https://issues.apache.org/bugzilla/show_bug.cgi?id=51343
Bug #: 51343
Summary: Inconsistency in ssl-howto apr example configuration
Product: Tomcat 7
Version: trunk
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: Documentation
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
Sam as in Bug 51342
I checked the same config examples (docs/ssl-howto.xml, apr.xml) and saw the
same issue.
----
When going through the SSL docs to use APR for native OpenSSL I found an
inconsistency in the docs.
in
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File
it suggests that a correct connector in the server.xml should look like:
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="optional" SSLProtocol="TLSv1"/>
-->
this however didn't work and resulted in:
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'clientAuth' to 'true' did not find a matching property.
An actual working config can be found in
http://tomcat.apache.org/tomcat-7.0-doc/apr.html#HTTPS . I propose copying the
example section:
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true"
SSLCertificateFile="${catalina.base}/conf/localhost.crt"
SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
To replace the, what I believe to be false, example in the ssl-howto.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
