(tomcat) branch main updated: Avoid NPEs

Thu, 18 Sep 2025 07:59:46 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 517beba1eb Avoid NPEs
517beba1eb is described below

commit 517beba1eb5d6c51cdfe42802f673c45df04c1cb
Author: remm <[email protected]>
AuthorDate: Thu Sep 18 16:59:30 2025 +0200

    Avoid NPEs
    
    If some certificates failed to load, some NPEs would occur.
---
 .../catalina/manager/LocalStrings.properties       |  1 +
 .../apache/catalina/manager/ManagerServlet.java    | 32 ++++++++++++++--------
 webapps/docs/changelog.xml                         |  3 ++
 3 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/java/org/apache/catalina/manager/LocalStrings.properties 
b/java/org/apache/catalina/manager/LocalStrings.properties
index 9521873a49..618039a367 100644
--- a/java/org/apache/catalina/manager/LocalStrings.properties
+++ b/java/org/apache/catalina/manager/LocalStrings.properties
@@ -122,6 +122,7 @@ jmxProxyServlet.noOperationOnBean=Cannot find operation 
[{0}] with [{1}] argumen
 
 managerServlet.alreadyContext=FAIL - Application already exists at path [{0}]
 managerServlet.certsNotAvailable=Certificate information cannot be obtained 
from this connector at runtime
+managerServlet.certsNotLoaded=Certificates were not loaded for this connector
 managerServlet.copyFail=FAIL - Unable to copy [{0}] to [{1}], details of the 
error may be in the server logs
 managerServlet.deleteFail=FAIL - Unable to delete [{0}]. The continued 
presence of this file may cause problems.
 managerServlet.deployFailed=FAIL - Failed to deploy application at context 
path [{0}]
diff --git a/java/org/apache/catalina/manager/ManagerServlet.java 
b/java/org/apache/catalina/manager/ManagerServlet.java
index 87ecf5a889..68d6ac8e7f 100644
--- a/java/org/apache/catalina/manager/ManagerServlet.java
+++ b/java/org/apache/catalina/manager/ManagerServlet.java
@@ -1571,12 +1571,16 @@ public class ManagerServlet extends HttpServlet 
implements ContainerServlet {
                         if (alias == null) {
                             alias = SSLUtilBase.DEFAULT_KEY_ALIAS;
                         }
-                        X509Certificate[] certs = 
sslContext.getCertificateChain(alias);
-                        if (certs == null) {
-                            
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
+                        if (sslContext == null) {
+                            
certList.add(smClient.getString("managerServlet.certsNotLoaded"));
                         } else {
-                            for (Certificate cert : certs) {
-                                certList.add(cert.toString());
+                            X509Certificate[] certs = 
sslContext.getCertificateChain(alias);
+                            if (certs == null) {
+                                
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
+                            } else {
+                                for (Certificate cert : certs) {
+                                    certList.add(cert.toString());
+                                }
                             }
                         }
                         result.put(name, certList);
@@ -1604,14 +1608,18 @@ public class ManagerServlet extends HttpServlet 
implements ContainerServlet {
                     String name = connector.toString() + "-" + 
sslHostConfig.getHostName();
                     List<String> certList = new ArrayList<>();
                     SSLContext sslContext = 
sslHostConfig.getCertificates().iterator().next().getSslContext();
-                    X509Certificate[] certs = sslContext.getAcceptedIssuers();
-                    if (certs == null) {
-                        
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
-                    } else if (certs.length == 0) {
-                        
certList.add(smClient.getString("managerServlet.trustedCertsNotConfigured"));
+                    if (sslContext == null) {
+                        
certList.add(smClient.getString("managerServlet.certsNotLoaded"));
                     } else {
-                        for (Certificate cert : certs) {
-                            certList.add(cert.toString());
+                        X509Certificate[] certs = 
sslContext.getAcceptedIssuers();
+                        if (certs == null) {
+                            
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
+                        } else if (certs.length == 0) {
+                            
certList.add(smClient.getString("managerServlet.trustedCertsNotConfigured"));
+                        } else {
+                            for (Certificate cert : certs) {
+                                certList.add(cert.toString());
+                            }
                         }
                     }
                     result.put(name, certList);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 591a26aa33..bed396089e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -292,6 +292,9 @@
         Documentation. Clarify the purpose of the <code>maxPostSize</code>
         attribute of the <code>Connector</code> element. (markt)
       </fix>
+      <fix>
+        Avoid NPE in manager webapp displaying certificate information. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to