 +-
.../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++---
test/org/apache/tomcat/util/net/jsse/key-password | 1 +
test/org/apache/tomcat/util/net/key-password | 1 +
test/org/apache/tomcat/util/net/keystore-password | 1 +
webapps/docs/changelog.xml | 4 ++
webapps/docs/config/http.xml | 20 -
13 files changed, 203 insertions(+), 23 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 003c9b8b27..a447c7fec0 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -659,7 +659,7 @@ public class SSLHostConfig implements Serializable {
if (truststoreFile != null){
try {
result = SSLUtilBase.getStore(getTruststoreType(),
getTruststoreProvider(),
-getTruststoreFile(), getTruststorePassword());
+getTruststoreFile(), getTruststorePassword(),
null);
} catch (IOException ioe) {
Throwable cause = ioe.getCause();
if (cause instanceof UnrecoverableKeyException) {
@@ -668,7 +668,7 @@ public class SSLHostConfig implements Serializable {
cause);
// Re-try
result = SSLUtilBase.getStore(getTruststoreType(),
getTruststoreProvider(),
-getTruststoreFile(), null);
+getTruststoreFile(), null, null);
} else {
// Something else went wrong - re-throw
throw ioe;
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index ff635bf588..0c0ebb7274 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -59,10 +59,12 @@ public class SSLHostConfigCertificate implements
Serializable {
private final SSLHostConfig sslHostConfig;
private final Type type;
private String certificateKeyPassword = null;
+private String certificateKeyPasswordFile = null;
// JSSE
private String certificateKeyAlias;
private String certificateKeystorePassword = DEFAULT_KEYSTORE_PASSWORD;
+private String certificateKeystorePasswordFile = null;
private String certificateKeystoreFile = DEFAULT_KEYSTORE_FILE;
private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER;
private String certificateKeystoreType = DEFAULT_KEYSTORE_TYPE;
@@ -131,6 +133,16 @@ public class SSLHostConfigCertificate implements
Serializable {
}
+public String getCertificateKeyPasswordFile() {
+return certificateKeyPasswordFile;
+}
+
+
+public void setCertificateKeyPasswordFile(String
certificateKeyPasswordFile) {
+this.certificateKeyPasswordFile = certificateKeyPasswordFile;
+}
+
+
// JSSE
public void setCertificateKeyAlias(String certificateKeyAlias) {
@@ -171,6 +183,19 @@ public class SSLHostConfigCertificate implements
Serializable {
}
+public void setCertificateKeystorePasswordFile(String
certificateKeystorePasswordFile) {
+sslHostConfig.setProperty(
+"Certificate.certificateKeystorePasswordFile",
SSLHostConfig.Type.JSSE);
+setStoreType("Certificate.certificateKeystorePasswordFile",
StoreType.KEYSTORE);
+this.certificateKeystorePasswordFile = certificateKeystorePasswordFile;
+}
+
+
+public String getCertificateKeystorePasswordFile() {
+return certificateKeystorePasswordFile;
+}
+
+
public void
[tomcat] branch main updated: BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b1d20cc6b0 BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and
SSLHostConfig#certificateKeystorePasswordFile
b1d20cc6b0 is described below
commit b1d20cc6b04d64f35b3b5e47d68e02c93437867b
Author: Michael Osipov
AuthorDate: Wed Sep 27 11:23:19 2023 +0200
BZ 66670: Add SSLHostConfig#certificateKeyPasswordFile and
SSLHostConfig#certificateKeystorePasswordFile
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 4 +-
.../tomcat/util/net/SSLHostConfigCertificate.java | 27 -
java/org/apache/tomcat/util/net/SSLUtilBase.java | 47 ++
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 31 --
.../tomcat/util/net/openssl/OpenSSLContext.java| 17 +++-
test/org/apache/tomcat/util/net/TestSsl.java | 22 +-
test/org/apache/tomcat/util/net/TesterSupport.java | 12 +-
.../apache/tomcat/util/net/jsse/TestPEMFile.java | 39 +++---
test/org/apache/tomcat/util/net/jsse/key-password | 1 +
test/org/apache/tomcat/util/net/key-password | 1 +
test/org/apache/tomcat/util/net/keystore-password | 1 +
webapps/docs/changelog.xml | 4 ++
webapps/docs/config/http.xml | 20 -
13 files changed, 203 insertions(+), 23 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 003c9b8b27..a447c7fec0 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -659,7 +659,7 @@ public class SSLHostConfig implements Serializable {
if (truststoreFile != null){
try {
result = SSLUtilBase.getStore(getTruststoreType(),
getTruststoreProvider(),
-getTruststoreFile(), getTruststorePassword());
+getTruststoreFile(), getTruststorePassword(),
null);
} catch (IOException ioe) {
Throwable cause = ioe.getCause();
if (cause instanceof UnrecoverableKeyException) {
@@ -668,7 +668,7 @@ public class SSLHostConfig implements Serializable {
cause);
// Re-try
result = SSLUtilBase.getStore(getTruststoreType(),
getTruststoreProvider(),
-getTruststoreFile(), null);
+getTruststoreFile(), null, null);
} else {
// Something else went wrong - re-throw
throw ioe;
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index ff635bf588..0c0ebb7274 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -59,10 +59,12 @@ public class SSLHostConfigCertificate implements
Serializable {
private final SSLHostConfig sslHostConfig;
private final Type type;
private String certificateKeyPassword = null;
+private String certificateKeyPasswordFile = null;
// JSSE
private String certificateKeyAlias;
private String certificateKeystorePassword = DEFAULT_KEYSTORE_PASSWORD;
+private String certificateKeystorePasswordFile = null;
private String certificateKeystoreFile = DEFAULT_KEYSTORE_FILE;
private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER;
private String certificateKeystoreType = DEFAULT_KEYSTORE_TYPE;
@@ -131,6 +133,16 @@ public class SSLHostConfigCertificate implements
Serializable {
}
+public String getCertificateKeyPasswordFile() {
+return certificateKeyPasswordFile;
+}
+
+
+public void setCertificateKeyPasswordFile(String
certificateKeyPasswordFile) {
+this.certificateKeyPasswordFile = certificateKeyPasswordFile;
+}
+
+
// JSSE
public void setCertificateKeyAlias(String certificateKeyAlias) {
@@ -171,6 +183,19 @@ public class SSLHostConfigCertificate implements
Serializable {
}
+public void setCertificateKeystorePasswordFile(String
certificateKeystorePasswordFile) {
+sslHostConfig.setProperty(
+"Certificate.certificateKeystorePasswordFile",
SSLHostConfig.Type.JSSE);
+setStoreType("Certificate.certificateKeystorePasswordFile",
StoreType.KEYSTORE);
+this.certificateKeystorePasswordFile = certificateKeystorePasswordFile;
+}
+
+
+public String getCertificateKeystorePasswordFile() {
+return certificateKeystorePasswordFile;
+}
+
+
public void
[tomcat] branch main updated: Improve error propagation for various init errors
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 1cefadc447 Improve error propagation for various init errors
1cefadc447 is described below
commit 1cefadc447657ead50b09b88ec8f566622a00f5e
Author: remm
AuthorDate: Mon Oct 23 11:10:31 2023 +0200
Improve error propagation for various init errors
---
.../util/net/openssl/panama/OpenSSLContext.java| 146 +++--
1 file changed, 74 insertions(+), 72 deletions(-)
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 9e224bafba..5932fb7a15 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -31,7 +31,6 @@ import java.lang.invoke.MethodType;
import java.lang.ref.Cleaner;
import java.lang.ref.Cleaner.Cleanable;
import java.nio.charset.StandardCharsets;
-import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
@@ -530,6 +529,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
log.warn(sm.getString("openssl.doubleInit"));
return;
}
+boolean success = true;
try (var localArena = Arena.ofConfined()) {
if (sslHostConfig.getInsecureRenegotiation()) {
SSL_CTX_set_options(state.sslCtx,
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION());
@@ -577,7 +577,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
certificate.setCertificateKeyManager(OpenSSLUtil.chooseKeyManager(kms));
}
-addCertificate(certificate, localArena);
+success = addCertificate(certificate, localArena);
// SSLContext.setVerify(state.ctx, value,
sslHostConfig.getCertificateVerificationDepth());
// Client certificate verification
@@ -688,10 +688,9 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
try {
if (!checkConf(openSslConf)) {
log.error(sm.getString("openssl.errCheckConf"));
-throw new
Exception(sm.getString("openssl.errCheckConf"));
}
} catch (Exception e) {
-throw new Exception(sm.getString("openssl.errCheckConf"),
e);
+log.error(sm.getString("openssl.errCheckConf"), e);
}
if (log.isDebugEnabled()) {
log.debug(sm.getString("openssl.applyConf"));
@@ -699,10 +698,9 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
try {
if (!applyConf(openSslConf)) {
log.error(sm.getString("openssl.errApplyConf"));
-throw new
SSLException(sm.getString("openssl.errApplyConf"));
}
} catch (Exception e) {
-throw new
SSLException(sm.getString("openssl.errApplyConf"), e);
+log.error(sm.getString("openssl.errApplyConf"), e);
}
// Reconfigure the enabled protocols
long opts = SSL_CTX_get_options(state.sslCtx);
@@ -743,6 +741,9 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
initialized = true;
} catch (Exception e) {
log.warn(sm.getString("openssl.errorSSLCtxInit"), e);
+success = false;
+}
+if (!success) {
destroy();
}
}
@@ -972,7 +973,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
-private void addCertificate(SSLHostConfigCertificate certificate, Arena
localArena) throws Exception {
+private boolean addCertificate(SSLHostConfigCertificate certificate, Arena
localArena) throws Exception {
int index = getCertificateIndex(certificate);
// Load Server key and certificate
if (certificate.getCertificateFile() != null) {
@@ -986,14 +987,14 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
certificateFileBytes =
resource.getInputStream().readAllBytes();
} catch (IOException e) {
log.error(sm.getString("openssl.errorLoadingCertificate",
certificate.getCertificateFile()), e);
-return;
+return false;
}
[tomcat] branch main updated: Remove deprecation to align with latest JSP 4.0 API
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a171d4529f Remove deprecation to align with latest JSP 4.0 API
a171d4529f is described below
commit a171d4529f848797cf33d8b2ba5ea9ba440b1502
Author: Mark Thomas
AuthorDate: Mon Oct 23 09:35:30 2023 +0100
Remove deprecation to align with latest JSP 4.0 API
---
java/jakarta/servlet/jsp/ErrorData.java | 3 ---
1 file changed, 3 deletions(-)
diff --git a/java/jakarta/servlet/jsp/ErrorData.java
b/java/jakarta/servlet/jsp/ErrorData.java
index a1d445b059..5424f65d6d 100644
--- a/java/jakarta/servlet/jsp/ErrorData.java
+++ b/java/jakarta/servlet/jsp/ErrorData.java
@@ -40,10 +40,7 @@ public final class ErrorData {
* @param statusCode The status code of the error
* @param uri The request URI
* @param servletName The name of the servlet invoked
- *
- * @deprecated Use {#link {@link ErrorData#ErrorData(Throwable, int,
String, String, String)}
*/
-@Deprecated(since = "4.0", forRemoval = true)
public ErrorData(Throwable throwable, int statusCode, String uri, String
servletName) {
this(throwable, statusCode, uri, servletName, null);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
