2012/6/25 <ma...@apache.org>: > Author: markt > Date: Mon Jun 25 19:29:44 2012 > New Revision: 1353709 > > URL: http://svn.apache.org/viewvc?rev=1353709&view=rev > Log: > Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53459 > Fix SSLVerifyClient option in APR SSL example and further clarify how to > modify server.xml based on the desired connector implementation. > > Modified: > tomcat/tc7.0.x/trunk/ (props changed) > tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml > tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml > > Propchange: tomcat/tc7.0.x/trunk/ > ------------------------------------------------------------------------------ > Merged /tomcat/trunk:r1353708 >
> Modified: tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml > URL: > http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1353709&r1=1353708&r2=1353709&view=diff > ============================================================================== > --- tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml (original) > +++ tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Mon Jun 25 19:29:44 2012 > @@ -343,11 +343,14 @@ sources like "/dev/urandom" that will al > <code>$CATALINA_BASE</code> represents the base directory for the > Tomcat instance. An example <code><Connector></code> element > for an SSL connector is included in the default <code>server.xml</code> > -file installed with Tomcat. For JSSE, it should look something like > this:</p> > +file installed with Tomcat. To configure an SSL connector that uses JSSE, > you > +will need to remove the comments and edit it so it looks something like > +this:</p> > <source> > <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> > -<!-- > +<-- Hard-coded to use the NIO protocol implementation --> > <Connector > + protocol="org.apache.coyote.http11.Http11NioProtocol" > port="8443" maxThreads="200" > scheme="https" secure="true" SSLEnabled="true" > keystoreFile="${user.home}/.keystore" keystorePass="changeit" > @@ -355,19 +358,20 @@ file installed with Tomcat. For JSSE, i > --> > </source> > <p> > - The example above will throw an error if you have the APR and the Tomcat > Native libraries in your path, > - as Tomcat will try to use the APR connector. The APR connector uses > different attributes for > - SSL keys and certificates. An example of an APR configuration is: > + The example above will throw an error if you have the APR and the Tomcat > + Native libraries in your path, as Tomcat will try to use the APR connector. The above comment is misplaced. The above example now explicitly uses NIO connector. The APR one is used by example below. > + The APR connector uses different attributes for many SSL settings, > + particularly keys and certificates. An example of an APR configuration is: > <source> > <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> > -<!-- > +<-- Hard-coded to use the APR protocol implementation --> > <Connector > + protocol="org.apache.coyote.http11.Http11AprProtocol" > port="8443" maxThreads="200" > scheme="https" secure="true" SSLEnabled="true" > SSLCertificateFile="/usr/local/ssl/server.crt" > SSLCertificateKeyFile="/usr/local/ssl/server.pem" > - clientAuth="optional" SSLProtocol="TLSv1"/> > ---> > + SSLVerifyClient="optional" SSLProtocol="TLSv1"/> > </source> > </p> > Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
