DO NOT REPLY [Bug 45313] mod_jk 1.2.26 & apache 2.2. 9 static compiled on solaris not able to connect
https://issues.apache.org/bugzilla/show_bug.cgi?id=45313 --- Comment #2 from Andreas Schubert <[EMAIL PROTECTED]> 2008-07-14 01:25:44 PST --- Hi, configure option where as follows: for mod_jk: --with-apache= for apache: --with-mpm=worker --disable-so --disable-authn-file --disable-authn-default --disable-authz-groupfile --disable-authz-user --disable-authz-default --disable-auth-basic --disable-include --disable-filter --disable-charset-lite --disable-autoindex --disable-asis --disable-cgid --disable-cgi --disable-negotiation --disable-dir --disable-actions --disable-userdir --enable-vhost-alias --enable-rewrite --with-mod_jk I also tried different apache configure options (enabled all modules, even those, I don't intend to use) but that didn't work. What seems to work is using the Sun Studio C compiler. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r676510 - in /tomcat/trunk: build.properties.default build.xml dist.xml res/tomcat.nsi
Author: mturk
Date: Mon Jul 14 01:36:41 2008
New Revision: 676510
URL: http://svn.apache.org/viewvc?rev=676510&view=rev
Log:
Use tomcat native from ASF repository instead downloading at install time from
tomcat.heanet.ie
Modified:
tomcat/trunk/build.properties.default
tomcat/trunk/build.xml
tomcat/trunk/dist.xml
tomcat/trunk/res/tomcat.nsi
Modified: tomcat/trunk/build.properties.default
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=676510&r1=676509&r2=676510&view=diff
==
--- tomcat/trunk/build.properties.default (original)
+++ tomcat/trunk/build.properties.default Mon Jul 14 01:36:41 2008
@@ -62,9 +62,11 @@
jdt.loc=http://www.eclipse.org/downloads/download.php?file=/eclipse/downloads/drops/R-3.3.1-200709211145/eclipse-JDT-3.3.1.zip
# - Tomcat native library -
-tomcat-native.home=${base.path}/tomcat-native-1.1.12
+tomcat-native.version=1.1.14
+tomcat-native.home=${base.path}/tomcat-native-${tomcat-native.version}
tomcat-native.tar.gz=${tomcat-native.home}/tomcat-native.tar.gz
-tomcat-native.loc=${base-tomcat.loc}/tomcat-connectors/native/tomcat-native-1.1.12-src.tar.gz
+tomcat-native.loc=${base-tomcat.loc}/tomcat-connectors/native/tomcat-native-${tomcat-native.version}-src.tar.gz
+tomcat-native.dll=${base-tomcat.loc}/tomcat-connectors/native/${tomcat-native.version}/binaries
# - Commons DBCP, version 1.1 or later -
commons-dbcp.version=1.2.2
Modified: tomcat/trunk/build.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.xml?rev=676510&r1=676509&r2=676510&view=diff
==
--- tomcat/trunk/build.xml (original)
+++ tomcat/trunk/build.xml Mon Jul 14 01:36:41 2008
@@ -610,6 +610,18 @@
+
+
+
+
+
+
+
+
+
+
+
+
Modified: tomcat/trunk/dist.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/dist.xml?rev=676510&r1=676509&r2=676510&view=diff
==
--- tomcat/trunk/dist.xml (original)
+++ tomcat/trunk/dist.xml Mon Jul 14 01:36:41 2008
@@ -449,6 +449,8 @@
tofile="${tomcat.dist}/bin/tomcat6.exe" />
+
@@ -470,6 +472,7 @@
forceOverwrite="yes" fileext=".md5" />
+
Modified: tomcat/trunk/res/tomcat.nsi
URL:
http://svn.apache.org/viewvc/tomcat/trunk/res/tomcat.nsi?rev=676510&r1=676509&r2=676510&view=diff
==
--- tomcat/trunk/res/tomcat.nsi (original)
+++ tomcat/trunk/res/tomcat.nsi Mon Jul 14 01:36:41 2008
@@ -95,7 +95,7 @@
LangString DESC_SecTomcat ${LANG_ENGLISH} "Install the Tomcat Servlet
container."
LangString DESC_SecTomcatCore ${LANG_ENGLISH} "Install the Tomcat Servlet
container core."
LangString DESC_SecTomcatService ${LANG_ENGLISH} "Automatically start
Tomcat when the computer is started. This requires Windows NT 4.0, Windows 2000
or Windows XP."
-LangString DESC_SecTomcatNative ${LANG_ENGLISH} "Downloads and installs
APR based Tomcat native .dll for better performance and scalability in
production environments."
+LangString DESC_SecTomcatNative ${LANG_ENGLISH} "Install APR based Tomcat
native .dll for better performance and scalability in production environments."
LangString DESC_SecMenu ${LANG_ENGLISH} "Create a Start Menu program group
for Tomcat."
LangString DESC_SecDocs ${LANG_ENGLISH} "Install the Tomcat documentation
bundle. This include documentation on the servlet container and its
configuration options, on the Jasper JSP page compiler, as well as on the
native webserver connectors."
LangString DESC_SecExamples ${LANG_ENGLISH} "Installs some examples web
applications."
@@ -209,16 +209,8 @@
SectionIn 3
- ; tcnative-1.dll is a symlink to the tcnative-1-ipv4.dll
- ; If IPV6 support is required, download the tcnative-1-ipv6.dll insted
- ; The tcnative-1.dll from heanet.ie comes with APR 1.2.8 and OpenSSL 0.9.8e
compiled in.
- ; TODO: Depending on the JVM download the 32 or 64 bit version.
- NSISdl::download /TIMEOUT=3
http://tomcat.heanet.ie/native/1.1.10/binaries/win32/tcnative-1.dll
$INSTDIR\bin\tcnative-1.dll
- Pop $0
- StrCmp $0 success success
-SetDetailsView show
-DetailPrint "download failed from
http://tomcat.heanet.ie/native/1.1.10/binaries/win32/tcnative-1.dll: $0"
- success:
+ SetOutPath $INSTDIR\bin
+ File bin\tcnative-1.dll
ClearErrors
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r676511 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: mturk Date: Mon Jul 14 01:46:11 2008 New Revision: 676511 URL: http://svn.apache.org/viewvc?rev=676511&view=rev Log: Propose r676510 for backport Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=676511&r1=676510&r2=676511&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Jul 14 01:46:11 2008 @@ -31,6 +31,12 @@ PATCHES PROPOSED TO BACKPORT: [ New proposals should be added at the end of the list ] +* Backport r676510 from trunk. The patch embeds tcnative-1.dll inside + exe installer and uses the released binary from ASF site instead + downloading tomcat-native at install time from tomcat.heanet.ie. + +1: mturk + -1: + * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=36155 Port the fix from the JK Connector to the AJP and APR Connectors http://svn.apache.org/viewvc?rev=672454&view=rev - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r676512 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: mturk Date: Mon Jul 14 01:49:21 2008 New Revision: 676512 URL: http://svn.apache.org/viewvc?rev=676512&view=rev Log: Oops. Move the proposal to the end of the list Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=676512&r1=676511&r2=676512&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Jul 14 01:49:21 2008 @@ -31,12 +31,6 @@ PATCHES PROPOSED TO BACKPORT: [ New proposals should be added at the end of the list ] -* Backport r676510 from trunk. The patch embeds tcnative-1.dll inside - exe installer and uses the released binary from ASF site instead - downloading tomcat-native at install time from tomcat.heanet.ie. - +1: mturk - -1: - * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=36155 Port the fix from the JK Connector to the AJP and APR Connectors http://svn.apache.org/viewvc?rev=672454&view=rev @@ -81,3 +75,9 @@ http://people.apache.org/~markt/patches/2008-07-13-security-manager.patch +1: markt -1: + +* Backport r676510 from trunk. The patch embeds tcnative-1.dll inside + exe installer and uses the released binary from ASF site instead + downloading tomcat-native at install time from tomcat.heanet.ie. + +1: mturk + -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [VOTE] Release build 6.0.17
Mark Thomas wrote: Remy Maucherat wrote: The candidates binaries are available here: http://people.apache.org/~remm/tomcat-6/v6.0.17/ According to the release process, the 6.0.17 tag is: [ ] Broken [ ] Alpha [X] Beta [ ] Stable I see consistent failures to start (CNFE) with the -security option on win32. I haven't tested on Linux and I couldn't see a configuration solution to the CNFE. I have something like prunsrv.c complains it can't find org/apache/catalina/start/Bootstrap ;-( Cheers Jean-Frederic Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45392] New: No OCSP support for client SSL verification
https://issues.apache.org/bugzilla/show_bug.cgi?id=45392 Summary: No OCSP support for client SSL verification Product: Tomcat 6 Version: unspecified Platform: All OS/Version: All Status: NEW Keywords: PatchAvailable Severity: normal Priority: P2 Component: Connectors AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Created an attachment (id=22251) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22251) patch to add basic support for OCSP Standalone tocmat (tomcat6) with apr support (tcnative 1.1.13) has no support for OCSP checking in the certificates even if the certificates have OCSP information. This permits clients with revoked certificates to use them as authentication method. The following patch that is attached adds basic functionality for OCSP support to prevent this type of attack. (patch made against tomcat native 1.1.13). More info http://email.uoa.gr/projects/misc/tomcat-ocsp/ -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45392] No OCSP support for client SSL verification
https://issues.apache.org/bugzilla/show_bug.cgi?id=45392 --- Comment #1 from Aristotelis <[EMAIL PROTECTED]> 2008-07-14 03:35:16 PST --- Created an attachment (id=22252) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22252) patch to add basic support for OCSP for tomcat-native 1.1.14 patch for tomcat native 1.1.14 -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45392] No OCSP support for client SSL verification
https://issues.apache.org/bugzilla/show_bug.cgi?id=45392 --- Comment #2 from Mladen Turk <[EMAIL PROTECTED]> 2008-07-14 03:54:15 PST --- Few things, about the patch. 1. Please use 4 spaces instead TAB 2. New files must have ASL 2.0 license header at the top. Please make the patch against the svn trunk. Some documentation would be great if additional setup is required. Other then that, the patch is pretty promissing. It would be nice to use the APR for make_socket, but that can be done later. Regards -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45392] No OCSP support for client SSL verification
https://issues.apache.org/bugzilla/show_bug.cgi?id=45392 --- Comment #3 from Remy Maucherat <[EMAIL PROTECTED]> 2008-07-14 04:45:36 PST --- -1. Please do not add zillions of random features to the Tomcat native code. If APR supports it, then it's ok, otherwise I don't think this is a good idea. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45392] No OCSP support for client SSL verification
https://issues.apache.org/bugzilla/show_bug.cgi?id=45392 --- Comment #4 from Aristotelis <[EMAIL PROTECTED]> 2008-07-14 05:13:52 PST --- (In reply to comment #3) > -1. Please do not add zillions of random features to the Tomcat native code. > If > APR supports it, then it's ok, otherwise I don't think this is a good idea. > Plz correct me if I'm wrong on this, but tomcat using APR in order to have the openSSL functionality makes callbacks to tha native code that exists within apache tomcat. So actually for client authentication the function that is used to verify the certs is in sslutils.c : /* * This OpenSSL callback function is called when OpenSSL * does client authentication and verifies the certificate chain. */ int SSL_callback_SSL_verify(int ok, X509_STORE_CTX *ctx) So i believe this part is responsibility of tomcat (or perhaps i'm getting something totally wrong) (at least the code resides on this branch) On the side note, i don't think this is a random feature for tomcat, since i haven't found a proper way of reloading the CRL (besides restarting the service) and permitting clients connecting with revoked certificates in not the best case scenario (from a security point of view there must be a good reason for a certificate to be revoked). -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45392] No OCSP support for client SSL verification
https://issues.apache.org/bugzilla/show_bug.cgi?id=45392 --- Comment #5 from Aristotelis <[EMAIL PROTECTED]> 2008-07-14 05:18:15 PST --- (In reply to comment #2) > Few things, about the patch. > 1. Please use 4 spaces instead TAB > 2. New files must have ASL 2.0 license header at the top. > > Please make the patch against the svn trunk. I'll fix these issues, create a new patch and upload it here. > Some documentation would be great if additional setup is required. > Actually at this time since the patch uses the ocsp server info found in the certificates no further setup is required. If extra functionality is to be introduced (i.e having a default ocsp server) perhaps some additional setup must be made. > > Other then that, the patch is pretty promissing. > It would be nice to use the APR for make_socket, but that can be done later. > I have to find some documentation and/or look on some code on how to use APR for the socket. Thanks :) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45392] No OCSP support for client SSL verification
https://issues.apache.org/bugzilla/show_bug.cgi?id=45392 Aristotelis <[EMAIL PROTECTED]> changed: What|Removed |Added Attachment #22251|0 |1 is obsolete|| Attachment #22252|0 |1 is obsolete|| --- Comment #6 from Aristotelis <[EMAIL PROTECTED]> 2008-07-14 07:01:58 PST --- Created an attachment (id=22253) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22253) OCSP support for apache tomcat The patch created using trunk (14/10/2008 at 16:20 ) adding the licence in the new files and changing the identation to 4 spaces only (Hopefully no mistakes :) ) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45392] No OCSP support for client SSL verification
https://issues.apache.org/bugzilla/show_bug.cgi?id=45392 --- Comment #7 from Mladen Turk <[EMAIL PROTECTED]> 2008-07-14 07:13:29 PST --- OK, thanks for the patch. However this won't be acceptable until you resolve portability issues. The https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [VOTE] Release build 6.0.17
Remy Maucherat wrote: The candidates binaries are available here: http://people.apache.org/~remm/tomcat-6/v6.0.17/ According to the release process, the 6.0.17 tag is: [ ] Broken [ ] Alpha [ ] Beta [X] Stable Rémy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45381] Throw UnsupportedOperationException for session replication
https://issues.apache.org/bugzilla/show_bug.cgi?id=45381 Filip Hanik <[EMAIL PROTECTED]> changed: What|Removed |Added Resolution|DUPLICATE |INVALID --- Comment #2 from Filip Hanik <[EMAIL PROTECTED]> 2008-07-14 08:07:16 PST --- You've started a thread on the tomcat user mailing list, that's is the best place to get this resolved. Closing this as invalid, as it is not confirmed as a bug, and you have not provided enough information for us to work with. I've replied to your original post on tomcat user, best Filip -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [VOTE] Release build 6.0.17
On Jul 13, 2008, at 6:19 PM, Mark Thomas wrote: Remy Maucherat wrote: The candidates binaries are available here: http://people.apache.org/~remm/tomcat-6/v6.0.17/ According to the release process, the 6.0.17 tag is: [ ] Broken [ ] Alpha [X] Beta [ ] Stable I see consistent failures to start (CNFE) with the -security option on win32. I haven't tested on Linux and I couldn't see a configuration solution to the CNFE. I can't recreate this with Linux or OS X... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45395] New: MsgAjp dump method does not dump packet when being written
https://issues.apache.org/bugzilla/show_bug.cgi?id=45395 Summary: MsgAjp dump method does not dump packet when being written Product: Tomcat 6 Version: 6.0.16 Platform: PC OS/Version: Linux Status: NEW Keywords: ErrorMessage Severity: minor Priority: P4 Component: Native:JK AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] In org.apache.jk.common.MsgAjp, the dump method is a debug utility to provide debug output of the buffer contents when errors occur. It uses the "len" variable to control this output. This probably works fine in the case of a packet read. But in the case of a packet write, the "len" variable is not set until then "end" method is called once the packet is complete. In the case of an error during the generation of the packet to be written (such as a buffer overflow in our case), the code such as cpBytes calls "dump" to display the contents of the buffer. Since "end" has not been called, "len" still equals 4 and so only the first 8 bytes of the buffer are dumped followed by blank hex lines for the rest of the buffer up to the pos/max limit. Obviously, this would be more useful if the "len" was ignored and "pos" was used instead. Or "cpBytes" could call the "end" method before calling "dump" to set the "len" value. I'm sure there are a couple of ways to fix this and I am not familiar enough with the code to pick the best fix. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45395] MsgAjp dump method does not dump packet when being written
https://issues.apache.org/bugzilla/show_bug.cgi?id=45395 Steve Parr <[EMAIL PROTECTED]> changed: What|Removed |Added CC||[EMAIL PROTECTED] -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
