(tomcat) branch 10.1.x updated: Avoid NPEs

Thu, 18 Sep 2025 08:04:28 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new 8aad5cb683 Avoid NPEs
8aad5cb683 is described below

commit 8aad5cb6834e9e462cd4ec154e2460799056168b
Author: remm <[email protected]>
AuthorDate: Thu Sep 18 16:59:30 2025 +0200

    Avoid NPEs
    
    If some certificates failed to load, some NPEs would occur.
---
 .../catalina/manager/LocalStrings.properties       |  1 +
 .../apache/catalina/manager/ManagerServlet.java    | 32 ++++++++++++++--------
 webapps/docs/changelog.xml                         |  3 ++
 3 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/java/org/apache/catalina/manager/LocalStrings.properties 
b/java/org/apache/catalina/manager/LocalStrings.properties
index 7d7d8e4e4f..2f40bed021 100644
--- a/java/org/apache/catalina/manager/LocalStrings.properties
+++ b/java/org/apache/catalina/manager/LocalStrings.properties
@@ -125,6 +125,7 @@ jmxProxyServlet.noOperationOnBean=Cannot find operation 
[{0}] with [{1}] argumen
 
 managerServlet.alreadyContext=FAIL - Application already exists at path [{0}]
 managerServlet.certsNotAvailable=Certificate information cannot be obtained 
from this connector at runtime
+managerServlet.certsNotLoaded=Certificates were not loaded for this connector
 managerServlet.copyFail=FAIL - Unable to copy [{0}] to [{1}], details of the 
error may be in the server logs
 managerServlet.deleteFail=FAIL - Unable to delete [{0}]. The continued 
presence of this file may cause problems.
 managerServlet.deployFailed=FAIL - Failed to deploy application at context 
path [{0}]
diff --git a/java/org/apache/catalina/manager/ManagerServlet.java 
b/java/org/apache/catalina/manager/ManagerServlet.java
index de351a8b52..127b600dc5 100644
--- a/java/org/apache/catalina/manager/ManagerServlet.java
+++ b/java/org/apache/catalina/manager/ManagerServlet.java
@@ -1570,12 +1570,16 @@ public class ManagerServlet extends HttpServlet 
implements ContainerServlet {
                         if (alias == null) {
                             alias = SSLUtilBase.DEFAULT_KEY_ALIAS;
                         }
-                        X509Certificate[] certs = 
sslContext.getCertificateChain(alias);
-                        if (certs == null) {
-                            
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
+                        if (sslContext == null) {
+                            
certList.add(smClient.getString("managerServlet.certsNotLoaded"));
                         } else {
-                            for (Certificate cert : certs) {
-                                certList.add(cert.toString());
+                            X509Certificate[] certs = 
sslContext.getCertificateChain(alias);
+                            if (certs == null) {
+                                
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
+                            } else {
+                                for (Certificate cert : certs) {
+                                    certList.add(cert.toString());
+                                }
                             }
                         }
                         result.put(name, certList);
@@ -1603,14 +1607,18 @@ public class ManagerServlet extends HttpServlet 
implements ContainerServlet {
                     String name = connector.toString() + "-" + 
sslHostConfig.getHostName();
                     List<String> certList = new ArrayList<>();
                     SSLContext sslContext = 
sslHostConfig.getCertificates().iterator().next().getSslContext();
-                    X509Certificate[] certs = sslContext.getAcceptedIssuers();
-                    if (certs == null) {
-                        
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
-                    } else if (certs.length == 0) {
-                        
certList.add(smClient.getString("managerServlet.trustedCertsNotConfigured"));
+                    if (sslContext == null) {
+                        
certList.add(smClient.getString("managerServlet.certsNotLoaded"));
                     } else {
-                        for (Certificate cert : certs) {
-                            certList.add(cert.toString());
+                        X509Certificate[] certs = 
sslContext.getAcceptedIssuers();
+                        if (certs == null) {
+                            
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
+                        } else if (certs.length == 0) {
+                            
certList.add(smClient.getString("managerServlet.trustedCertsNotConfigured"));
+                        } else {
+                            for (Certificate cert : certs) {
+                                certList.add(cert.toString());
+                            }
                         }
                     }
                     result.put(name, certList);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5483ee13c4..73fa6cdc7f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -153,6 +153,9 @@
         Documentation. Clarify the purpose of the <code>maxPostSize</code>
         attribute of the <code>Connector</code> element. (markt)
       </fix>
+      <fix>
+        Avoid NPE in manager webapp displaying certificate information. (remm)
+      </fix>
     </changelog>
   </subsection>
 </section>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to