This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e47b14bd85f8b3d454abe9025196983692c6c67c Author: remm <[email protected]> AuthorDate: Thu Sep 18 11:26:00 2025 +0200 Avoid changing Type toString Changing toString could have some unintended consequences, as a result use a dedicated getter for the key type. Use SSLUtilBase.DEFAULT_KEY_ALIAS in the FFM code. --- java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 3 +-- java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java | 2 +- java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 7 ++++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java index b92fff897b..08d7e7f53c 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java @@ -344,8 +344,7 @@ public class SSLHostConfigCertificate implements Serializable { return compatibleAuthentications.contains(scheme.getAuth()); } - @Override - public String toString() { + public String getKeyType() { if (keyType != null) { return keyType; } diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java index 8703b96067..2702f9025f 100644 --- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java +++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java @@ -550,7 +550,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { Iterator<Type> iter = candidateTypes.iterator(); while (result == null && iter.hasNext()) { - result = keyManager.chooseServerAlias(iter.next().toString(), null, null); + result = keyManager.chooseServerAlias(iter.next().getKeyType(), null, null); } return result; diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java index 20e303ca24..67297bf752 100644 --- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java +++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java @@ -59,6 +59,7 @@ import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.SSLHostConfig.CertificateVerification; import org.apache.tomcat.util.net.SSLHostConfigCertificate; import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type; +import org.apache.tomcat.util.net.SSLUtilBase; import org.apache.tomcat.util.net.openssl.OpenSSLConf; import org.apache.tomcat.util.net.openssl.OpenSSLConfCmd; import org.apache.tomcat.util.net.openssl.OpenSSLStatus; @@ -1180,7 +1181,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { String alias = certificate.getCertificateKeyAlias(); X509KeyManager x509KeyManager = certificate.getCertificateKeyManager(); if (alias == null) { - alias = "tomcat"; + alias = SSLUtilBase.DEFAULT_KEY_ALIAS; } X509Certificate[] chain = x509KeyManager.getCertificateChain(alias); if (chain == null) { @@ -1284,7 +1285,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { Iterator<Type> iter = candidateTypes.iterator(); while (result == null && iter.hasNext()) { - result = keyManager.chooseServerAlias(iter.next().toString(), null, null); + result = keyManager.chooseServerAlias(iter.next().getKeyType(), null, null); } return result; @@ -1344,7 +1345,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { X509KeyManager x509KeyManager = certificate.getCertificateKeyManager(); if (x509KeyManager != null) { if (alias == null) { - alias = "tomcat"; + alias = SSLUtilBase.DEFAULT_KEY_ALIAS; } chain = x509KeyManager.getCertificateChain(alias); if (chain == null) { --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
