[Bug 67065] Using "::1" to bind to all local addresses (IPV4 and IPV6)
https://bz.apache.org/bugzilla/show_bug.cgi?id=67065 --- Comment #5 from Mark Thomas --- Same problem. The only values that allow binding of multiple addresses are "::" and "0.0.0.0". Anything else needs to be done individually. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65770] Make keys reload automatically
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770 --- Comment #10 from Mark Thomas --- Not every key/cert is defined by a file. At least one cloud provider (Azure) has a JCA provider that enables Java apps to access keys in the cloud provided vault without any reference to a file on the file system. Support for certificateKeystoreFile to accept "" or "NONE" was implemented for hardware keystores. Without access to a file, a way to determine when to trigger the reload was required. Given this listener is intended for systems that have automated key updates, X days before current key expiry was a simple trigger that worked for all the scenarios. Happy to consider alternatives if someone has a better idea. The logging was intended to be annoying. If you have a system that is meant to automatically updates your TLS keys then a noisy log message when that system fails seems reasonable to me. Thinking about it, you will want a log message when TLS reloading is triggered so there is going to be a log message anyway. There is probably some fine tuning to do once the first draft of this is implemented. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65770] Make keys reload automatically
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770 --- Comment #11 from Remy Maucherat --- (In reply to Mark Thomas from comment #8) > I've been discussing this with the users recently and came up with the > following approach. > > - Lifecycle listener that ships with Tomcat > - Every X minutes (driven by background process but customisable so checks > don't happen every time the background process runs) > - Checks expiry time of each cert. > - For each cert with less than Y days reload TLS config > - If cert still has less than Y days remaining, log a warning > > This listener would be disabled by default but available as part of the > standard Tomcat distribution. Good feature. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add methods to reduce use of deprecated methods eventually
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 446a2a6c5f Add methods to reduce use of deprecated methods eventually 446a2a6c5f is described below commit 446a2a6c5f87dbe4ba1c1fb634fcf4aee7cc9d4c Author: remm AuthorDate: Thu Aug 31 11:19:31 2023 +0200 Add methods to reduce use of deprecated methods eventually Based on looking at the mod_ssl changes. --- modules/openssl-foreign/openssl-tomcat.conf | 8 1 file changed, 8 insertions(+) diff --git a/modules/openssl-foreign/openssl-tomcat.conf b/modules/openssl-foreign/openssl-tomcat.conf index cd512210ee..0e7a6fdc04 100644 --- a/modules/openssl-foreign/openssl-tomcat.conf +++ b/modules/openssl-foreign/openssl-tomcat.conf @@ -71,6 +71,7 @@ Extracted from: /usr/include/openssl/ec.h +--include-function d2i_ECPKParameters # header: /usr/include/openssl/ec.h --include-function EC_GROUP_free# header: /usr/include/openssl/ec.h --include-function EC_GROUP_get_curve_name # header: /usr/include/openssl/ec.h --include-function EC_KEY_free # header: /usr/include/openssl/ec.h @@ -100,6 +101,7 @@ --include-function EVP_MD_get0_provider # header: /usr/include/openssl/evp.h --include-function EVP_PKEY_get_base_id # header: /usr/include/openssl/evp.h --include-function EVP_PKEY_get_bits # header: /usr/include/openssl/evp.h +--include-function EVP_PKEY_free # header: /usr/include/openssl/evp.h --include-constant EVP_PKEY_DSA # header: /usr/include/openssl/evp.h --include-constant EVP_PKEY_NONE # header: /usr/include/openssl/evp.h --include-constant EVP_PKEY_RSA # header: /usr/include/openssl/evp.h @@ -138,10 +140,13 @@ Extracted from: /usr/include/openssl/pem.h +--include-function PEM_ASN1_read_bio# header: /usr/include/openssl/pem.h --include-function PEM_read_bio_DHparams# header: /usr/include/openssl/pem.h --include-function PEM_read_bio_ECPKParameters # header: /usr/include/openssl/pem.h +--include-function PEM_read_bio_Parameters # header: /usr/include/openssl/pem.h --include-function PEM_read_bio_PrivateKey # header: /usr/include/openssl/pem.h --include-function PEM_read_bio_X509_AUX# header: /usr/include/openssl/pem.h +--include-constant PEM_STRING_ECPARAMETERS # header: /usr/include/openssl/pem.h Extracted from: /usr/include/openssl/pemerr.h @@ -200,6 +205,7 @@ --include-function SSL_CTX_set_timeout # header: /usr/include/openssl/ssl.h --include-function SSL_CTX_set_tmp_dh_callback # header: /usr/include/openssl/ssl.h --include-function SSL_CTX_set_verify# header: /usr/include/openssl/ssl.h +--include-function SSL_CTX_set0_tmp_dh_pkey # header: /usr/include/openssl/ssl.h --include-function SSL_CTX_use_certificate # header: /usr/include/openssl/ssl.h --include-function SSL_CTX_use_certificate_chain_file# header: /usr/include/openssl/ssl.h --include-function SSL_CTX_use_PrivateKey# header: /usr/include/openssl/ssl.h @@ -261,6 +267,8 @@ --include-constant SSL_CTRL_SESS_MISSES # header: /usr/include/openssl/ssl.h --include-constant SSL_CTRL_SESS_NUMBER # header: /usr/include/openssl/ssl.h --include-constant SSL_CTRL_SESS_TIMEOUTS # header: /usr/include/openssl/ssl.h +--include-constant SSL_CTRL_SET_DH_AUTO # header: /usr/include/openssl/ssl.h +--include-constant SSL_CTRL_SET_GROUPS # header: /usr/include/openssl/ssl.h --include-constant SSL_CTRL_SET_MAX_PROTO_VERSION # header: /usr/include/openssl/ssl.h --include-constant SSL_CTRL_SET_MIN_PROTO_VERSION # header: /usr/include/openssl/ssl.h --include-constant SSL_CTRL_SET_SESS_CACHE_MODE # header: /usr/include/openssl/ssl.h - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65770] Make keys reload automatically
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770 --- Comment #12 from Michael Osipov --- (In reply to Mark Thomas from comment #8) > I've been discussing this with the users recently and came up with the > following approach. > > - Lifecycle listener that ships with Tomcat > - Every X minutes (driven by background process but customisable so checks > don't happen every time the background process runs) > - Checks expiry time of each cert. > - For each cert with less than Y days reload TLS config > - If cert still has less than Y days remaining, log a warning > > This listener would be disabled by default but available as part of the > standard Tomcat distribution. Maybe this listener should receive a reload interface will will decide whether the file needs to be reloaded or not? We can provide a default impl, but others can implement their logic?! -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65770] Make keys reload automatically
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770 Michael Osipov changed: What|Removed |Added CC||micha...@apache.org -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65770] Make keys reload automatically
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770 --- Comment #13 from Remy Maucherat --- (In reply to Michael Osipov from comment #12) > Maybe this listener should receive a reload interface will will decide > whether the file needs to be reloaded or not? We can provide a default impl, > but others can implement their logic?! There's already a JMX command for reload though. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix javadoc and documentation.
This is an automated email from the ASF dual-hosted git repository.
lihan pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new ca095d52c9 Fix javadoc and documentation.
ca095d52c9 is described below
commit ca095d52c98c2e25005990a9ef02240a823f0334
Author: lihan
AuthorDate: Fri Sep 1 10:43:45 2023 +0800
Fix javadoc and documentation.
Update the default value of 'socket.processorCache' and 'socket.eventCache'
in the documentation and javadoc. And remove 'socket.keyCache' from the AJP
documentation.
---
java/org/apache/tomcat/util/net/SocketProperties.java | 8
webapps/docs/config/ajp.xml | 13 +++--
webapps/docs/config/http.xml | 2 +-
3 files changed, 8 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SocketProperties.java
b/java/org/apache/tomcat/util/net/SocketProperties.java
index 1cdb2c6302..b91d54f0e2 100644
--- a/java/org/apache/tomcat/util/net/SocketProperties.java
+++ b/java/org/apache/tomcat/util/net/SocketProperties.java
@@ -36,7 +36,7 @@ public class SocketProperties {
/**
* Enable/disable socket processor cache, this bounded cache stores
* SocketProcessor objects to reduce GC
- * Default is 500
+ * Default is 0
* -1 is unlimited
* 0 is disabled
*/
@@ -45,7 +45,7 @@ public class SocketProperties {
/**
* Enable/disable poller event cache, this bounded cache stores
* PollerEvent objects to reduce GC for the poller
- * Default is 500
+ * Default is 0
* -1 is unlimited
* 0 is disabled
* >0 the max number of objects to keep in cache.
@@ -78,13 +78,13 @@ public class SocketProperties {
/**
* The application read buffer size in bytes.
- * Default value is rxBufSize
+ * Default value is 8192
*/
protected int appReadBufSize = 8192;
/**
* The application write buffer size in bytes
- * Default value is txBufSize
+ * Default value is 8192
*/
protected int appWriteBufSize = 8192;
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index 6eda243d89..bc85a734b3 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -720,21 +720,14 @@
(int)Tomcat will cache SocketProcessor objects to reduce garbage
collection. The integer value specifies how many objects to keep in the
-cache at most. The default is 500. Other values are
--1 for unlimited cache and 0 for no
cache.
-
-
-
-(int)Tomcat will cache KeyAttachment objects to reduce garbage
-collection. The integer value specifies how many objects to keep in the
-cache at most. The default is 500. Other values are
+cache at most. The default is 0. Other values are
-1 for unlimited cache and 0 for no
cache.
(int)Tomcat will cache PollerEvent objects to reduce garbage
collection. The integer value specifies how many objects to keep in the
-cache at most. The default is 500. Other values are
+cache at most. The default is 0. Other values are
-1 for unlimited cache and 0 for no
cache.
@@ -794,7 +787,7 @@
(int)Tomcat will cache SocketProcessor objects to reduce garbage
collection. The integer value specifies how many objects to keep in the
-cache at most. The default is 500. Other values are
+cache at most. The default is 0. Other values are
-1 for unlimited cache and 0 for no
cache.
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 5bc3c4a6e4..9cbab65964 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1008,7 +1008,7 @@
(int)Tomcat will cache SocketProcessor objects to reduce garbage
collection. The integer value specifies how many objects to keep in the
-cache at most. The default is 500. Other values are
+cache at most. The default is 0. Other values are
-1 for unlimited cache and 0 for no
cache.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-11.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/553 Blamelist: lihan Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch main] ca095d52c98c2e25005990a9ef02240a823f0334 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 2 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Fix javadoc and documentation.
This is an automated email from the ASF dual-hosted git repository.
lihan pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 5d6e0ea5c8 Fix javadoc and documentation.
5d6e0ea5c8 is described below
commit 5d6e0ea5c86c43110e3efeeb4d2cc110131c8b3a
Author: lihan
AuthorDate: Fri Sep 1 10:43:45 2023 +0800
Fix javadoc and documentation.
Update the default value of 'socket.processorCache' and 'socket.eventCache'
in the documentation and javadoc. And remove 'socket.keyCache' from the AJP
documentation.
(cherry picked from commit ca095d52c98c2e25005990a9ef02240a823f0334)
---
java/org/apache/tomcat/util/net/SocketProperties.java | 8
webapps/docs/config/ajp.xml | 13 +++--
webapps/docs/config/http.xml | 2 +-
3 files changed, 8 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SocketProperties.java
b/java/org/apache/tomcat/util/net/SocketProperties.java
index 1cdb2c6302..b91d54f0e2 100644
--- a/java/org/apache/tomcat/util/net/SocketProperties.java
+++ b/java/org/apache/tomcat/util/net/SocketProperties.java
@@ -36,7 +36,7 @@ public class SocketProperties {
/**
* Enable/disable socket processor cache, this bounded cache stores
* SocketProcessor objects to reduce GC
- * Default is 500
+ * Default is 0
* -1 is unlimited
* 0 is disabled
*/
@@ -45,7 +45,7 @@ public class SocketProperties {
/**
* Enable/disable poller event cache, this bounded cache stores
* PollerEvent objects to reduce GC for the poller
- * Default is 500
+ * Default is 0
* -1 is unlimited
* 0 is disabled
* >0 the max number of objects to keep in cache.
@@ -78,13 +78,13 @@ public class SocketProperties {
/**
* The application read buffer size in bytes.
- * Default value is rxBufSize
+ * Default value is 8192
*/
protected int appReadBufSize = 8192;
/**
* The application write buffer size in bytes
- * Default value is txBufSize
+ * Default value is 8192
*/
protected int appWriteBufSize = 8192;
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index b704c9e733..aff9f44a6a 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -724,21 +724,14 @@
(int)Tomcat will cache SocketProcessor objects to reduce garbage
collection. The integer value specifies how many objects to keep in the
-cache at most. The default is 500. Other values are
--1 for unlimited cache and 0 for no
cache.
-
-
-
-(int)Tomcat will cache KeyAttachment objects to reduce garbage
-collection. The integer value specifies how many objects to keep in the
-cache at most. The default is 500. Other values are
+cache at most. The default is 0. Other values are
-1 for unlimited cache and 0 for no
cache.
(int)Tomcat will cache PollerEvent objects to reduce garbage
collection. The integer value specifies how many objects to keep in the
-cache at most. The default is 500. Other values are
+cache at most. The default is 0. Other values are
-1 for unlimited cache and 0 for no
cache.
@@ -798,7 +791,7 @@
(int)Tomcat will cache SocketProcessor objects to reduce garbage
collection. The integer value specifies how many objects to keep in the
-cache at most. The default is 500. Other values are
+cache at most. The default is 0. Other values are
-1 for unlimited cache and 0 for no
cache.
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 6f71e36dd0..30101b80d8 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1033,7 +1033,7 @@
(int)Tomcat will cache SocketProcessor objects to reduce garbage
collection. The integer value specifies how many objects to keep in the
-cache at most. The default is 500. Other values are
+cache at most. The default is 0. Other values are
-1 for unlimited cache and 0 for no
cache.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-10.1.x
Build status: BUILD FAILED: Logs copied. (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/44/builds/918 Blamelist: lihan Build Text: Logs copied. (failure) Status Detected: new failure Build Source Stamp: [branch 10.1.x] 5d6e0ea5c86c43110e3efeeb4d2cc110131c8b3a Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 2 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
