svn commit: r1715365 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/openssl/ webapps/docs/

remm Fri, 20 Nov 2015 06:07:27 -0800

Author: remm
Date: Fri Nov 20 14:07:10 2015
New Revision: 1715365

URL: http://svn.apache.org/viewvc?rev=1715365&view=rev
Log:
58621: Add back the certificate chain attribute. Testing with the test keys, 
the chain includes the main cert as the first one, so in that case the "strip 
first" argument should be true.


Modified:
    tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
    tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1715365&r1=1715364&r2=1715365&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Fri 
Nov 20 14:07:10 2015
@@ -434,6 +434,10 @@ public abstract class AbstractHttp11Prot
         registerDefaultSSLHostConfig();
         defaultSSLHostConfig.setCertificateKeystoreFile(keystoreFile);
     }
+    public void setSSLCertificateChainFile(String certificateChainFile) {
+        registerDefaultSSLHostConfig();
+        defaultSSLHostConfig.setCertificateChainFile(certificateChainFile);
+    }
     public void setSSLCertificateFile(String certificateFile) {
         registerDefaultSSLHostConfig();
         defaultSSLHostConfig.setCertificateFile(certificateFile);

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1715365&r1=1715364&r2=1715365&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri Nov 20 
14:07:10 2015
@@ -488,6 +488,9 @@ public class AprEndpoint extends Abstrac
                             
SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()),
                             
SSLHostConfig.adjustRelativePath(certificate.getCertificateKeyFile()),
                             certificate.getCertificateKeyPassword(), idx++);
+                    // Set certificate chain file
+                    SSLContext.setCertificateChainFile(ctx,
+                            
SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()), false);
                 }
                 // Support Client Certificates
                 SSLContext.setCACertificate(ctx,

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1715365&r1=1715364&r2=1715365&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Fri Nov 20 
14:07:10 2015
@@ -525,6 +525,12 @@ public class SSLHostConfig {
     // TODO: These certificate setters can be removed once it is no longer
     // necessary to support the old configuration attributes (Tomcat 10?).
 
+    public void setCertificateChainFile(String certificateChainFile) {
+        registerDefaultCertificate();
+        defaultCertificate.setCertificateChainFile(certificateChainFile);
+    }
+
+
     public void setCertificateFile(String certificateFile) {
         registerDefaultCertificate();
         defaultCertificate.setCertificateFile(certificateFile);

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java?rev=1715365&r1=1715364&r2=1715365&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java 
Fri Nov 20 14:07:10 2015
@@ -50,6 +50,7 @@ public class SSLHostConfigCertificate {
     private String certificateKeystoreType = DEFAULT_KEYSTORE_TYPE;
 
     // OpenSSL
+    private String certificateChainFile;
     private String certificateFile;
     private String certificateKeyFile;
 
@@ -155,6 +156,18 @@ public class SSLHostConfigCertificate {
 
     // OpenSSL
 
+    public void setCertificateChainFile(String certificateChainFile) {
+        sslHostConfig.setProperty(
+                "Certificate.certificateChainFile", 
SSLHostConfig.Type.OPENSSL);
+        this.certificateChainFile = certificateChainFile;
+    }
+
+
+    public String getCertificateChainFile() {
+        return certificateChainFile;
+    }
+
+
     public void setCertificateFile(String certificateFile) {
         sslHostConfig.setProperty(
                 "Certificate.certificateFile", SSLHostConfig.Type.OPENSSL);

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1715365&r1=1715364&r2=1715365&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
Fri Nov 20 14:07:10 2015
@@ -332,8 +332,11 @@ public class OpenSSLContext implements o
                         
SSLHostConfig.adjustRelativePath(certificate.getCertificateKeyFile()),
                         certificate.getCertificateKeyPassword(), 
SSL.SSL_AIDX_RSA);
 
-                // Support Client Certificates
+                // Set certificate chain file
+                SSLContext.setCertificateChainFile(ctx,
+                        
SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()), false);
 
+                // Support Client Certificates
                 SSLContext.setCACertificate(ctx,
                         
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
                         
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1715365&r1=1715364&r2=1715365&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Nov 20 14:07:10 2015
@@ -64,6 +64,14 @@
       </add>
     </changelog>
   </subsection>
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        <bug>58621</bug>: The certificate chain cannot be set using the main
+        certificate attribute, so restore the certificate chain property. 
(remm)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 9.0.0.M1" rtext="2015-11-17">
   <subsection name="General">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1715365 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/openssl/ webapps/docs/

Reply via email to