(tomcat) branch 9.0.x updated: Minor optimisation and ignore all Tomcat internal OCSP settings on store

Wed, 27 May 2026 03:45:12 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 9522f0e913 Minor optimisation and ignore all Tomcat internal OCSP 
settings on store
9522f0e913 is described below

commit 9522f0e9139a94bb98dd6a1e252917952629f48e
Author: Mark Thomas <[email protected]>
AuthorDate: Wed May 27 11:43:11 2026 +0100

    Minor optimisation and ignore all Tomcat internal OCSP settings on store
---
 java/org/apache/catalina/storeconfig/OpenSSLConfSF.java     | 3 ++-
 java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java 
b/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java
index ff5c722238..9571b331aa 100644
--- a/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java
+++ b/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java
@@ -35,7 +35,8 @@ public class OpenSSLConfSF extends StoreFactoryBase {
     public OpenSSLConfSF() {
     }
 
-    private static final Set<String> INTERNAL_COMMANDS = new 
HashSet<>(Arrays.asList(OpenSSLConfCmd.NO_OCSP_CHECK));
+    private static final Set<String> INTERNAL_COMMANDS = new 
HashSet<>(Arrays.asList(OpenSSLConfCmd.NO_OCSP_CHECK,
+            OpenSSLConfCmd.OCSP_SOFT_FAIL, OpenSSLConfCmd.OCSP_TIMEOUT, 
OpenSSLConfCmd.OCSP_VERIFY_FLAGS));
 
     /**
      * Store nested OpenSSLConfCmd elements.
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index ee0ebc95d3..418c98b2be 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -431,6 +431,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                 for (OpenSSLConfCmd command : 
sslHostConfig.getOpenSslConf().getCommands()) {
                     if 
(OpenSSLConfCmd.NO_OCSP_CHECK.equals(command.getName())) {
                         foundOcspConfig = true;
+                        break;
                     }
                 }
                 if (!foundOcspConfig) {
@@ -450,6 +451,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                 for (OpenSSLConfCmd command : 
sslHostConfig.getOpenSslConf().getCommands()) {
                     if (OpenSSLConfCmd.GROUPS.equals(command.getName())) {
                         foundGroupsConfig = true;
+                        break;
                     }
                 }
                 if (!foundGroupsConfig) {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to