This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new f7fd048 Correct regression in refactoring that broke TLS with a
single cert
f7fd048 is described below
commit f7fd048f2d130c4db3d86058df73124a9443362e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Feb 28 10:23:37 2019 +0000
Correct regression in refactoring that broke TLS with a single cert
When a single certificate is used the type is likely to be undefined.
That caused the lookup of the storage slot to return an incorrect value.
In this case just use the RSA slot as it is only convention that maps a
given slot to a specific type. Tomcat Native and OpenSSL don't actually
care.
---
java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index 7f13859..fd8fc5c 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -416,7 +416,9 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
private static int getCertificateIndex(SSLHostConfigCertificate
certificate) {
int result;
- if (certificate.getType() == Type.RSA) {
+ // If the type is undefined there will only be one certificate
(enforced
+ // in SSLHostConfig) so use the RSA slot.
+ if (certificate.getType() == Type.RSA || certificate.getType() ==
Type.UNDEFINED) {
result = SSL.SSL_AIDX_RSA;
} else if (certificate.getType() == Type.EC) {
result = SSL.SSL_AIDX_ECC;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
