(tomcat) branch 9.0.x updated (2893a36945 -> 12a260a0d2)

Fri, 17 Oct 2025 23:33:06 -0700 

This is an automated email from the ASF dual-hosted git repository.

dsoumis pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


    from 2893a36945 Fix back-port
     new 15aa357d01 If optionalNoCA is configured then OCSP should be disabled.
     new b74842bed4 CAs may not issue CRLs.
     new 4881026c62 If we set ok=0 with errnum==X509_V_OK (0), OpenSSL emits a 
fatal internal_error. Tolerate V_OCSP_CERTSTATUS_UNKNOWN and let the client 
policy (e.g. NO_FALLBACK) decide.
     new 20c7c27bb3 If the OCSP response is null, the error is set as 
X509_V_ERR_APPLICATION_VERIFICATION (50). Should not pass our verification 
process.
     new b7b28fb43b Set specific error when V_OCSP_CERTSTATUS_REVOKED
     new b08632be6c Ehnance tests and fix various issues in TestOcspIntegration 
tests
     new 12a260a0d2 Refactor multiple instances of same code block in 
TestOcspIntegration

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../util/net/openssl/panama/OpenSSLContext.java    |   4 +
 .../util/net/openssl/panama/OpenSSLEngine.java     |   6 +-
 java/org/apache/tomcat/util/openssl/openssl_h.java |  20 ++
 .../tomcat/util/net/ocsp/TestOcspIntegration.java  | 285 ++++++++-------------
 test/org/apache/tomcat/util/net/ocsp/ca-cert.pem   |  34 +--
 .../tomcat/util/net/ocsp/client-keystore.p12       | Bin 0 -> 3658 bytes
 .../net/ocsp/{trust-password => client-password}   |   0
 .../util/net/ocsp/generate-ocsp-test-artifacts.sh  |  48 +++-
 .../tomcat/util/net/ocsp/ocsp-client-good.der      | Bin 0 -> 1280 bytes
 .../tomcat/util/net/ocsp/ocsp-client-revoked.der   | Bin 0 -> 1302 bytes
 test/org/apache/tomcat/util/net/ocsp/ocsp-good.der | Bin 1280 -> 1280 bytes
 .../apache/tomcat/util/net/ocsp/ocsp-revoked.der   | Bin 1302 -> 1302 bytes
 .../apache/tomcat/util/net/ocsp/server-cert.pem    | 106 ++++----
 .../org/apache/tomcat/util/net/ocsp/server-key.pem |  52 ++--
 .../org/apache/tomcat/util/net/ocsp/trustStore.p12 | Bin 1174 -> 1174 bytes
 15 files changed, 267 insertions(+), 288 deletions(-)
 create mode 100644 test/org/apache/tomcat/util/net/ocsp/client-keystore.p12
 copy test/org/apache/tomcat/util/net/ocsp/{trust-password => client-password} 
(100%)
 create mode 100644 test/org/apache/tomcat/util/net/ocsp/ocsp-client-good.der
 create mode 100644 test/org/apache/tomcat/util/net/ocsp/ocsp-client-revoked.der


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to