[Bug 63523] New: JSSEutilBase in tomcat-embed-core getParameters() visibility change breaks compatability and prevents OCSP SOFT_FAIL configuration

bugzilla Thu, 20 Jun 2019 14:00:52 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=63523


            Bug ID: 63523
           Summary: JSSEutilBase in tomcat-embed-core getParameters()
                    visibility change breaks compatability and prevents
                    OCSP SOFT_FAIL configuration
           Product: Tomcat 9
           Version: 9.0.21
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: wj...@yahoo.com.au
  Target Milestone: -----

We updated tomcat-embed-core to mitigate a CVE and our compile failed as we
were subclassing JSSEUtil and overriding getParameters to further configure the
Cert Params.

I have a pull request with a possible solution which does not involve making
the the getParameters() method protected or public, but instead adds an
interface object which can configure params after creation.

Link to PR is here:

https://github.com/apache/tomcat/pull/171

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63523] New: JSSEutilBase in tomcat-embed-core getParameters() visibility change breaks compatability and prevents OCSP SOFT_FAIL configuration

Reply via email to