-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 6/23/16 7:58 AM, Mark Thomas wrote: > On a related topic, I wonder how tolerant > CertificateFactory.generateCertificate() is since that will have > an impact on exactly how smart the SSLValve needs to be. Tested with Oracle Java 1.8.0_121: * Normal PEM-encoded cert is parsed just fine by CertificateFactory * Replacing all newlines with a single space causes an error ("Incomplete data") * Replacing all newlines after the first newline (after --- BEGIN ... - ---) works as desired * Removing all whitespace after the initial newline works as desired So a certificate that looks like this: - -----BEGIN CERTIFICATE----- MIICERTDATACERTDATACERTDATACERTDATACERTDATACERTDATACERTDATACERTDATACERTD ATACERTDATA......-----END CERTIFICATE----- Is good enough for CertificateFactory (in its current form). We may be able to get away with just a single whitespace -> newline character conversion, instead of completely restoring the 64-character-wrapped PEM-encoded certificate. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZLED8AAoJEBzwKT+lPKRY+ikP/18GRhuOz2XvQaWCDIKPncqo 0TEoDQBccKB+tiVF89kqaFakjIz832NzjwkeALxK76Sr6ybBwiW1+alky2uUlRa6 /YFZJK4rBlBlJqjXlBxs7M1kLErlzWpWrQA/PKCGylh1Eh8xcMWelGmtPyWUGWre 20ATMEKaeTpMNMv863MiYoDPfqMbTsMdpGjBUP6135M1cm1wW/IBYyJMPf94ep4v jUNE7x0Ryv7iCaNFFoqxOTdsBh+b03+DHRw5/ltXMBKJY487ITSjeBAPwXj5wbJg IvgzLm0Mu3DGEXBdV0loGi+ALso0ctbp2UuHNvw/j5P5qMjHvRvWpLpke91nCjLr 8mpQc49P1tC1zYPDEHeCXkRJKq78y0aJWwH41UmhlniEnbtcIDEEziBSpkeQM3H1 XrqTm3uthjTJgd8Hhcc5nFUMTdruDeeMmNNsyWp7lElGShf52DSZrGSsn9TNEOz0 eAc+4FuBdwDV+gFTcwMlqwL0XzoXuyQBZ13MDldS/zc7wGuXpFjjD9QJKdhdtHlo CAgHayA13MEPSV9MuCBcfP8psOVaGQsnpIKOTHAinIyPYRgLUbibWW8NvQma2rHu QcqCBGDDJspAp2YSP1+LF5lJAU5sC7ZZRqRO6JxDfcMqeEHEDijIwYnWrHa4K88P ITjHyG0qEBQxkstpYSdb =vEY+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org