[tomcat] 04/04: Create a Java KeyManager for APR TLS endpoints if possible

Thu, 16 Feb 2023 07:02:13 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 2083f076d51a403a1b5c267c0cb53993d8444609
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Feb 16 14:45:57 2023 +0000

    Create a Java KeyManager for APR TLS endpoints if possible
    
    This exposes the certs to the Manager app and certificate debug logging
---
 java/org/apache/tomcat/util/net/AprEndpoint.java        | 6 ++++++
 java/org/apache/tomcat/util/net/LocalStrings.properties | 1 +
 2 files changed, 7 insertions(+)

diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java 
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index b7ea79c56f..588cefdc4c 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -402,6 +402,12 @@ public class AprEndpoint extends 
AbstractEndpoint<Long,Long> implements SNICallB
                 } catch (Exception e) {
                     throw new IllegalArgumentException(e.getMessage(), e);
                 }
+                try {
+                    KeyManager[] kms = sslUtil.getKeyManagers();
+                    
certificate.setCertificateKeyManager(OpenSSLUtil.chooseKeyManager(kms));
+                } catch (Exception e) {
+                    log.debug(sm.getString("endpoint.apr.keyManagerError"), e);
+                }
             } else {
                 SSLUtil sslUtil = new OpenSSLUtil(certificate);
                 KeyManager[] kms = sslUtil.getKeyManagers();
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties 
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 7629f62dee..4405b62e53 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -52,6 +52,7 @@ endpoint.apr.errApplyConf=Could not apply OpenSSLConf to SSL 
context
 endpoint.apr.errCheckConf=Error during OpenSSLConf check
 endpoint.apr.errMakeConf=Could not create OpenSSLConf context
 endpoint.apr.failSslContextMake=Unable to create SSLContext. Check that 
SSLEngine is enabled in the AprLifecycleListener, the AprLifecycleListener has 
initialised correctly and that a valid SSLProtocol has been specified
+endpoint.apr.keyManagerError=Unable to construct Java KeyManager for provided 
TLS key
 endpoint.apr.invalidSslProtocol=An invalid value [{0}] was provided for the 
SSLProtocol attribute
 endpoint.apr.maxConnections.running=The APR endpoint does not support the 
setting of maxConnections while it is running. The existing value of [{0}] will 
continue to be used.
 endpoint.apr.maxConnections.unlimited=The APR endpoint does not support 
unlimited connections. The existing value of [{0}] will continue to be used.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to