This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push: new f7fd048 Correct regression in refactoring that broke TLS with a single cert f7fd048 is described below commit f7fd048f2d130c4db3d86058df73124a9443362e Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Feb 28 10:23:37 2019 +0000 Correct regression in refactoring that broke TLS with a single cert When a single certificate is used the type is likely to be undefined. That caused the lookup of the storage slot to return an incorrect value. In this case just use the RSA slot as it is only convention that maps a given slot to a specific type. Tomcat Native and OpenSSL don't actually care. --- java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java index 7f13859..fd8fc5c 100644 --- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java +++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java @@ -416,7 +416,9 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { private static int getCertificateIndex(SSLHostConfigCertificate certificate) { int result; - if (certificate.getType() == Type.RSA) { + // If the type is undefined there will only be one certificate (enforced + // in SSLHostConfig) so use the RSA slot. + if (certificate.getType() == Type.RSA || certificate.getType() == Type.UNDEFINED) { result = SSL.SSL_AIDX_RSA; } else if (certificate.getType() == Type.EC) { result = SSL.SSL_AIDX_ECC; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org