Bug 66647 - Analyze usefulness and consider deprecation of certificateChainFile in favor of certificateFile
Summary: Analyze usefulness and consider deprecation of certificateChainFile in favor ...
Status: NEW
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Connectors (show other bugs)
Version: 9.0.75
Hardware: All All
: P2 enhancement (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-14 09:37 UTC by Michael Osipov
Modified: 2023-06-15 15:12 UTC (History)
2 users (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2023-06-14 09:37:21 UTC
This is a spinoff of Bug 66635.

Our OpenSSL code is mostly based on HTTPd's mod_ssl. HTTPd has deprecated SSLCertificateChainFile (https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile) long time ago in favor of SSLCertificateFile which can contain the entire chain already.

Out task is to:
* Analyse our usage (code-wise) for/of both parameters and update to the behavior of mod_ssl
* Deprecate certificateChainFile then in favor of certificateFile
* Ideally remove in Tomcat 11 then