svn commit: r1716745 - in /tomcat/trunk/webapps/docs: config/http.xml ssl-howto.xml

Thu, 26 Nov 2015 09:17:16 -0800 

Author: remm
Date: Thu Nov 26 17:17:03 2015
New Revision: 1716745

URL: http://svn.apache.org/viewvc?rev=1716745&view=rev
Log:
Add some docs fixes for the OpenSSL configuration in NIOx, now that JSSE style 
is supposed to be supported. Probably not the last improvement since it is 
rather difficult to explain (IMO).

Modified:
    tomcat/trunk/webapps/docs/config/http.xml
    tomcat/trunk/webapps/docs/ssl-howto.xml

Modified: tomcat/trunk/webapps/docs/config/http.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1716745&r1=1716744&r2=1716745&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Thu Nov 26 17:17:03 2015
@@ -1382,9 +1382,11 @@
       Tomcat also bundles a special SSL implementation for JSSE that is backed
       by OpenSSL. To enable it, the native library should be enabled as if
       intending to use the APR connector, the value of this attribute should be
-      <code>org.apache.tomcat.util.net.openssl.OpenSSLImplementation</code>,
-      and the SSL attributes configuration used should be the one from the APR
-      connector.</p>
+      <code>org.apache.tomcat.util.net.openssl.OpenSSLImplementation</code>.
+      In that case, the attributes from either from either JSSE and OpenSSL
+      configuration styles can be used, as long as the two types are not mixed
+      (for example, it is not allowed to define use of a Java keystore and
+      specify a separate pem private key using the OpenSSL attribute).</p>
     </attribute>
 
   </attributes>

Modified: tomcat/trunk/webapps/docs/ssl-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ssl-howto.xml?rev=1716745&r1=1716744&r2=1716745&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/trunk/webapps/docs/ssl-howto.xml Thu Nov 26 17:17:03 2015
@@ -303,8 +303,9 @@ loaded or not, use one of the following:
 
 <p>Tomcat also provides a SSL engine that directly uses OpenSSL. If the APR 
library
 is installed (as for using the APR connector), using the sslImplementationName 
attribute
-allows enabling it. In that case, the configuration must not use the JSSE 
attributes, but
-all the attributes that are defined for the APR connector.</p>
+allows enabling it. In that case, the configuration can use either the JSSE 
attributes or
+the OpenSSL attributes (as used for the APR connector), but must not mix 
attributes from
+both types in the same SSLHostConfig or Connector element.</p>
 <source><![CDATA[<!-- Define a HTTP/1.1 Connector on port 8443, JSSE NIO 
implementation and OpenSSL -->
 <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443"
            
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to