https://bz.apache.org/bugzilla/show_bug.cgi?id=62479
Nicolas Therrien <nicolas.therr...@motorolasolutions.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|INVALID |---
Status|RESOLVED |REOPENED
--- Comment #8 from Nicolas Therrien <nicolas.therr...@motorolasolutions.com>
---
I get the feeling this is being dismissed too quickly. It took me several hours
to narrow down the issue and prepare a setup that exposes this problem and come
up with steps to reproduce. This ticket was closed 15 minutes after I
submitted the log... I personally would not be able to review code thoroughly
and be confident of my diagnosis in only 15 minutes.
What did you mean by "tried it on the trunk"? Did you mean that you tried the
truststore using the latest version of Tomcat? If that is the case, then it
does not prove it is not a bug... It could be simply that the bug is still
there?
Before this issue is dismissed as a configuration issue, could you/someone look
at the tomcat code and try to understand why the code behaves differently with
a PKCS12 container vs JKS?
I went to great length in creating this ticket with as much proof as possible
as I could gather.
Consider the following:
1) I do not have this issue on another system based on linux.
2) I included the scripts used to generate the truststores so you can see the
only difference between the problem and non-problem is the keystore type. If
there's anything wrong with the command used to generate PKCS12, then I don`t
see it.
3) Just in case I had a bug in my command line to generate the truststore, I
did the following: I opened the working JDK truststore with Keystore Explorer,
and saved it as a PKCS12 truststore. Still didn`t work and further nudge
towards a particular problem with PKCS12 truststore support on windows.
4) Interestingly, in the same server.xml, I use a PKCS12 keystore for the
server key pair. No problem there. This issue only affects the truststore.
5) Truststore is only used when setting up mutual authentication, which I think
is a much less frequently used configuration, especially combined with the fact
it is a windows installation. Could the unit test for this have missed this
particular use case? I think it`s possible and hence why i went into the
trouble of creating this ticket.
I would appreciate it if we could investigate this a bit more thoroughly.
Thanks,
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
