This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 5845632fa8 Fix one cause of Gump failures with PQC tests
5845632fa8 is described below
commit 5845632fa84ef9121882525c023c4a07b5497afc
Author: Mark Thomas <[email protected]>
AuthorDate: Thu May 28 10:38:42 2026 +0100
Fix one cause of Gump failures with PQC tests
---
java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java | 16 ++++++++++------
.../tomcat/util/net/openssl/panama/OpenSSLUtil.java | 16 ++++++++++------
2 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
index b15461f742..3ddae0bc90 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLUtil.java
@@ -19,6 +19,7 @@ package org.apache.tomcat.util.net.openssl;
import java.io.IOException;
import java.security.KeyException;
import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.Set;
@@ -127,10 +128,14 @@ public class OpenSSLUtil extends SSLUtilBase {
log.info(msg);
}
return null;
- } catch (KeyStoreException | KeyException | IOException e) {
- // Depending on what is presented, JSSE may also throw
- // KeyStoreException or IOException if it doesn't understand the
- // provided file.
+ } catch (KeyStoreException | KeyException | IOException |
NoSuchAlgorithmException e) {
+ /*
+ * JSSE may throw any of KeyStoreException, KeyException or
IOException if it does not understand the format
+ * of the provided file.
+ *
+ * If JSSE does understand the file but does not support the
algorithm used then NoSuchAlgorithmException
+ * will be seen.
+ */
if (certificate.getCertificateFile() != null) {
String msg = sm.getString("openssl.nonJsseCertificate",
certificate.getCertificateFile(),
certificate.getCertificateKeyFile());
@@ -139,8 +144,7 @@ public class OpenSSLUtil extends SSLUtilBase {
} else {
log.info(msg);
}
- // Assume JSSE processing of the certificate failed, try again
with OpenSSL
- // without a key manager
+ // Assume JSSE processing of the certificate failed, try again
with OpenSSL without a key manager.
return null;
}
throw e;
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
index 1d7e768271..ba26f0c758 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLUtil.java
@@ -19,6 +19,7 @@ package org.apache.tomcat.util.net.openssl.panama;
import java.io.IOException;
import java.security.KeyException;
import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.Set;
@@ -86,10 +87,14 @@ public class OpenSSLUtil extends SSLUtilBase {
log.info(msg);
}
return null;
- } catch (KeyStoreException | KeyException | IOException e) {
- // Depending on what is presented, JSSE may also throw
- // KeyStoreException or IOException if it doesn't understand the
- // provided file.
+ } catch (KeyStoreException | KeyException | IOException |
NoSuchAlgorithmException e) {
+ /*
+ * JSSE may throw any of KeyStoreException, KeyException or
IOException if it does not understand the format
+ * of the provided file.
+ *
+ * If JSSE does understand the file but does not support the
algorithm used then NoSuchAlgorithmException
+ * will be seen.
+ */
if (certificate.getCertificateFile() != null) {
String msg = sm.getString("openssl.nonJsseCertificate",
certificate.getCertificateFile(),
certificate.getCertificateKeyFile());
@@ -98,8 +103,7 @@ public class OpenSSLUtil extends SSLUtilBase {
} else {
log.info(msg);
}
- // Assume JSSE processing of the certificate failed, try again
with OpenSSL
- // without a key manager
+ // Assume JSSE processing of the certificate failed, try again
with OpenSSL without a key manager.
return null;
}
throw e;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
