date:20061208

Re: Smooth applications migration in a J2EE cluster [mod_jk]

2006-12-08 Thread Anthony Vromant


Hi Rainer,

First of all, thank you for these informations.

Here is the HTTP link for the Flash demonstration of our prototype :
https://wiki.objectweb.org/jonas/Upload.jsp?page=JOnASClusteringSmoothUpdateWebCluster 



I am looking at the new features provided by mod_jk 1.2.20, the dynamic 
configuration reloading is quite interesting.

We are going to bring our prototype to this new version.

In our prototype, when a new request is coming with a JSESSIONID cookie, 
a request is sent to the worker (tomcat) for checking the validity (we 
need to know whether the session is still alive).
Currently, the HTTP protocol is used for invoking tomcat rather than 
AJP. The control at the tomcat side is done through an internal servlet 
which accesses the MBean manager for getting the current sessions list.


Do you have any suggestion for improving that ?

Regards,
Anthony

Rainer Jung wrote:

Hi Anthony,

since your oce is based on 1.2.15 first the information for you, that 
between 1.2.15 and the released 1.2.19 there were a lot of features 
added. No old features has been dropped, so it should be feature 
compatible with 1.2.15. You can look at the changelog


http://tomcat.apache.org/connectors-doc/changelog.html

and maybe the easiest way is to scan the document

http://tomcat.apache.org/connectors-doc/config/workers.html

and for Apache

http://tomcat.apache.org/connectors-doc/config/apache.html

resp. for IIS

http://tomcat.apache.org/connectors-doc/config/iis.html

about new parameters, which you didn't know before. There are also 
hints in the docs, which of the params have been added in which version.


Concerning 1.2.20 I'll make a tarball for testing including the docs 
most likely tonight. We changed a bit more, than was planned, so we 
give people a couple of days to report problems early, before we tag 
the release. Again, all changes will be contained in the configuration 
reference guide.


Regards,

Rainer

Anthony Vromant wrote:

Rainer Jung wrote:

Mladen Turk wrote:

Anthony Vromant wrote:


Would it be possible to integrate such a feature in the original 
mod_jk ? If yes, we may contribute to the development by providing 
our code.




There is no need to ask something like that.
Just like for any other patch bring in the code,
and we'll discuss, but it cannot be answered in advance.
Anyhow, according to the description it looks very interesting.

Regards,
Mladen.


Exactly the same from me. The upcoming release 1.2.20 will already 
include a lot of improvements in the jk status worker and we all 
think, that managing changes in a distributed 24x7 system already is 
a very important topic.


Waiting for your proposals :)

Rainer

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Glad to note that you are interested in this topic.

I propose to send you as soon as possible a HTTP link towards a Flash 
presentation of our prototype.

Thus you'll have a good overview of the feature.

For the source code, we have to do some 'cleaning' work before being 
able to submit it to you.


Can you tell me where to find information about new features of 
mod_jk 1.2.20 ?


For your information, our prototype is built from  mod_jk 1.2.15. We 
could bring it to the 1.2.20.


Regards.


Anthony Vromant
http://jonas.objectweb.org
Bull, Architect of an Open World TM
http://www.bull.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






--

Anthony Vromant
http://jonas.objectweb.org
Bull, Architect of an Open World TM
http://www.bull.com 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat 6.0.4 and http thread releasing

2006-12-08 Thread Henri Gomez


Hi to all,

I'm doing some stress testing on Tomcat 6.0.4 on i5/OS with IBM Java 5
32 bits, no APR here.

I used ApacheBench to stress the Tomcat 6.0.4 sending about 1 million
requests on 100 concurrents connections (using keep alive).

I expected to see the number of HTTP thread to reduce after the test
but it's not the case, and that's what I see thru JConsole for all
HTTP threads


Name: http-18081-150
State: WAITING on [EMAIL PROTECTED]
Total blocked: 17  Total waited: 435

Stack trace:
java.lang.Object.wait(Native Method)
java.lang.Object.wait(Object.java:199)
org.apache.tomcat.util.net.JIoEndpoint$Worker.await(JIoEndpoint.java:414)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:440)
java.lang.Thread.run(Thread.java:797)


Configuration is :



What could be the problem ?

FYI, the acceptCount is set to 100 and I tested ab2 with 125
connections and as such ab2 has been rejected since I think the 125
connections arrived in the same time.

Regards

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 6.0.4 and http thread releasing

2006-12-08 Thread Remy Maucherat


Henri Gomez wrote:

What could be the problem ?


The user :D

Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 6.0.4 and http thread releasing

2006-12-08 Thread Henri Gomez


The user :D


No seriously, what's the problem ?

There is no active connections :

18081  000:47:36  Listen
18082  000:01:04  Listen
18083  002:04:57  Listen
18089  002:04:57  Listen

Tomcat shouldn't close the Thread to keep only 25 http Threads ?

But may be I'm a bozo ?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 6.0.4 and http thread releasing

2006-12-08 Thread Henri Gomez


Oups,

To keep only 75 spare http Threads

2006/12/8, Henri Gomez <[EMAIL PROTECTED]>:

> The user :D

No seriously, what's the problem ?

There is no active connections :

18081  000:47:36  Listen
18082  000:01:04  Listen
18083  002:04:57  Listen
18089  002:04:57  Listen

Tomcat shouldn't close the Thread to keep only 25 http Threads ?

But may be I'm a bozo ?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Smooth applications migration in a J2EE cluster [mod_jk]

2006-12-08 Thread Henri Gomez


The page is password protected ;(

Sad since I'm also very interested in seeing what you plain to do.

Regards

2006/12/8, Anthony Vromant <[EMAIL PROTECTED]>:

Hi Rainer,

First of all, thank you for these informations.

Here is the HTTP link for the Flash demonstration of our prototype :
https://wiki.objectweb.org/jonas/Upload.jsp?page=JOnASClusteringSmoothUpdateWebCluster


I am looking at the new features provided by mod_jk 1.2.20, the dynamic
configuration reloading is quite interesting.
We are going to bring our prototype to this new version.

In our prototype, when a new request is coming with a JSESSIONID cookie,
a request is sent to the worker (tomcat) for checking the validity (we
need to know whether the session is still alive).
Currently, the HTTP protocol is used for invoking tomcat rather than
AJP. The control at the tomcat side is done through an internal servlet
which accesses the MBean manager for getting the current sessions list.

Do you have any suggestion for improving that ?

Regards,
Anthony

Rainer Jung wrote:
> Hi Anthony,
>
> since your oce is based on 1.2.15 first the information for you, that
> between 1.2.15 and the released 1.2.19 there were a lot of features
> added. No old features has been dropped, so it should be feature
> compatible with 1.2.15. You can look at the changelog
>
> http://tomcat.apache.org/connectors-doc/changelog.html
>
> and maybe the easiest way is to scan the document
>
> http://tomcat.apache.org/connectors-doc/config/workers.html
>
> and for Apache
>
> http://tomcat.apache.org/connectors-doc/config/apache.html
>
> resp. for IIS
>
> http://tomcat.apache.org/connectors-doc/config/iis.html
>
> about new parameters, which you didn't know before. There are also
> hints in the docs, which of the params have been added in which version.
>
> Concerning 1.2.20 I'll make a tarball for testing including the docs
> most likely tonight. We changed a bit more, than was planned, so we
> give people a couple of days to report problems early, before we tag
> the release. Again, all changes will be contained in the configuration
> reference guide.
>
> Regards,
>
> Rainer
>
> Anthony Vromant wrote:
>> Rainer Jung wrote:
>>> Mladen Turk wrote:
 Anthony Vromant wrote:
>
> Would it be possible to integrate such a feature in the original
> mod_jk ? If yes, we may contribute to the development by providing
> our code.
>

 There is no need to ask something like that.
 Just like for any other patch bring in the code,
 and we'll discuss, but it cannot be answered in advance.
 Anyhow, according to the description it looks very interesting.

 Regards,
 Mladen.
>>>
>>> Exactly the same from me. The upcoming release 1.2.20 will already
>>> include a lot of improvements in the jk status worker and we all
>>> think, that managing changes in a distributed 24x7 system already is
>>> a very important topic.
>>>
>>> Waiting for your proposals :)
>>>
>>> Rainer
>>>
>>> -
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>> Glad to note that you are interested in this topic.
>>
>> I propose to send you as soon as possible a HTTP link towards a Flash
>> presentation of our prototype.
>> Thus you'll have a good overview of the feature.
>>
>> For the source code, we have to do some 'cleaning' work before being
>> able to submit it to you.
>>
>> Can you tell me where to find information about new features of
>> mod_jk 1.2.20 ?
>>
>> For your information, our prototype is built from  mod_jk 1.2.15. We
>> could bring it to the 1.2.20.
>>
>> Regards.
>>
>> 
>> Anthony Vromant
>> http://jonas.objectweb.org
>> Bull, Architect of an Open World TM
>> http://www.bull.com
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--

Anthony Vromant
http://jonas.objectweb.org
Bull, Architect of an Open World TM
http://www.bull.com


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r483966 - /tomcat/build/tc5.5.x/build.properties.default

2006-12-08 Thread pero

Author: pero
Date: Fri Dec  8 04:37:43 2006
New Revision: 483966

URL: http://svn.apache.org/viewvc?view=rev&rev=483966
Log:
fix wrong download archive name

Modified:
tomcat/build/tc5.5.x/build.properties.default

Modified: tomcat/build/tc5.5.x/build.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/build/tc5.5.x/build.properties.default?view=diff&rev=483966&r1=483965&r2=483966
==
--- tomcat/build/tc5.5.x/build.properties.default (original)
+++ tomcat/build/tc5.5.x/build.properties.default Fri Dec  8 04:37:43 2006
@@ -124,7 +124,7 @@
 commons-modeler.home=${base.path}/commons-modeler-2.0
 commons-modeler.lib=${commons-modeler.home}
 commons-modeler.jar=${commons-modeler.lib}/commons-modeler-2.0.jar
-commons-modeler.loc=${base-jakarta.loc}/commons/modeler/binaries/modeler-2.0.tar.gz
+commons-modeler.loc=${base-jakarta.loc}/commons/modeler/binaries/commons-modeler-2.0.tar.gz
 
 # - Xerces XML Parser, version 2.8.0 -
 xerces.home=${base.path}/xerces-2_8_0



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41134] New: - Unable to run Apache Tomcat

2006-12-08 Thread bugzilla

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41134

   Summary: Unable to run Apache Tomcat
   Product: Tomcat 6
   Version: 6.0.0
  Platform: PC
OS/Version: Windows Server 2003
Status: NEW
  Severity: critical
  Priority: P1
 Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


After lots of installation and uninstall I am not able to run Apache Tomcat.

And find it very difficult.

My machine is running on Windows 2003 server with IIS 6.0.

As I want to run servlets I have installed Apache Tomcat v6.0, ( JVM is 
already installed ).

But I'm not able to run the Apache. Windows System Event Log says: The Apache 
Tomcat service terminated with service-specific error 0 (0x0).

A couple of times I have uninstalled JVM, Apache and installed the same still 
have the same issue.

Please let me know the workaround.

Thank you,

Regards,

Raj

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Smooth applications migration in a J2EE cluster [mod_jk]

2006-12-08 Thread Anthony Vromant


Hi,

This will be better with this link :
https://wiki.objectweb.org/jonas/Wiki.jsp?page=JOnASClusteringSmoothUpdateWebCluster

You just have to click on "Launch the demonstration".

Sorry for the mistake.

Regards,
Anthony

Henri Gomez wrote:

The page is password protected ;(

Sad since I'm also very interested in seeing what you plain to do.

Regards

2006/12/8, Anthony Vromant <[EMAIL PROTECTED]>:



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: mod_jk environment variable handling in Apache

2006-12-08 Thread Henri Gomez

Oups forgot to respond

The unique case where an env var could be usefull is by VirtualHost

2006/11/23, Rainer Jung <[EMAIL PROTECTED]>:
Henri Gomez wrote:
> I'm doing extensive use VirtualHost and no-jk directive on our Apache
> 2.0.x servers so I'm very carefull about any changes in these area.

There is one strange thing concerning apache and JkEnvVar. The mod_jk
code handles them, as if it would make sense to have the same env var
multiple times, with different default values. More precisely it uses
"add table" instead of "set table" when JkEnvVar is being processed (so
appending duplicates) and it also uses overlay tables to merge between
base and vhost, which again appends all the base values to the vhost.

This doesn't seem to make sense, because a servlet request attribute can
only have one value.

I would like to clean that up, so that later calls to JkEnvVar for the
same variable overwrites earlier ones (using set table instead of add
table), and all calls in vhost overwrite the ones in base (merging more
carefully than table overlay does).

Do you know any use case, where the current behaviour makes sense?

I expect, that nobody really cared, because a config where the same env
var is used with multiple default values doesn't really look reasonable.

Regards,

Rainer

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[OT] Windows cmd parsing

2006-12-08 Thread Mladen Turk


Hi,

If anyone has access to the Windows 2000 or Windows NT 4.0
(I have 2k3 and XP, so I know its working), can you do the
following:

Open cmd.exe
C:> set "FOO=FOO BAR"
C:> echo %FOO%

And give me the output?
The problem is that I'm not sure how pre-XP handles
the SET directive is there is a single quoted param containing '='


Thanks,
Mladen.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [OT] Windows cmd parsing

2006-12-08 Thread Fenlason, Josh

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\stagecoach>set "FOO=FOO BAR"

C:\Documents and Settings\stagecoach>echo %FOO%
FOO BAR

C:\Documents and Settings\stagecoach> 

> -Original Message-
> From: Mladen Turk [mailto:[EMAIL PROTECTED] 
> Sent: Friday, December 08, 2006 10:43 AM
> To: Tomcat Developers List
> Subject: [OT] Windows cmd parsing
> 
> Hi,
> 
> If anyone has access to the Windows 2000 or Windows NT 4.0 (I 
> have 2k3 and XP, so I know its working), can you do the
> following:
> 
> Open cmd.exe
> C:> set "FOO=FOO BAR"
> C:> echo %FOO%
> 
> And give me the output?
> The problem is that I'm not sure how pre-XP handles the SET 
> directive is there is a single quoted param containing '='
> 
> 
> Thanks,
> Mladen.
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> additional commands, e-mail: [EMAIL PROTECTED]
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [OT] Windows cmd parsing

2006-12-08 Thread Mladen Turk


Fenlason, Josh wrote:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\stagecoach>set "FOO=FOO BAR"

C:\Documents and Settings\stagecoach>echo %FOO%
FOO BAR



Excellent, so it works on 2K as well!

Thanks,
Mladen.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r484669 - /tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c

2006-12-08 Thread jim

Author: jim
Date: Fri Dec  8 09:41:09 2006
New Revision: 484669

URL: http://svn.apache.org/viewvc?view=rev&rev=484669
Log:
The action is always the same on the 3 conditionals,
so why make it appear they are different? Make the code
more clear.

Modified:
tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c

Modified: tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c?view=diff&rev=484669&r1=484668&r2=484669
==
--- tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c (original)
+++ tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c Fri Dec  8 09:41:09 
2006
@@ -840,12 +840,10 @@
 rec->s->busy++;
 if (rec->s->busy > rec->s->max_busy)
 rec->s->max_busy = rec->s->busy;
-if (p->worker->lbmethod == JK_LB_METHOD_REQUESTS)
-rec->s->lb_value += rec->s->lb_mult;
-else if (p->worker->lbmethod == JK_LB_METHOD_SESSIONS &&
- !sessionid)
-rec->s->lb_value += rec->s->lb_mult;
-else if (p->worker->lbmethod == JK_LB_METHOD_BUSYNESS)
+if ( (p->worker->lbmethod == JK_LB_METHOD_REQUESTS) ||
+ (p->worker->lbmethod == JK_LB_METHOD_BUSYNESS) ||
+ (p->worker->lbmethod == JK_LB_METHOD_SESSIONS &&
+  !sessionid) )
 rec->s->lb_value += rec->s->lb_mult;
 if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
 jk_shm_unlock();



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Support for JAAS credentials

2006-12-08 Thread Shivaraj Tenginakai


Hi All,

The current JAAS based authentication in Tomcat (6.0.2) , has no means of
manipulating the associated credentials. This prevents an application from
specifying more complex security policies. For example, timing out the roles
independent of the session timeout.

A very simple fix would be to make the subject object accessible from the
session object. Once could then, for example, use a valve to enforce custom
security policies.

Though not part of servlet specification (from what I can tell), are there
any strong reasons for not supporting this feature.

Thanks much,

Shivaraj

Re: redistribution of sun j2ee xsd's and dtd's

2006-12-08 Thread Kevan Miller



On Dec 6, 2006, at 8:29 PM, Jeanfrancois Arcand wrote:




Remy Maucherat wrote:

Kevan Miller wrote:
Well, that's certainly the way it  to be, IMO. However,  
the xsd's (e.g. http://svn.apache.org/repos/asf/tomcat/tc6.0.x/ 
trunk/java/javax/servlet/resources/j2ee_1_4.xsd) are copyrighted  
by Sun and distribution is explicitly disallowed without  
authorization by Sun...


None of this is mentioned in your license or notice files,  
either, which would be helpful...


BTW, I see the Eclipse JDT compiler is included in your  
distribution. It's mentioned in your notice, but the license  
should be included, also.
I don't know yet (note: these files have always been shipped with  
Tomcat, so I don't think a resolution is urgent).
I verified the descriptors exist in the specification documents  
(in the PDFs) without any Sun copyright comments, so I believe  
they can legally be distributed with Tomcat under the Apache  
license without any problem, and the Sun related portion should be  
removed. I think you should ask on the jcp list at Apache for  
verification, since they probably know that.


I'm also double checking internally. Should have an answer soom.


Thanks Jeanfrancois. Any progress?

--kevan

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: New 6.0.x build

2006-12-08 Thread Filip Hanik - Dev Lists

I've documented the JAR dependencies below, I used a little tool jarjar, 
I hope its correct, but this is the deps scheme I plan to use to do the 
maven publish of individual jars.

jars not listed, don't have dependencies

bootstrap.jar -> catalina.jar
bootstrap.jar -> tomcat-juli.jar
catalina-ant.jar -> catalina.jar
catalina-ant.jar -> tomcat-coyote.jar
catalina-ha.jar -> catalina.jar
catalina-ha.jar -> tomcat-juli.jar
catalina-ha.jar -> catalina-tribes.jar
catalina-ha.jar -> tomcat-coyote.jar
catalina-ha.jar -> servlet-api.jar
catalina-tribes.jar -> tomcat-juli.jar
jasper-el.jar -> el-api.jar
jasper.jar -> tomcat-juli.jar
jasper.jar -> servlet-api.jar
jasper.jar -> jsp-api.jar
jasper.jar -> el-api.jar
jasper.jar -> jasper-jdt.jar
jasper.jar -> jasper-el.jar
jasper.jar -> catalina.jar
catalina.jar -> servlet-api.jar
catalina.jar -> tomcat-juli.jar
catalina.jar -> tomcat-coyote.jar
catalina.jar -> annotations-api.jar
tomcat-coyote.jar -> tomcat-juli.jar
tomcat-coyote.jar -> catalina.jar
tomcat-coyote.jar -> servlet-api.jar
jsp-api.jar -> servlet-api.jar
jsp-api.jar -> el-api.jar

Filip

Filip Hanik - Dev Lists wrote:
I'm planning on doing this (individual maven uploads) tomorrow, let me 
know if anyone has already started


Filip

Filip Hanik - Dev Lists wrote:

Sounds great, I'm traveling next week so I'll be out of the loop.
Here are the different uploads that I would suggest go to a maven repo


I believe all of these in their individual form are useful, and most 
have been requested already.


If you have other (better) suggestions, I'm open.

Filip



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat and OCSP

2006-12-08 Thread Mark Claassen

I asked this on the user list, but perhaps this is a question better for
here.  I have been using Tomcat for a while, but have not been developing
yet really (although I did submit a patch a while ago to the CGIServlet).
However, this OCSP issue has potential to really hit the fan for us and if
there is something that needs to be done, I would like to try.

-Original Message-

Now that I see Tomcat 6.0 is on it's way, I was wondering if OCSP is going
to be included?  This is being required by more and more people these days
(like the US government).

If there are no plans to include it yet, how can this issue be escalated?  I
see that OCSP support is bundled into the new JDKs, does this mean that it
would not be too difficult for an enterprising (and desperate) developer to
tackle?

Mark
 
-Original Message-
From: Velpi [mailto:[EMAIL PROTECTED]
Sent: Monday, July 31, 2006 4:33 AM
To: Tomcat Users List
Subject: Re: Tomcat and OCSP

> Does the new support for OCSP in Java 5.0 have any impact on how 
> certificates are handled in Tomcat?
> http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
>  
> It looks like it might just work if it is set up right in the java 
> property files.  I checked the mailing list archives and found a few 
> old references to OCSP, but nothing definitive.  Any guidance would be
greatly appreciated.

I'm trying to set this up too. Did you get it up and running properly yet?
(any
hints?)


-- Velpi

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat and OCSP

2006-12-08 Thread Yoav Shapira

Mark,
If you submit a patch for OCSP support, I'll gladly review it, and I
imagine several other people would be interested as well.

Yoav

On 12/8/06, Mark Claassen <[EMAIL PROTECTED]> wrote:

I asked this on the user list, but perhaps this is a question better for
here.  I have been using Tomcat for a while, but have not been developing
yet really (although I did submit a patch a while ago to the CGIServlet).
However, this OCSP issue has potential to really hit the fan for us and if
there is something that needs to be done, I would like to try.

-Original Message-

Now that I see Tomcat 6.0 is on it's way, I was wondering if OCSP is going
to be included?  This is being required by more and more people these days
(like the US government).

If there are no plans to include it yet, how can this issue be escalated?  I
see that OCSP support is bundled into the new JDKs, does this mean that it
would not be too difficult for an enterprising (and desperate) developer to
tackle?

Mark

-Original Message-
From: Velpi [mailto:[EMAIL PROTECTED]
Sent: Monday, July 31, 2006 4:33 AM
To: Tomcat Users List
Subject: Re: Tomcat and OCSP

> Does the new support for OCSP in Java 5.0 have any impact on how
> certificates are handled in Tomcat?
> http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
>
> It looks like it might just work if it is set up right in the java
> property files.  I checked the mailing list archives and found a few
> old references to OCSP, but nothing definitive.  Any guidance would be
greatly appreciated.

I'm trying to set this up too. Did you get it up and running properly yet?
(any
hints?)

-- Velpi

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41124] - tcnative problem when streaming files large PDF files (ClientAbortException)

2006-12-08 Thread bugzilla

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41124





--- Additional Comments From [EMAIL PROTECTED]  2006-12-08 12:14 ---
(In reply to comment #3)
> 
> [..snip..]
> 
> taking out connectionTimeout="2" fixed it for me. I can't remember why i 
> put
> a timeout there in the first place, but what's the downside of taking it out?
> 

Spoke too soon. I don't think that had anything to do with it. The only fix is
to not specify -Djava.library.path (which is where it looks for the native 
library).


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat and OCSP

2006-12-08 Thread Mark Claassen

Since you say that, I am assuming that OCSP is so far not included in Tomcat
6.0.

Any hints on where to start would be greatly appreciated.

Mark

P.S.  I am doing the download target in the build right now and I am getting
this:
downloadgz:
  [get] Getting:
http://archive.apache.org/dist/jakarta/commons/collections/source/commons-co
llections-3.1-src.tar.gz
  [get] To: C:\usr\share\java\file.tar.gz
   [gunzip] Expanding C:\usr\share\java\file.tar.gz to
C:\usr\share\java\file.tar

BUILD FAILED
C:\dsi\Netbeans\GeneralProjects\Tomcat6\apache-tomcat-6.0.2-src\build.xml:55
3: The following error occurred while executing this line:
C:\dsi\Netbeans\GeneralProjects\Tomcat6\apache-tomcat-6.0.2-src\build.xml:51
8: Problem expanding gzip invalid block type

 
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yoav
Shapira
Sent: Friday, December 08, 2006 3:03 PM
To: Tomcat Developers List
Subject: Re: Tomcat and OCSP

Mark,
If you submit a patch for OCSP support, I'll gladly review it, and I imagine
several other people would be interested as well.

Yoav

On 12/8/06, Mark Claassen <[EMAIL PROTECTED]> wrote:
> I asked this on the user list, but perhaps this is a question better 
> for here.  I have been using Tomcat for a while, but have not been 
> developing yet really (although I did submit a patch a while ago to the
CGIServlet).
> However, this OCSP issue has potential to really hit the fan for us 
> and if there is something that needs to be done, I would like to try.
>
> -Original Message-
>
> Now that I see Tomcat 6.0 is on it's way, I was wondering if OCSP is 
> going to be included?  This is being required by more and more people 
> these days (like the US government).
>
> If there are no plans to include it yet, how can this issue be 
> escalated?  I see that OCSP support is bundled into the new JDKs, does 
> this mean that it would not be too difficult for an enterprising (and 
> desperate) developer to tackle?
>
> Mark
>
> -Original Message-
> From: Velpi [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 31, 2006 4:33 AM
> To: Tomcat Users List
> Subject: Re: Tomcat and OCSP
>
> > Does the new support for OCSP in Java 5.0 have any impact on how 
> > certificates are handled in Tomcat?
> > http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
> >
> > It looks like it might just work if it is set up right in the java 
> > property files.  I checked the mailing list archives and found a few 
> > old references to OCSP, but nothing definitive.  Any guidance would 
> > be
> greatly appreciated.
>
> I'm trying to set this up too. Did you get it up and running properly yet?
> (any
> hints?)
>
>
> -- Velpi
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
> e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
> e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat and OCSP

2006-12-08 Thread Filip Hanik - Dev Lists

is a patch even required? or is OSCP something you just turn on since 
its built into the JDK

Mark, do you have anymore details what this would involve?
Filip

Yoav Shapira wrote:

Mark,
If you submit a patch for OCSP support, I'll gladly review it, and I
imagine several other people would be interested as well.

Yoav

On 12/8/06, Mark Claassen <[EMAIL PROTECTED]> wrote:

I asked this on the user list, but perhaps this is a question better for
here.  I have been using Tomcat for a while, but have not been 
developing
yet really (although I did submit a patch a while ago to the 
CGIServlet).
However, this OCSP issue has potential to really hit the fan for us 
and if

there is something that needs to be done, I would like to try.

-Original Message-

Now that I see Tomcat 6.0 is on it's way, I was wondering if OCSP is 
going
to be included?  This is being required by more and more people these 
days

(like the US government).

If there are no plans to include it yet, how can this issue be 
escalated?  I
see that OCSP support is bundled into the new JDKs, does this mean 
that it
would not be too difficult for an enterprising (and desperate) 
developer to

tackle?

Mark

-Original Message-
From: Velpi [mailto:[EMAIL PROTECTED]
Sent: Monday, July 31, 2006 4:33 AM
To: Tomcat Users List
Subject: Re: Tomcat and OCSP

> Does the new support for OCSP in Java 5.0 have any impact on how
> certificates are handled in Tomcat?
> http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
>
> It looks like it might just work if it is set up right in the java
> property files.  I checked the mailing list archives and found a few
> old references to OCSP, but nothing definitive.  Any guidance would be
greatly appreciated.

I'm trying to set this up too. Did you get it up and running properly 
yet?

(any
hints?)

-- Velpi

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat and OCSP

2006-12-08 Thread Yoav Shapira


Hi,
Wouldn't you need OCSP revocation handling at the SSL connector
processing point?  That's the patch I was thinking of, but I'm not an
expert in this area, so I might be off-base.

Yoav

On 12/8/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:

is a patch even required? or is OSCP something you just turn on since
its built into the JDK
Mark, do you have anymore details what this would involve?
Filip

Yoav Shapira wrote:
> Mark,
> If you submit a patch for OCSP support, I'll gladly review it, and I
> imagine several other people would be interested as well.
>
> Yoav
>
> On 12/8/06, Mark Claassen <[EMAIL PROTECTED]> wrote:
>> I asked this on the user list, but perhaps this is a question better for
>> here.  I have been using Tomcat for a while, but have not been
>> developing
>> yet really (although I did submit a patch a while ago to the
>> CGIServlet).
>> However, this OCSP issue has potential to really hit the fan for us
>> and if
>> there is something that needs to be done, I would like to try.
>>
>> -Original Message-
>>
>> Now that I see Tomcat 6.0 is on it's way, I was wondering if OCSP is
>> going
>> to be included?  This is being required by more and more people these
>> days
>> (like the US government).
>>
>> If there are no plans to include it yet, how can this issue be
>> escalated?  I
>> see that OCSP support is bundled into the new JDKs, does this mean
>> that it
>> would not be too difficult for an enterprising (and desperate)
>> developer to
>> tackle?
>>
>> Mark
>>
>> -Original Message-
>> From: Velpi [mailto:[EMAIL PROTECTED]
>> Sent: Monday, July 31, 2006 4:33 AM
>> To: Tomcat Users List
>> Subject: Re: Tomcat and OCSP
>>
>> > Does the new support for OCSP in Java 5.0 have any impact on how
>> > certificates are handled in Tomcat?
>> > http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
>> >
>> > It looks like it might just work if it is set up right in the java
>> > property files.  I checked the mailing list archives and found a few
>> > old references to OCSP, but nothing definitive.  Any guidance would be
>> greatly appreciated.
>>
>> I'm trying to set this up too. Did you get it up and running properly
>> yet?
>> (any
>> hints?)
>>
>>
>> -- Velpi
>>
>> -
>> To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
>> e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>> -
>> To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
>> e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat and OCSP

2006-12-08 Thread Filip Hanik - Dev Lists


I would imagine that should be automatic,
you just configure the responder URL for your JVM

http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html#OCSP

Filip

Yoav Shapira wrote:

Hi,
Wouldn't you need OCSP revocation handling at the SSL connector
processing point?  That's the patch I was thinking of, but I'm not an
expert in this area, so I might be off-base.

Yoav

On 12/8/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:

is a patch even required? or is OSCP something you just turn on since
its built into the JDK
Mark, do you have anymore details what this would involve?
Filip

Yoav Shapira wrote:
> Mark,
> If you submit a patch for OCSP support, I'll gladly review it, and I
> imagine several other people would be interested as well.
>
> Yoav
>
> On 12/8/06, Mark Claassen <[EMAIL PROTECTED]> wrote:
>> I asked this on the user list, but perhaps this is a question 
better for

>> here.  I have been using Tomcat for a while, but have not been
>> developing
>> yet really (although I did submit a patch a while ago to the
>> CGIServlet).
>> However, this OCSP issue has potential to really hit the fan for us
>> and if
>> there is something that needs to be done, I would like to try.
>>
>> -Original Message-
>>
>> Now that I see Tomcat 6.0 is on it's way, I was wondering if OCSP is
>> going
>> to be included?  This is being required by more and more people these
>> days
>> (like the US government).
>>
>> If there are no plans to include it yet, how can this issue be
>> escalated?  I
>> see that OCSP support is bundled into the new JDKs, does this mean
>> that it
>> would not be too difficult for an enterprising (and desperate)
>> developer to
>> tackle?
>>
>> Mark
>>
>> -Original Message-
>> From: Velpi [mailto:[EMAIL PROTECTED]
>> Sent: Monday, July 31, 2006 4:33 AM
>> To: Tomcat Users List
>> Subject: Re: Tomcat and OCSP
>>
>> > Does the new support for OCSP in Java 5.0 have any impact on how
>> > certificates are handled in Tomcat?
>> > http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
>> >
>> > It looks like it might just work if it is set up right in the java
>> > property files.  I checked the mailing list archives and found a 
few
>> > old references to OCSP, but nothing definitive.  Any guidance 
would be

>> greatly appreciated.
>>
>> I'm trying to set this up too. Did you get it up and running properly
>> yet?
>> (any
>> hints?)
>>
>>
>> -- Velpi
>>
>> -
>> To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
>> e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>> -
>> To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
>> e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat and OCSP

2006-12-08 Thread Mark Claassen

I am really not sure what is involved...as I have not done all the necessary
research.

My understanding is that the location of the revocation server is built into
the certificates themselves somehow.

Several months ago I looked around, and thought I saw where you did the
certificate validation.  I believe it was done manually, not using the
standard Java APIs.  (My assumption was that this functionality pre-dated
the Java API.)

I was hoping that all that would be involved would be to locate that area
and try to use the Java certificate validation APIs instead of these custom
ones.  Then, hopefully the OSCP stuff would just work.

There is a lot of "Hope" in this, but hey, it's Christmas! :)

Mark
 
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yoav
Shapira
Sent: Friday, December 08, 2006 3:26 PM
To: Tomcat Developers List
Subject: Re: Tomcat and OCSP

Hi,
Wouldn't you need OCSP revocation handling at the SSL connector processing
point?  That's the patch I was thinking of, but I'm not an expert in this
area, so I might be off-base.

Yoav

On 12/8/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:
> is a patch even required? or is OSCP something you just turn on since 
> its built into the JDK Mark, do you have anymore details what this 
> would involve?
> Filip
>
> Yoav Shapira wrote:
> > Mark,
> > If you submit a patch for OCSP support, I'll gladly review it, and I 
> > imagine several other people would be interested as well.
> >
> > Yoav
> >
> > On 12/8/06, Mark Claassen <[EMAIL PROTECTED]> wrote:
> >> I asked this on the user list, but perhaps this is a question 
> >> better for here.  I have been using Tomcat for a while, but have 
> >> not been developing yet really (although I did submit a patch a 
> >> while ago to the CGIServlet).
> >> However, this OCSP issue has potential to really hit the fan for us 
> >> and if there is something that needs to be done, I would like to 
> >> try.
> >>
> >> -Original Message-
> >>
> >> Now that I see Tomcat 6.0 is on it's way, I was wondering if OCSP 
> >> is going to be included?  This is being required by more and more 
> >> people these days (like the US government).
> >>
> >> If there are no plans to include it yet, how can this issue be 
> >> escalated?  I see that OCSP support is bundled into the new JDKs, 
> >> does this mean that it would not be too difficult for an 
> >> enterprising (and desperate) developer to tackle?
> >>
> >> Mark
> >>
> >> -Original Message-
> >> From: Velpi [mailto:[EMAIL PROTECTED]
> >> Sent: Monday, July 31, 2006 4:33 AM
> >> To: Tomcat Users List
> >> Subject: Re: Tomcat and OCSP
> >>
> >> > Does the new support for OCSP in Java 5.0 have any impact on how 
> >> > certificates are handled in Tomcat?
> >> > http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
> >> >
> >> > It looks like it might just work if it is set up right in the 
> >> > java property files.  I checked the mailing list archives and 
> >> > found a few old references to OCSP, but nothing definitive.  Any 
> >> > guidance would be
> >> greatly appreciated.
> >>
> >> I'm trying to set this up too. Did you get it up and running 
> >> properly yet?
> >> (any
> >> hints?)
> >>
> >>
> >> -- Velpi
> >>
> >> ---
> >> -- To start a new topic, e-mail: users@tomcat.apache.org To 
> >> unsubscribe,
> >> e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >> ---
> >> -- To start a new topic, e-mail: users@tomcat.apache.org To 
> >> unsubscribe,
> >> e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >> ---
> >> -- To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> >> additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >
> > 
> > - To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> > additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat and OCSP

2006-12-08 Thread Mark Claassen

I don't know.  I am looking at the Tomcat 6.0 source, and I see 
protected void configureClientAuth(SSLServerSocket socket){
if (wantClientAuth){
socket.setWantClientAuth(wantClientAuth);
} else {
socket.setNeedClientAuth(requireClientAuth);
}
}

Since this is using a java.net.ssl.SSLServerSocket, maybe this is set to
work...

Mark
 
-Original Message-
From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 08, 2006 3:48 PM
To: Tomcat Developers List
Subject: Re: Tomcat and OCSP

I would imagine that should be automatic, you just configure the responder
URL for your JVM

http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html#OCSP

Filip

Yoav Shapira wrote:
> Hi,
> Wouldn't you need OCSP revocation handling at the SSL connector 
> processing point?  That's the patch I was thinking of, but I'm not an 
> expert in this area, so I might be off-base.
>
> Yoav
>
> On 12/8/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:
>> is a patch even required? or is OSCP something you just turn on since 
>> its built into the JDK Mark, do you have anymore details what this 
>> would involve?
>> Filip
>>
>> Yoav Shapira wrote:
>> > Mark,
>> > If you submit a patch for OCSP support, I'll gladly review it, and 
>> > I imagine several other people would be interested as well.
>> >
>> > Yoav
>> >
>> > On 12/8/06, Mark Claassen <[EMAIL PROTECTED]> wrote:
>> >> I asked this on the user list, but perhaps this is a question
>> better for
>> >> here.  I have been using Tomcat for a while, but have not been 
>> >> developing yet really (although I did submit a patch a while ago 
>> >> to the CGIServlet).
>> >> However, this OCSP issue has potential to really hit the fan for 
>> >> us and if there is something that needs to be done, I would like 
>> >> to try.
>> >>
>> >> -Original Message-
>> >>
>> >> Now that I see Tomcat 6.0 is on it's way, I was wondering if OCSP 
>> >> is going to be included?  This is being required by more and more 
>> >> people these days (like the US government).
>> >>
>> >> If there are no plans to include it yet, how can this issue be 
>> >> escalated?  I see that OCSP support is bundled into the new JDKs, 
>> >> does this mean that it would not be too difficult for an 
>> >> enterprising (and desperate) developer to tackle?
>> >>
>> >> Mark
>> >>
>> >> -Original Message-
>> >> From: Velpi [mailto:[EMAIL PROTECTED]
>> >> Sent: Monday, July 31, 2006 4:33 AM
>> >> To: Tomcat Users List
>> >> Subject: Re: Tomcat and OCSP
>> >>
>> >> > Does the new support for OCSP in Java 5.0 have any impact on how 
>> >> > certificates are handled in Tomcat?
>> >> > http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.htm
>> >> > l
>> >> >
>> >> > It looks like it might just work if it is set up right in the 
>> >> > java property files.  I checked the mailing list archives and 
>> >> > found a
>> few
>> >> > old references to OCSP, but nothing definitive.  Any guidance
>> would be
>> >> greatly appreciated.
>> >>
>> >> I'm trying to set this up too. Did you get it up and running 
>> >> properly yet?
>> >> (any
>> >> hints?)
>> >>
>> >>
>> >> -- Velpi
>> >>
>> >> --
>> >> --- To start a new topic, e-mail: users@tomcat.apache.org To 
>> >> unsubscribe,
>> >> e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >> --
>> >> --- To start a new topic, e-mail: users@tomcat.apache.org To 
>> >> unsubscribe,
>> >> e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >> --
>> >> --- To unsubscribe, e-mail: [EMAIL PROTECTED] For 
>> >> additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> > ---
>> > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For 
>> > additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>> >
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED] For 
>> additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> additional commands, e-mail: [EMAIL PROTECTED]
>
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat and OCSP

2006-12-08 Thread Bill Barker

 

> -Original Message-
> From: Mark Claassen [mailto:[EMAIL PROTECTED] 
> Sent: Friday, December 08, 2006 12:49 PM
> To: 'Tomcat Developers List'
> Subject: RE: Tomcat and OCSP
> 
> I am really not sure what is involved...as I have not done 
> all the necessary
> research.
> 
> My understanding is that the location of the revocation 
> server is built into
> the certificates themselves somehow.
> 
> Several months ago I looked around, and thought I saw where 
> you did the
> certificate validation.  I believe it was done manually, not using the
> standard Java APIs.  (My assumption was that this 
> functionality pre-dated
> the Java API.)
> 

No, Tomcat uses the regular Java API.  You don't see it, since it is buried
in the SSL Handshake code.  Then, just for fun, if you are using CLIENT-CERT
auth, Tomcat checks all the dates again (but not the trust).

> I was hoping that all that would be involved would be to 
> locate that area
> and try to use the Java certificate validation APIs instead 
> of these custom
> ones.  Then, hopefully the OSCP stuff would just work.
> 
> There is a lot of "Hope" in this, but hey, it's Christmas! :)
> 
> Mark
>  
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of Yoav
> Shapira
> Sent: Friday, December 08, 2006 3:26 PM
> To: Tomcat Developers List
> Subject: Re: Tomcat and OCSP
> 
> Hi,
> Wouldn't you need OCSP revocation handling at the SSL 
> connector processing
> point?  That's the patch I was thinking of, but I'm not an 
> expert in this
> area, so I might be off-base.
> 
> Yoav
> 
> On 12/8/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:
> > is a patch even required? or is OSCP something you just 
> turn on since 
> > its built into the JDK Mark, do you have anymore details what this 
> > would involve?
> > Filip
> >
> > Yoav Shapira wrote:
> > > Mark,
> > > If you submit a patch for OCSP support, I'll gladly 
> review it, and I 
> > > imagine several other people would be interested as well.
> > >
> > > Yoav
> > >
> > > On 12/8/06, Mark Claassen <[EMAIL PROTECTED]> wrote:
> > >> I asked this on the user list, but perhaps this is a question 
> > >> better for here.  I have been using Tomcat for a while, but have 
> > >> not been developing yet really (although I did submit a patch a 
> > >> while ago to the CGIServlet).
> > >> However, this OCSP issue has potential to really hit the 
> fan for us 
> > >> and if there is something that needs to be done, I would like to 
> > >> try.
> > >>
> > >> -Original Message-
> > >>
> > >> Now that I see Tomcat 6.0 is on it's way, I was 
> wondering if OCSP 
> > >> is going to be included?  This is being required by more 
> and more 
> > >> people these days (like the US government).
> > >>
> > >> If there are no plans to include it yet, how can this issue be 
> > >> escalated?  I see that OCSP support is bundled into the 
> new JDKs, 
> > >> does this mean that it would not be too difficult for an 
> > >> enterprising (and desperate) developer to tackle?
> > >>
> > >> Mark
> > >>
> > >> -Original Message-
> > >> From: Velpi [mailto:[EMAIL PROTECTED]
> > >> Sent: Monday, July 31, 2006 4:33 AM
> > >> To: Tomcat Users List
> > >> Subject: Re: Tomcat and OCSP
> > >>
> > >> > Does the new support for OCSP in Java 5.0 have any 
> impact on how 
> > >> > certificates are handled in Tomcat?
> > >> > 
> http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
> > >> >
> > >> > It looks like it might just work if it is set up right in the 
> > >> > java property files.  I checked the mailing list archives and 
> > >> > found a few old references to OCSP, but nothing 
> definitive.  Any 
> > >> > guidance would be
> > >> greatly appreciated.
> > >>
> > >> I'm trying to set this up too. Did you get it up and running 
> > >> properly yet?
> > >> (any
> > >> hints?)
> > >>
> > >>
> > >> -- Velpi
> > >>
> > >> 
> ---
> > >> -- To start a new topic, e-mail: users@tomcat.apache.org To 
> > >> unsubscribe,
> > >> e-mail: [EMAIL PROTECTED]
> > >> For additional commands, e-mail: [EMAIL PROTECTED]
> > >>
> > >>
> > >> 
> ---
> > >> -- To start a new topic, e-mail: users@tomcat.apache.org To 
> > >> unsubscribe,
> > >> e-mail: [EMAIL PROTECTED]
> > >> For additional commands, e-mail: [EMAIL PROTECTED]
> > >>
> > >>
> > >> 
> ---
> > >> -- To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> > >> additional commands, e-mail: [EMAIL PROTECTED]
> > >>
> > >>
> > >
> > > 
> 
> > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> > > additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> > >
> >
> >
> > 
> -
> > To unsubscribe, e-mail: [EMAIL P

RE: Tomcat and OCSP

2006-12-08 Thread Mark Claassen

No, Tomcat uses the regular Java API.  You don't see it, since it is buried
in the SSL Handshake code.  Then, just for fun, if you are using CLIENT-CERT
auth, Tomcat checks all the dates again (but not the trust).

Yeah, I am looking at that now in the JSSESocketFactory.  When I first
checked, I looked in the Tomcat5.0 source, since that is what we are using
now.  I will have to look at that again and see if I just misread something.
Maybe it will just work and all it will take is someone to jump through the
myriad of hoops necessary to test it.  Painful, but I may just be the guy to
do it.

Mark


-Original Message-
From: Bill Barker [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 08, 2006 4:12 PM
To: 'Tomcat Developers List'
Subject: RE: Tomcat and OCSP

 

> -Original Message-
> From: Mark Claassen [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 08, 2006 12:49 PM
> To: 'Tomcat Developers List'
> Subject: RE: Tomcat and OCSP
> 
> I am really not sure what is involved...as I have not done all the 
> necessary research.
> 
> My understanding is that the location of the revocation server is 
> built into the certificates themselves somehow.
> 
> Several months ago I looked around, and thought I saw where you did 
> the certificate validation.  I believe it was done manually, not using 
> the standard Java APIs.  (My assumption was that this functionality 
> pre-dated the Java API.)
> 

No, Tomcat uses the regular Java API.  You don't see it, since it is buried
in the SSL Handshake code.  Then, just for fun, if you are using CLIENT-CERT
auth, Tomcat checks all the dates again (but not the trust).

> I was hoping that all that would be involved would be to locate that 
> area and try to use the Java certificate validation APIs instead of 
> these custom ones.  Then, hopefully the OSCP stuff would just work.
> 
> There is a lot of "Hope" in this, but hey, it's Christmas! :)
> 
> Mark
>  
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf 
> Of Yoav Shapira
> Sent: Friday, December 08, 2006 3:26 PM
> To: Tomcat Developers List
> Subject: Re: Tomcat and OCSP
> 
> Hi,
> Wouldn't you need OCSP revocation handling at the SSL connector 
> processing point?  That's the patch I was thinking of, but I'm not an 
> expert in this area, so I might be off-base.
> 
> Yoav
> 
> On 12/8/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:
> > is a patch even required? or is OSCP something you just
> turn on since
> > its built into the JDK Mark, do you have anymore details what this 
> > would involve?
> > Filip
> >
> > Yoav Shapira wrote:
> > > Mark,
> > > If you submit a patch for OCSP support, I'll gladly
> review it, and I
> > > imagine several other people would be interested as well.
> > >
> > > Yoav
> > >
> > > On 12/8/06, Mark Claassen <[EMAIL PROTECTED]> wrote:
> > >> I asked this on the user list, but perhaps this is a question 
> > >> better for here.  I have been using Tomcat for a while, but have 
> > >> not been developing yet really (although I did submit a patch a 
> > >> while ago to the CGIServlet).
> > >> However, this OCSP issue has potential to really hit the
> fan for us
> > >> and if there is something that needs to be done, I would like to 
> > >> try.
> > >>
> > >> -Original Message-
> > >>
> > >> Now that I see Tomcat 6.0 is on it's way, I was
> wondering if OCSP
> > >> is going to be included?  This is being required by more
> and more
> > >> people these days (like the US government).
> > >>
> > >> If there are no plans to include it yet, how can this issue be 
> > >> escalated?  I see that OCSP support is bundled into the
> new JDKs,
> > >> does this mean that it would not be too difficult for an 
> > >> enterprising (and desperate) developer to tackle?
> > >>
> > >> Mark
> > >>
> > >> -Original Message-
> > >> From: Velpi [mailto:[EMAIL PROTECTED]
> > >> Sent: Monday, July 31, 2006 4:33 AM
> > >> To: Tomcat Users List
> > >> Subject: Re: Tomcat and OCSP
> > >>
> > >> > Does the new support for OCSP in Java 5.0 have any
> impact on how
> > >> > certificates are handled in Tomcat?
> > >> > 
> http://java.sun.com/j2se/1.5.0/docs/guide/security/pki-tiger.html
> > >> >
> > >> > It looks like it might just work if it is set up right in the 
> > >> > java property files.  I checked the mailing list archives and 
> > >> > found a few old references to OCSP, but nothing
> definitive.  Any
> > >> > guidance would be
> > >> greatly appreciated.
> > >>
> > >> I'm trying to set this up too. Did you get it up and running 
> > >> properly yet?
> > >> (any
> > >> hints?)
> > >>
> > >>
> > >> -- Velpi
> > >>
> > >> 
> ---
> > >> -- To start a new topic, e-mail: users@tomcat.apache.org To 
> > >> unsubscribe,
> > >> e-mail: [EMAIL PROTECTED]
> > >> For additional commands, e-mail: [EMAIL PROTECTED]
> > >>
> > >>
> > >> 
>

DO NOT REPLY [Bug 41124] - tcnative problem when streaming files large PDF files (ClientAbortException)

2006-12-08 Thread bugzilla

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41124





--- Additional Comments From [EMAIL PROTECTED]  2006-12-08 13:40 ---
I tried tcnative 1.1.7 against the recent APR 1.2.8 and it didn't works either 
;(

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41134] - Unable to run Apache Tomcat

2006-12-08 Thread bugzilla

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41134


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID




--- Additional Comments From [EMAIL PROTECTED]  2006-12-08 16:29 ---
Bugzilla is not a support forum. If you need help you should use the Tomcat
users mailing list.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r484910 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java

2006-12-08 Thread billbarker

Author: billbarker
Date: Fri Dec  8 20:12:31 2006
New Revision: 484910

URL: http://svn.apache.org/viewvc?view=rev&rev=484910
Log:
Fix modeler memory leak on reload.

Fix for: MODELER-15

Please don't try to port this to TC 6.x, because Remy has already put a better 
patch in place there.

Modified:

tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java

Modified: 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java?view=diff&rev=484910&r1=484909&r2=484910
==
--- 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
 (original)
+++ 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
 Fri Dec  8 20:12:31 2006
@@ -1640,6 +1640,9 @@
 // Clear the IntrospectionUtils cache.
 IntrospectionUtils.clear();
 
+// Clear the IntrospectionUtils cache for modeler.
+org.apache.commons.modeler.util.IntrospectionUtils.clear();
+
 // Clear the classloader reference in common-logging
 org.apache.commons.logging.LogFactory.release(this);
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Smooth applications migration in a J2EE cluster [mod_jk]

Tomcat 6.0.4 and http thread releasing

Re: Tomcat 6.0.4 and http thread releasing

Re: Tomcat 6.0.4 and http thread releasing

Re: Tomcat 6.0.4 and http thread releasing

Re: Smooth applications migration in a J2EE cluster [mod_jk]

svn commit: r483966 - /tomcat/build/tc5.5.x/build.properties.default

DO NOT REPLY [Bug 41134] New: - Unable to run Apache Tomcat

Re: Smooth applications migration in a J2EE cluster [mod_jk]

Re: mod_jk environment variable handling in Apache

[OT] Windows cmd parsing

RE: [OT] Windows cmd parsing

Re: [OT] Windows cmd parsing

svn commit: r484669 - /tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c

Support for JAAS credentials

Re: redistribution of sun j2ee xsd's and dtd's

Re: New 6.0.x build

RE: Tomcat and OCSP

Re: Tomcat and OCSP

DO NOT REPLY [Bug 41124] - tcnative problem when streaming files large PDF files (ClientAbortException)

RE: Tomcat and OCSP

Re: Tomcat and OCSP

Re: Tomcat and OCSP

Re: Tomcat and OCSP

RE: Tomcat and OCSP

RE: Tomcat and OCSP

RE: Tomcat and OCSP

RE: Tomcat and OCSP

DO NOT REPLY [Bug 41124] - tcnative problem when streaming files large PDF files (ClientAbortException)

DO NOT REPLY [Bug 41134] - Unable to run Apache Tomcat

svn commit: r484910 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java

31 matches

Site Navigation

Mail list logo

Footer information