(tomcat) branch 8.5.x updated: Fix regression in user provided SSLContext support

Mon, 18 Mar 2024 13:34:36 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new a11bac054f Fix regression in user provided SSLContext support
a11bac054f is described below

commit a11bac054f4704a60c09c0ac439b1e9ef9401e2b
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Mar 18 20:23:53 2024 +0000

    Fix regression in user provided SSLContext support
    
    This broke the TLSCertificateReloadListener
---
 java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java | 8 +++++++-
 webapps/docs/changelog.xml                                | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index 39179814d6..88ac4e087b 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -102,8 +102,14 @@ public abstract class AbstractJsseEndpoint<S,U> extends 
AbstractEndpoint<S,U> {
             }
 
             SSLContext sslContext = certificate.getSslContext();
+            SSLContext sslContextGenerated = 
certificate.getSslContextGenerated();
             // Generate the SSLContext from configuration unless (e.g. 
embedded) an SSLContext has been provided.
-            if (sslContext == null) {
+            // Need to handle both initial configuration and reload.
+            // Initial, SSLContext provided     - sslContext will be non-null 
and sslContextGenerated will be null
+            // Initial, SSLContext not provided - sslContext null and 
sslContextGenerated will be null
+            // Reload,  SSLContext provided     - sslContext will be non-null 
and sslContextGenerated will be null
+            // Reload,  SSLContext not provided - sslContext non-null and 
equal to sslContextGenerated
+            if (sslContext == null || sslContext == sslContextGenerated) {
                 try {
                     sslContext = sslUtil.createSSLContext(negotiableProtocols);
                 } catch (Exception e) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b9c69bc6a4..5ce2ccc8f2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -155,6 +155,12 @@
         added to the backlog immediately rather than waiting until the write
         attempt for the remaining content. (markt)
       </fix>
+      <fix>
+        Correct a regression in the support for user provided
+        <code>SSLContext</code> instances that broke the
+        <code>org.apache.catalina.security.TLSCertificateReloadListener</code>.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to