Fix for Bug 1630469 - CC: tomcatjss: unable to enable OCSP checking f…

…rom peer AIA extension. Now the server.xml can be configured to enable ocsp AND leave other settings null, to trigger NSS to use the AIA extension to locate the ocsp responder. ex: <Connector name="Secure" port="18443" ... ..... enableOCSP="true" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" ocspMaxCacheEntryDuration="120" ocspTimeout="10"
dogtagpki · Sep 21, 2018 · 84ce990 · 84ce990
1 parent 6705223
commit 84ce990
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/src/org/apache/tomcat/util/net/jss/TomcatJSS.java b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
@@ -500,13 +500,24 @@ public void configureOCSP() throws Exception {
         }
 
         logger.debug("ocspResponderURL: " + ocspResponderURL);
+
         if (StringUtils.isEmpty(ocspResponderURL)) {
-            throw new Exception("Missing ocspResponderURL");
+            ocspResponderURL = null;
         }
 
         logger.debug("ocspResponderCertNickname: " + ocspResponderCertNickname);
         if (StringUtils.isEmpty(ocspResponderCertNickname)) {
-            throw new Exception("Missing ocspResponderCertNickname");
+            ocspResponderCertNickname = null;
+        }
+
+        // Check to see if the ocsp url and nickname are both set or not set
+
+        if (ocspResponderURL == null && ocspResponderCertNickname != null) {
+            throw new Exception("Missing OCSP responder URL");
+        }
+
+        if (ocspResponderURL != null && ocspResponderCertNickname == null) {
+            throw new Exception("Missing OCSP responder certificate nickname");
         }
 
         manager.configureOCSP(