(tomcat) branch 11.0.x updated: Align OpenSSL/Panama TLS implementation with other implementations

Mon, 08 Jun 2026 05:25:36 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/11.0.x by this push:
     new 7f8ecdbd93 Align OpenSSL/Panama TLS implementation with other 
implementations
7f8ecdbd93 is described below

commit 7f8ecdbd930d8c5a7fae73aa0eec9124d919e2f5
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 8 13:24:40 2026 +0100

    Align OpenSSL/Panama TLS implementation with other implementations
    
    Throw an exception if there is an error loading the provided CRL(s).
---
 java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 6 ++++--
 webapps/docs/changelog.xml                                         | 5 +++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index be103586b6..349b6997d9 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -1198,7 +1198,8 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                             
SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
                     if (X509_LOOKUP_load_file(x509Lookup, 
certificateRevocationListFileNative,
                             X509_FILETYPE_PEM()) <= 0) {
-                        
log.error(sm.getString("openssl.errorLoadingCertificateRevocationListWithError",
+                        throw new IllegalArgumentException(sm.getString(
+                                
"openssl.errorLoadingCertificateRevocationListWithError",
                                 
sslHostConfig.getCertificateRevocationListFile(), 
OpenSSLLibrary.getLastError()));
                     }
                 }
@@ -1208,7 +1209,8 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                             
SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
                     if (X509_LOOKUP_add_dir(x509Lookup, 
certificateRevocationListPathNative,
                             X509_FILETYPE_PEM()) <= 0) {
-                        
log.error(sm.getString("openssl.errorLoadingCertificateRevocationListWithError",
+                        throw new IllegalArgumentException(sm.getString(
+                                
"openssl.errorLoadingCertificateRevocationListWithError",
                                 
sslHostConfig.getCertificateRevocationListPath(), 
OpenSSLLibrary.getLastError()));
                     }
                 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 56140af24a..92c72237e9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -308,6 +308,11 @@
         <code>isTrailerFieldsReady</code> was always returning
         <code>true</code>. (remm)
       </fix>
+      <fix>
+        Align OpenSSL/Panama TLS implementation with other implementations and
+        throw an exception if there is an error loading the provided CRL(s).
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to