(tomcat) branch main updated: Drop the unused certificate index from the FFM code

Fri, 12 Sep 2025 05:21:49 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 5458de5fc4 Drop the unused certificate index from the FFM code
5458de5fc4 is described below

commit 5458de5fc45b7e7754c38a0852311355d242553d
Author: remm <[email protected]>
AuthorDate: Fri Sep 12 14:18:34 2025 +0200

    Drop the unused certificate index from the FFM code
---
 .../util/net/openssl/panama/OpenSSLContext.java    | 22 ++--------------------
 1 file changed, 2 insertions(+), 20 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index cbee5711d0..a6b4c460db 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -896,7 +896,6 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 
 
     public boolean addCertificate(SSLHostConfigCertificate certificate, Arena 
localArena) throws Exception {
-        int index = getCertificateIndex(certificate);
         // Load Server key and certificate
         if (certificate.getCertificateFile() != null) {
             // Pick right key password
@@ -1048,8 +1047,8 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                     logLastError("openssl.errorPrivateKeyCheck");
                     return false;
                 }
-                // Try to read DH parameters from the (first) 
SSLCertificateFile
-                if (index == SSL_AIDX_RSA) {
+                // Try to read DH parameters from the SSLCertificateFile
+                if (certificate.getType() == Type.RSA) {
                     BIO_reset(certificateBIO);
                     if (!openssl_h_Compatibility.BORINGSSL) {
                         if (!openssl_h_Compatibility.OPENSSL3) {
@@ -1270,23 +1269,6 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
     }
 
 
-    private static int getCertificateIndex(SSLHostConfigCertificate 
certificate) {
-        int result;
-        // If the type is undefined there will only be one certificate 
(enforced
-        // in SSLHostConfig) so use the RSA slot.
-        if (certificate.getType() == Type.RSA || certificate.getType() == 
Type.UNDEFINED) {
-            result = SSL_AIDX_RSA;
-        } else if (certificate.getType() == Type.EC) {
-            result = SSL_AIDX_ECC;
-        } else if (certificate.getType() == Type.DSA) {
-            result = SSL_AIDX_DSA;
-        } else {
-            result = SSL_AIDX_MAX;
-        }
-        return result;
-    }
-
-
     /*
      * Find a valid alias when none was specified in the config.
      */


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to