Hi,
I'm planning to start preparing Tomcat 7/8.0 for a release later today.
Regards,
Violeta
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #2 from Mark Thomas ---
I don't think we are calling that method when we are using JSSE config with the
OpenSSL engine. I think we need the equivalent of the call to setCertificateRaw
for the trusted certs.
--
You are receiving th
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #1 from Rainer Jung ---
The OpenSSL call for this should be SSL_CTX_set_client_CA_list() (at least
mod_ssl in Apache httpd uses it).
We already wired that functionality in tcnative, file native/src/sslcontext.c,
function setCACerti
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
Mark Thomas changed:
What|Removed |Added
Summary|NIO/NIO2 + OpenSSL |NIO/NIO2 + OpenSSL
|re
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
Bug ID: 61394
Summary: NIO/NIO2 + OpenSSL renegotiation doesn't send list of
CAS to user agent
Product: Tomcat 9
Version: unspecified
Hardware: PC
OS: Lin
Hi,
The good news is I have managed to unpick the various TLS issues I've
been struggling with.
The Chrome not selecting the user cert issue looks to be related to how
many of the fields were complete in the DN. That has been resolved by
recreating the test keys and certs I have been using.
I wa
Author: markt
Date: Tue Aug 8 19:29:55 2017
New Revision: 1804463
URL: http://svn.apache.org/viewvc?rev=1804463&view=rev
Log:
Improve the handling of client disconnections during the TLS renegotiation
handshake.
Modified:
tomcat/trunk/java/org/apache/coyote/AbstractProcessor.java
tomcat
Author: markt
Date: Tue Aug 8 19:19:44 2017
New Revision: 1804462
URL: http://svn.apache.org/viewvc?rev=1804462&view=rev
Log:
Eclipse Oxygen doesn't need this.
Modified:
tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
Modified:
tomcat/trunk/java/org/apache/tomcat/we
Author: markt
Date: Tue Aug 8 19:18:00 2017
New Revision: 1804461
URL: http://svn.apache.org/viewvc?rev=1804461&view=rev
Log:
Reviewed for Oxygen - no changes
Modified:
tomcat/trunk/res/ide-support/eclipse/java-compiler-errors-warnings.txt
Modified: tomcat/trunk/res/ide-support/eclipse/java
Author: markt
Date: Tue Aug 8 19:15:03 2017
New Revision: 20906
Log:
Release 8.5.20
Added:
release/tomcat/tomcat-8/v8.5.20/
- copied from r20905, dev/tomcat/tomcat-8/v8.5.20/
Removed:
dev/tomcat/tomcat-8/v8.5.20/
---
The following voters were cast:
Binding:
+1: violetagg, markt, csutherl, huxing, kkolinko, remm, fschumacher
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed to this release.
-
To unsubsc
Author: markt
Date: Tue Aug 8 19:11:26 2017
New Revision: 20905
Log:
Release 9.0.0.M26
Added:
release/tomcat/tomcat-9/v9.0.0.M26/
- copied from r20904, dev/tomcat/tomcat-9/v9.0.0.M26/
Removed:
dev/tomcat/tomcat-9/v9.0.0.M26/
---
The following votes were cast:
Binding:
+1: markt, violetagg, remm, fschumacher, kkolinko, csutherl
No other votes were cast.
This vote therefore passes.
Thanks to everyone who has contributed to this release.
Mark
-
To unsub
On Wed, Aug 2, 2017 at 5:30 PM, Mark Thomas wrote:
> The proposed Apache Tomcat 9.0.0.M26 release is now available for voting.
>
> This is a milestone release for the 9.0.x branch. It should be
> noted that, as a milestone release:
> - Servlet 4.0 is not finalised
> - The EGs have not started work
2017-08-03 0:30 GMT+03:00 Mark Thomas :
> The proposed Apache Tomcat 9.0.0.M26 release is now available for voting.
>
> This is a milestone release for the 9.0.x branch. It should be
> noted that, as a milestone release:
> - Servlet 4.0 is not finalised
> - The EGs have not started work on JSP 2.4,
https://bz.apache.org/bugzilla/show_bug.cgi?id=61393
Bug ID: 61393
Summary: org.apache.tomcat.jni.TestSocketServer timeout failure
on a fast computer
Product: Tomcat 9
Version: 9.0.0.M25
Hardware: PC
Status: NEW
Author: markt
Date: Tue Aug 8 17:16:57 2017
New Revision: 180
URL: http://svn.apache.org/viewvc?rev=180&view=rev
Log:
Remove out of date comment
Modified:
tomcat/native/trunk/native/src/sslnetwork.c
Modified: tomcat/native/trunk/native/src/sslnetwork.c
URL:
http://svn.apache.org/vi
Am 3. August 2017 00:10:05 MESZ schrieb Mark Thomas :
>The proposed Apache Tomcat 8.5.20 release is now available for voting.
>
>The major changes compared to the 8.5.16 release are:
>
>- Enable TLS connectors to use Java key stores that contain multiple
> keys where each key has a separate passw
Am 2. August 2017 23:30:23 MESZ schrieb Mark Thomas :
>The proposed Apache Tomcat 9.0.0.M26 release is now available for
>voting.
>
>This is a milestone release for the 9.0.x branch. It should be
>noted that, as a milestone release:
>- Servlet 4.0 is not finalised
>- The EGs have not started work
On Wed, Aug 2, 2017 at 11:30 PM, Mark Thomas wrote:
> The proposed Apache Tomcat 9.0.0.M26 release is now available for voting.
>
> This is a milestone release for the 9.0.x branch. It should be
> noted that, as a milestone release:
> - Servlet 4.0 is not finalised
> - The EGs have not started wo
On Thu, Aug 3, 2017 at 12:10 AM, Mark Thomas wrote:
> The proposed Apache Tomcat 8.5.20 release is now available for voting.
>
> The major changes compared to the 8.5.16 release are:
>
> - Enable TLS connectors to use Java key stores that contain multiple
> keys where each key has a separate pa
2017-08-03 1:10 GMT+03:00 Mark Thomas :
> The proposed Apache Tomcat 8.5.20 release is now available for voting.
>
> The major changes compared to the 8.5.16 release are:
>
> - Enable TLS connectors to use Java key stores that contain multiple
> keys where each key has a separate password. Based
https://bz.apache.org/bugzilla/show_bug.cgi?id=61391
Bug ID: 61391
Summary: SlowQueryReport not logging Failed Query if connection
abandoned
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: PC
Status: NEW
2017-08-08 16:03 GMT+03:00 Mark Thomas :
> On 08/08/17 13:59, George Stanchev wrote:
>
>
>
>> Is it possible the recent changes [1] has affected it? Chrome no longer
>> looks in CN, which is ignored but rather expects SAN to be filled up.
>> Perhaps Tomcat's test certs lack SAN?
>>
>> [1] https:
On 08/08/17 13:59, George Stanchev wrote:
> Is it possible the recent changes [1] has affected it? Chrome no longer looks
> in CN, which is ignored but rather expects SAN to be filled up. Perhaps
> Tomcat's test certs lack SAN?
>
> [1] https://www.thesslstore.com/blog/security-changes-in-chro
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Tuesday, August 08, 2017 5:23 AM
To: Tomcat Developers List
Subject: Test keys and certs
All,
Just a heads up.
A few days ago I started to look at bug 59423. I saw all sorts of errors when I
tried to configure a cl
Author: markt
Date: Tue Aug 8 12:11:10 2017
New Revision: 1804407
URL: http://svn.apache.org/viewvc?rev=1804407&view=rev
Log:
Update test keys and certs to use new CA hierarchy that has a longer key (4096
bits) for the CA and more complete DNs.
Modified:
tomcat/trunk/test/org/apache/tomcat/
All,
Just a heads up.
A few days ago I started to look at bug 59423. I saw all sorts of errors
when I tried to configure a clean Tomcat build for CLIENT-CERT.
As I dug into the errors it appeared that Tomcat wasn't handling an
unexpected connection close during the renegotiation. I have a patch
https://bz.apache.org/bugzilla/show_bug.cgi?id=60555
Vaibhav Bhandari changed:
What|Removed |Added
Resolution|FIXED |---
Status|CLOSED
Hi Mark,
Thank you very much for all your testing of JDK 9 during its
development! Such contributions have significantly helped shape and
improve JDK 9.
Now that we have reached the JDK 9 Final Release Candidate phase [1] , I
would like to ask if your project can be considered to be 'ready
30 matches
Mail list logo
