Bug 67667 - TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter()
Summary: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#g...
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 9.0.81
Hardware: All All
: P2 normal (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-10-10 18:48 UTC by Michael Osipov
Modified: 2023-10-12 10:17 UTC (History)
1 user (show)


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2023-10-10 18:48:17 UTC 
Output: 10-Oct-2023 19:52:21.881 WARNUNG [Catalina-utility-2] org.apache.catalina.security.TLSCertificateReloadListener.checkCertificatesForRenewal [Connector["https-openssl-apr-30002"]], TLS virtual host [_default_] with name [CN=localhost,OU=IN IT IN,O=Siemens,L=Berlin,ST=Berlin,C=DE] that expires on [10/15/23 7:20 PM] is overdue for renewal

This date isn't readable for international audience and an insult to the developer's/admin's eye.

The easiest solution is to do "expiringCertificate.getNotAfter().toInstant()", but Tomcat 8.5 runs on 7 only, alternatively, we use SimpleDateFormat/ConcurrentDateFormat with "yyyy-MM-dd'T'HH:mm:ssXXX".

Readable output:
10-Oct-2023 20:45:01.472 WARNUNG [Catalina-utility-1] org.apache.catalina.security.TLSCertificateReloadListener.checkCertificatesForRenewal [Connector["https-openssl-apr-30002"]], TLS virtual host [_default_] with name [CN=localhost, OU=IN IT IN, O=Siemens, L=Berlin, ST=Berlin, C=DE] that expires on [2023-10-15T17:20:55Z] is overdue for renewal

If no one objects, I'd commit and push the SDF to all branches.
Comment 1 Michael Osipov 2023-10-12 10:17:28 UTC 
Fixed in:
- main for 11.0.0-M13 and onwards
- 10.1.x for 10.1.16 and onwards
- 9.0.x  for 9.0.83 and onwards
- 8.5.x for 8.5.96 and onwards