This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new 476f3bfc50 Fix regression in user provided SSLContext support 476f3bfc50 is described below commit 476f3bfc50a4e8ee2c5bfce089f461aba5a6d87a Author: Mark Thomas <ma...@apache.org> AuthorDate: Mon Mar 18 20:23:53 2024 +0000 Fix regression in user provided SSLContext support This broke the TLSCertificateReloadListener --- java/org/apache/tomcat/util/net/AbstractEndpoint.java | 8 +++++++- webapps/docs/changelog.xml | 7 +++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java b/java/org/apache/tomcat/util/net/AbstractEndpoint.java index 12d70bf007..2c8a77ddd2 100644 --- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java +++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java @@ -409,8 +409,14 @@ public abstract class AbstractEndpoint<S,U> { } SSLContext sslContext = certificate.getSslContext(); + SSLContext sslContextGenerated = certificate.getSslContextGenerated(); // Generate the SSLContext from configuration unless (e.g. embedded) an SSLContext has been provided. - if (sslContext == null) { + // Need to handle both initial configuration and reload. + // Initial, SSLContext provided - sslContext will be non-null and sslContextGenerated will be null + // Initial, SSLContext not provided - sslContext null and sslContextGenerated will be null + // Reload, SSLContext provided - sslContext will be non-null and sslContextGenerated will be null + // Reload, SSLContext not provided - sslContext non-null and equal to sslContextGenerated + if (sslContext == null || sslContext == sslContextGenerated) { try { sslContext = sslUtil.createSSLContext(negotiableProtocols); } catch (Exception e) { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 07f1af22c5..1766e6ede2 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -153,6 +153,13 @@ configured with a <code>Max-Age</code> value of zero as RFC 6265 does not permit a value of zero in this case. (markt) </fix> + <fix> + Correct a regression in the support for user provided + <code>SSLContext</code> instances that broke the + <code>org.apache.catalina.security.TLSCertificateReloadListener</code>. + (markt) + </fix> + </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org