This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new dfb802cd31 Log basic information for each configured TLS cert when
Tomcat starts
dfb802cd31 is described below
commit dfb802cd317445868b9d50237cf73becb5828fc8
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 19 18:08:10 2023 +0000
Log basic information for each configured TLS cert when Tomcat starts
---
.../apache/tomcat/util/net/AbstractEndpoint.java | 26 ++++++++++++++++++++++
.../tomcat/util/net/AbstractJsseEndpoint.java | 1 +
.../apache/tomcat/util/net/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/SSLUtilBase.java | 4 +++-
webapps/docs/changelog.xml | 8 +++++++
5 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 2ce72e8acb..bdf94f28ac 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -357,6 +357,32 @@ public abstract class AbstractEndpoint<S,U> {
protected abstract void createSSLContext(SSLHostConfig sslHostConfig)
throws Exception;
+ protected void logCertificate(SSLHostConfigCertificate certificate) {
+ SSLHostConfig sslHostConfig = certificate.getSSLHostConfig();
+
+ String certificateSource = certificate.getCertificateKeystoreFile();
+ if (certificateSource == null) {
+ certificateSource = certificate.getCertificateKeyFile();
+ }
+
+ String keyAlias = certificate.getCertificateKeyAlias();
+ if (keyAlias == null) {
+ keyAlias = SSLUtilBase.DEFAULT_KEY_ALIAS;
+ }
+
+ String trustStoreSource = sslHostConfig.getTruststoreFile();
+ if (trustStoreSource == null) {
+ trustStoreSource = sslHostConfig.getCaCertificateFile();
+ }
+ if (trustStoreSource == null) {
+ trustStoreSource = sslHostConfig.getCaCertificatePath();
+ }
+
+ getLog().info(sm.getString("endpoint.tls.info", getName(),
sslHostConfig.getHostName(), certificate.getType(),
+ certificateSource, keyAlias, trustStoreSource));
+ }
+
+
protected void destroySsl() throws Exception {
if (isSSLEnabled()) {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index 43fc71db7a..261ed118c2 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -106,6 +106,7 @@ public abstract class AbstractJsseEndpoint<S,U> extends
AbstractEndpoint<S,U> {
throw new IllegalArgumentException(e.getMessage(), e);
}
+ logCertificate(certificate);
certificate.setSslContext(sslContext);
}
}
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 847d01144a..dc7b9b9361 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -114,6 +114,7 @@ endpoint.setAttribute=Set [{0}] to [{1}]
endpoint.setAttributeError=Unable to set attribute [{0}] to [{1}]
endpoint.socketOptionsError=Error setting socket options
endpoint.timeout.err=Error processing socket timeout
+endpoint.tls.info=Connector [{0}], TLS virtual host [{1}], certificate type
[{2}] configured from [{3}] using alias [{4}] and with trust store [{5}]
endpoint.unknownSslHostName=The SSL host name [{0}] is not recognised for this
endpoint
endpoint.warn.executorShutdown=The executor associated with thread pool [{0}]
has not fully shutdown. Some application threads may still be running.
endpoint.warn.incorrectConnectionCount=Incorrect connection count, multiple
calls to socket.close for the same socket.
diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java
b/java/org/apache/tomcat/util/net/SSLUtilBase.java
index 76b485654f..d6dc329278 100644
--- a/java/org/apache/tomcat/util/net/SSLUtilBase.java
+++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java
@@ -71,6 +71,8 @@ public abstract class SSLUtilBase implements SSLUtil {
private static final Log log = LogFactory.getLog(SSLUtilBase.class);
private static final StringManager sm =
StringManager.getManager(SSLUtilBase.class);
+ protected static final String DEFAULT_KEY_ALIAS = "tomcat";
+
protected final SSLHostConfig sslHostConfig;
protected final SSLHostConfigCertificate certificate;
@@ -324,7 +326,7 @@ public abstract class SSLUtilBase implements SSLUtil {
}
if (keyAlias == null) {
- keyAlias = "tomcat";
+ keyAlias = DEFAULT_KEY_ALIAS;
}
// Switch to in-memory key store
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 039010e0b6..1558ef3159 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,14 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <add>
+ Log basic information for each configured TLS certificate when Tomcat
+ starts. (markt)
+ </add>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<update>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
