DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41051>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41051 Summary: Keystore alias shouldn't be case sensitive Product: Tomcat 5 Version: 5.0.17 Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Connector:HTTP AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] The "alias" attribute of the non-APR SSL connector seems to be case-sensitive. If I specify "classServer" for the alias I get: 28-Nov-2006 1:03:18 AM org.apache.tomcat.util.net.PoolTcpEndpoint acceptSocket SEVERE: Endpoint [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=443]] ignored exception: java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113) at org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:407) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:70) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Unknown Source) Whereas if I use an alias of "classserver" (all lowercase) it works just fine. To make matters worse, the keystore was generated with an alias "classServer" so the lowercase is actually incorrect, and when you hit a webpage through SSL the certificate will indeed show "classServer" using camel-casing. My guess is that this indicates some sort of Tomcat or JDK bug. java.security.Keystore.setCertificateEntry() will actually throw an exception if one tries storing two keys whose aliases only differ by casing, which is why I say the alias has to be treated as case-insensitive. If it isn't fixable, this behavior should at least be documented in the SSL "howto" document beside the bold lettering which reminds readers that passwords are case-sensitive. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
