svn commit: r1806445 - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/JSSEUtil.java webapps/docs/changelog.xml

Mon, 28 Aug 2017 05:38:34 -0700 

Author: remm
Date: Mon Aug 28 12:38:24 2017
New Revision: 1806445

URL: http://svn.apache.org/viewvc?rev=1806445&view=rev
Log:
61450: Improve again default key alias code.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1806445&r1=1806444&r2=1806445&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Mon Aug 28 
12:38:24 2017
@@ -220,7 +220,15 @@ public class JSSEUtil extends SSLUtilBas
                 if (!aliases.hasMoreElements()) {
                     throw new IOException(sm.getString("jsse.noKeys"));
                 }
-                keyAlias = aliases.nextElement();
+                while (aliases.hasMoreElements() && keyAlias == null) {
+                    keyAlias = aliases.nextElement();
+                    if (!ks.isKeyEntry(keyAlias)) {
+                        keyAlias = null;
+                    }
+                }
+                if (keyAlias == null) {
+                    throw new 
IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
+                }
             }
 
             inMemoryKeyStore.setKeyEntry(keyAlias, ks.getKey(keyAlias, 
keyPassArray), keyPassArray,

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1806445&r1=1806444&r2=1806445&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 28 12:38:24 2017
@@ -52,6 +52,7 @@
         implementation, do not configure each SSL connection object via
         the OpenSSLEngine. For OpenSSL the SSL object inherits its
         settings from the SSL_CTX which we have already configured.
+        (rjung)
       </fix>
       <fix>
         Before generating an error page in the <code>ErrorReportValve</code>,
@@ -80,6 +81,7 @@
         underneath <code>SSLHostConfig</code>. The new element contains
         a list of <code>OpenSSLConfCmd</code> elements, each with
         the attributes <code>name</code> and <code>value</code>.
+        (rjung)
       </add>
       <fix>
         When using JSSE TLS configuration with the OpenSSL implementation and
@@ -137,6 +139,9 @@
         warnings when the SSL implementation changes during initialisation.
         (markt)
       </fix>
+      <fix>
+        <bug>61450</bug>: Fix default key alias algorithm. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Tribes">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to