(tomcat) branch main updated (7b81210bfe -> 60210a9e6c)

Thu, 09 Oct 2025 12:54:30 -0700 

This is an automated email from the ASF dual-hosted git repository.

dsoumis pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


    from 7b81210bfe Fix BZ 69839 - Ensure session ID changes are promulgated to 
SSO Valve
     new b239b1edde If optionalNoCA is configured then OCSP should be disabled.
     new d4e1833452 CAs may not issue CRLs.
     new 92f5cb5785 If we set ok=0 with errnum==X509_V_OK (0), OpenSSL emits a 
fatal internal_error. Tolerate V_OCSP_CERTSTATUS_UNKNOWN and let the client 
policy (e.g. NO_FALLBACK) decide.
     new 4c8f69dab3 If the OCSP response is null, the error is set as 
X509_V_ERR_APPLICATION_VERIFICATION (50). Should not pass our verification 
process.
     new 0be2617fb6 Set specific error when V_OCSP_CERTSTATUS_REVOKED
     new 9ff387b2f7 Ehnance tests and fix various issues in TestOcspIntegration 
tests
     new 60210a9e6c Refactor multiple instances of same code block in 
TestOcspIntegration

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../util/net/openssl/panama/OpenSSLContext.java    |   4 +
 .../util/net/openssl/panama/OpenSSLEngine.java     |   6 +-
 java/org/apache/tomcat/util/openssl/openssl_h.java |  20 ++
 .../tomcat/util/net/ocsp/TestOcspIntegration.java  | 281 ++++++++-------------
 test/org/apache/tomcat/util/net/ocsp/ca-cert.pem   |  34 +--
 .../tomcat/util/net/ocsp/client-keystore.p12       | Bin 0 -> 3658 bytes
 .../net/ocsp/{trust-password => client-password}   |   0
 .../util/net/ocsp/generate-ocsp-test-artifacts.sh  |  48 +++-
 .../tomcat/util/net/ocsp/ocsp-client-good.der      | Bin 0 -> 1280 bytes
 .../tomcat/util/net/ocsp/ocsp-client-revoked.der   | Bin 0 -> 1302 bytes
 test/org/apache/tomcat/util/net/ocsp/ocsp-good.der | Bin 1280 -> 1280 bytes
 .../apache/tomcat/util/net/ocsp/ocsp-revoked.der   | Bin 1302 -> 1302 bytes
 .../apache/tomcat/util/net/ocsp/server-cert.pem    | 106 ++++----
 .../org/apache/tomcat/util/net/ocsp/server-key.pem |  52 ++--
 .../org/apache/tomcat/util/net/ocsp/trustStore.p12 | Bin 1174 -> 1174 bytes
 15 files changed, 266 insertions(+), 285 deletions(-)
 create mode 100644 test/org/apache/tomcat/util/net/ocsp/client-keystore.p12
 copy test/org/apache/tomcat/util/net/ocsp/{trust-password => client-password} 
(100%)
 create mode 100644 test/org/apache/tomcat/util/net/ocsp/ocsp-client-good.der
 create mode 100644 test/org/apache/tomcat/util/net/ocsp/ocsp-client-revoked.der


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to