On 10/11/2013 23:06, Konstantin Kolinko wrote:
> 2013/11/11 <ma...@apache.org>:
>> Author: markt
>> Date: Sun Nov 10 20:20:37 2013
>> New Revision: 1540539
>>
>> URL: http://svn.apache.org/r1540539
>> Log:
>> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55749
>> Improve error message when SSLEngine is disabled in AprLifecycleListener and
>> SSL is configured for an APR/native connector.
>>
>> Modified:
>> tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
>> tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
>>
>> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
>> URL:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1540539&r1=1540538&r2=1540539&view=diff
>> ==============================================================================
>> --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
>> +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Sun Nov 10
>> 20:20:37 2013
>> @@ -514,7 +514,15 @@ public class AprEndpoint extends Abstrac
>> }
>>
>> // Create SSL Context
>> - sslContext = SSLContext.make(rootPool, value,
>> SSL.SSL_MODE_SERVER);
>> + try {
>> + sslContext = SSLContext.make(rootPool, value,
>> SSL.SSL_MODE_SERVER);
>> + } catch (Exception e) {
>> + // If the sslEngine is disabled on the AprLifecycleListener
>> + // there will be an Exception here but there is no way to
>> check
>> + // the AprLifecycleListener settings from here
>> + throw new Exception(
>> + sm.getString("endpoint.apr.failSslContextMake"), e);
>> + }
>> if (SSLInsecureRenegotiation) {
>> boolean legacyRenegSupported = false;
>> try {
>>
>> Modified:
>> tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
>> URL:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties?rev=1540539&r1=1540538&r2=1540539&view=diff
>> ==============================================================================
>> --- tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
>> (original)
>> +++ tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
>> Sun Nov 10 20:20:37 2013
>
>> +endpoint.apr.failSslContextMake=Unable to create SSLContext. Check
>> SSLEngine is enabled in the AprLifecycleListener and that a valid
>> SSLProtocol has been specified
>
> 1. A missing word in the message:
> s/ Check SSLEngine / Check that SSLEngine / or "Check whether SSLEngine ..."?
Fixed.
> 2. Maybe mention that "Check that AprLifecycleListener has initialized
> successfully", in case one missed previous log messages.
Fixed.
> 3. You aren't improving the message reported in Bugzilla, but a different one.
>
> In OP's stacktrace from Tomcat 6:
>
> java.lang.Exception: Socket bind failed: [226] Adresse bereits im Zugriff
> at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:671)
> at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:851)
>
> The above is an implicit call to init() from within start().
>
> I think that there should have been a previous explicit call to
> init() that failed and should have printed an error message.
Ah. I see what you mean. That first error message was equally cryptic so
I fixed that.
> It looks like the message that you are improving should have already
> been in the logs, but OP failed to notice it. The "Address already in
> use" message reported in Bugzilla would still occur when init() is
> called by the second time.
Agreed.
> I do not know whether repeated call to init() is possible in Tomcat 7
> (I hope better lifecycles prevent it),
It doesn't appear to happen in trunk.
> but it looks possible in Tomcat 6.
>
> In AprEndpoint of Tomcat 6
> [[[
> public void init()
> throws Exception {
>
> if (initialized)
> return;
>
> // Create the root APR memory pool
> rootPool = Pool.create(0);
> ...
> ]]]
>
> Maybe add a sanity check just below the "if (initialized) return;" lines
> above:
>
> if (rootPool != 0) then it means that the pool has already been
> created. In other words, init() has already been called once, but
> failed.
I'll take a look at a Tomcat 6 specific patch.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
