https://issues.apache.org/bugzilla/show_bug.cgi?id=55017
--- Comment #1 from Christopher Schultz <ch...@christopherschultz.net> ---
I think the code starting at line 217 should probably be an "else" of this if
clause:
if (rmiSSL) {
csf = new SslRMIClientSocketFactory();
ssf = new SslRMIServerSocketFactory(ciphers, protocols,
clientAuth);
}
Otherwise, if rmiSSL and rmiBindAddress are both set, rmiBindAddress will take
precedence and a) we'll create and discard objects for no reason and b)
potentially open a security vulnerability because the user might think they can
have both SSL and a specific address.
We might even want to detect the current incompatibility (I also don't see a
way to specify an interface when creating an SslRMIServerSocketFactory) and
throw an error.
Can you adjust your patch?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
