(tomcat) branch main updated: Add comment to remember about the get0 call

Mon, 23 Feb 2026 02:32:14 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 1934925cf4 Add comment to remember about the get0 call
1934925cf4 is described below

commit 1934925cf49dd377f2a764693e77bfbdc55a9104
Author: remm <[email protected]>
AuthorDate: Mon Feb 23 11:30:36 2026 +0100

    Add comment to remember about the get0 call
---
 java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java 
b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
index 1bd3aec457..8711b4c697 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
@@ -31,6 +31,7 @@ import static 
org.apache.tomcat.util.openssl.openssl_h.SSL_get1_peer_certificate
 public class openssl_h_Compatibility {
 
     public static final boolean OPENSSL;
+    public static final boolean OPENSSL1;
     public static final boolean OPENSSL3;
     public static final boolean BORINGSSL;
     public static final boolean LIBRESSL;
@@ -41,6 +42,7 @@ public class openssl_h_Compatibility {
     static {
         String versionString = OpenSSL_version(0).getString(0);
         OPENSSL = versionString.contains("OpenSSL");
+        OPENSSL1 = OPENSSL && OpenSSL_version_num() < 0x3000000fL;
         OPENSSL3 = OPENSSL && OpenSSL_version_num() >= 0x3000000fL;
         BORINGSSL = versionString.contains("BoringSSL");
         LIBRESSL = versionString.contains("LibreSSL");
@@ -149,6 +151,8 @@ public class openssl_h_Compatibility {
     // OpenSSL 1.1 SSL_get_peer_certificate
     public static MemorySegment SSL_get_peer_certificate(MemorySegment s) {
         if (OPENSSL3) {
+            // This could be using SSL_get0_peer_certificate instead, but all 
the other implementations
+            // use SSL_get_peer_certificate which is equivalent to 
SSL_get1_peer_certificate
             return SSL_get1_peer_certificate(s);
         } else {
             class Holder {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to