This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new 2cfa39ad23 Add missing catch when PEMFile fails to process some keys 2cfa39ad23 is described below commit 2cfa39ad238936d0f6d32c55e0494eeb7d6c1805 Author: remm <r...@apache.org> AuthorDate: Thu Aug 28 11:10:00 2025 +0200 Add missing catch when PEMFile fails to process some keys The keys should still be handed out to OpenSSL, with appropriate logging. --- java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java | 3 ++- java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java | 3 ++- webapps/docs/changelog.xml | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java index cfbc5e0c57..dc792281a2 100644 --- a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java +++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java @@ -17,6 +17,7 @@ package org.apache.tomcat.util.net.openssl; import java.io.IOException; +import java.security.KeyException; import java.security.KeyStoreException; import java.util.List; import java.util.Set; @@ -110,7 +111,7 @@ public class OpenSSLUtil extends SSLUtilBase { log.info(msg); } return null; - } catch (KeyStoreException | IOException e) { + } catch (KeyStoreException | KeyException | IOException e) { // Depending on what is presented, JSSE may also throw // KeyStoreException or IOException if it doesn't understand the // provided file. diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java index 3cc9bce6b6..3475190e5a 100644 --- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java +++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java @@ -17,6 +17,7 @@ package org.apache.tomcat.util.net.openssl.panama; import java.io.IOException; +import java.security.KeyException; import java.security.KeyStoreException; import java.util.List; import java.util.Set; @@ -85,7 +86,7 @@ public class OpenSSLUtil extends SSLUtilBase { log.info(msg); } return null; - } catch (KeyStoreException | IOException e) { + } catch (KeyStoreException | KeyException | IOException e) { // Depending on what is presented, JSSE may also throw // KeyStoreException or IOException if it doesn't understand the // provided file. diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 1955163f30..532e910ad3 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -208,6 +208,10 @@ <bug>69762</bug>: Additional overflow fix for HPACK decoding of integers. Pull request <pr>880</pr> by Chenjp. (markt) </fix> + <fix> + Ensure keys are handed out to OpenSSL even if <code>PEMFile</code> + fails to process it, with appropriate logging. (remm) + </fix> </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org