This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new dd35c7b0d0 Add missing catch when PEMFile fails to process some keys
dd35c7b0d0 is described below
commit dd35c7b0d0fec84ecddcebd459f0d4768966fe12
Author: remm <r...@apache.org>
AuthorDate: Thu Aug 28 11:10:00 2025 +0200
Add missing catch when PEMFile fails to process some keys
The keys should still be handed out to OpenSSL, with appropriate
logging.
---
java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java | 3 ++-
java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java | 3 ++-
webapps/docs/changelog.xml | 4 ++++
3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
index cfbc5e0c57..dc792281a2 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
@@ -17,6 +17,7 @@
package org.apache.tomcat.util.net.openssl;
import java.io.IOException;
+import java.security.KeyException;
import java.security.KeyStoreException;
import java.util.List;
import java.util.Set;
@@ -110,7 +111,7 @@ public class OpenSSLUtil extends SSLUtilBase {
log.info(msg);
}
return null;
- } catch (KeyStoreException | IOException e) {
+ } catch (KeyStoreException | KeyException | IOException e) {
// Depending on what is presented, JSSE may also throw
// KeyStoreException or IOException if it doesn't understand the
// provided file.
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
index 3cc9bce6b6..3475190e5a 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
@@ -17,6 +17,7 @@
package org.apache.tomcat.util.net.openssl.panama;
import java.io.IOException;
+import java.security.KeyException;
import java.security.KeyStoreException;
import java.util.List;
import java.util.Set;
@@ -85,7 +86,7 @@ public class OpenSSLUtil extends SSLUtilBase {
log.info(msg);
}
return null;
- } catch (KeyStoreException | IOException e) {
+ } catch (KeyStoreException | KeyException | IOException e) {
// Depending on what is presented, JSSE may also throw
// KeyStoreException or IOException if it doesn't understand the
// provided file.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6f6258e87b..82e35f0b1a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -129,6 +129,10 @@
<bug>69762</bug>: Additional overflow fix for HPACK decoding of
integers. Pull request <pr>880</pr> by Chenjp. (markt)
</fix>
+ <fix>
+ Ensure keys are handed out to OpenSSL even if <code>PEMFile</code>
+ fails to process it, with appropriate logging. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name = "Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
