2015-05-06 15:36 GMT+03:00 <ma...@apache.org>: > Author: markt > Date: Wed May 6 12:36:50 2015 > New Revision: 1677971 > > URL: http://svn.apache.org/r1677971 > Log: > Use the truststoreProvider rather than the keystoreProvider for the trust > manager > > Modified: > tomcat/tc7.0.x/trunk/ (props changed) > > tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java > tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
> Modified: > tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java > URL: > http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677971&r1=1677970&r2=1677971&view=diff > ============================================================================== > --- > tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java > (original) > +++ > tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java > Wed May 6 12:36:50 2015 > @@ -545,8 +545,7 @@ public class JSSESocketFactory implement > algorithm = TrustManagerFactory.getDefaultAlgorithm(); > } > > - return getTrustManagers(truststoreType, > endpoint.getKeystoreProvider(), > - algorithm); > + return getTrustManagers(truststoreType, > endpoint.getTruststoreProvider(), algorithm); > } > > @Override > > Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml > URL: > http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1677971&r1=1677970&r2=1677971&view=diff > ============================================================================== > --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) > +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed May 6 12:36:50 2015 > @@ -128,6 +128,12 @@ > <bug>57837</bug>: Add <code>text/css</code> to the default list of > compressable MIME types. (markt) > </fix> > + <fix> > + For the JSSE based TLS connectors, use the > + <code>truststoreProvider</code> rather than the > + <code>keystoreProvider</code> when creating the > + <code>TrustManager</code>s. (markt) > + </fix> > </changelog> > </subsection> > <subsection name="Jasper"> Hi! I voted for TC 6 backport of this revision, but on further review there are two problems: 1. In other place that calls endpoint.getTruststoreProvider() -- JSSESocketFactory.getTrustStore() -- there is some logic to fallback to getKeystoreProvider(). It also consults a system property. If we call endpoint.getTruststoreProvider() directly then there is no such fallback logic. 2. The patch is not applicable to Tomcat 6 as is, as its endpoint classes do not have "getTruststoreProvider()" method. Searching for "truststoreProvider" I see that documentation mentions such option in config/http.xml, and the code in JSSESocketFactory.getTrustStore() does String truststoreProvider = (String)attributes.get("truststoreProvider"); instead of using a getter method. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
