buildbot failure in on tomcat-trunk

The Buildbot has detected a new failure on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/2928 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler schedu

[Bug 61948] BufferUnderflowException and IllegalArgumentException in TLSClientHelloExtractor

https://bz.apache.org/bugzilla/show_bug.cgi?id=61948 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

svn commit: r1819904 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/ test/org/apache/tomcat/util/net/ webapps/docs/

Author: markt Date: Tue Jan 2 21:33:19 2018 New Revision: 1819904 URL: http://svn.apache.org/viewvc?rev=1819904&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61948 Improve the handling of malformed ClientHello messages in the code that extracts the SNI information from a TLS h

svn commit: r1819903 - in /tomcat/trunk: java/org/apache/tomcat/util/net/LocalStrings.properties java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java test/org/apache/tomcat/util/net/TestTLSCli

Author: markt Date: Tue Jan 2 21:32:41 2018 New Revision: 1819903 URL: http://svn.apache.org/viewvc?rev=1819903&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61948 Improve the handling of malformed ClientHello messages in the code that extracts the SNI information from a TLS h

[Bug 61948] BufferUnderflowException and IllegalArgumentException in TLSClientHelloExtractor

https://bz.apache.org/bugzilla/show_bug.cgi?id=61948 --- Comment #4 from Mark Thomas --- If the code were to throw an IOException on a malformed ClientHello then a debug log message would be generated as required. I'm going to look at turning simple code to reproduce into a test case and then fi

Re: oauth guidance

On 02/01/18 00:51, Robert J. Carr wrote: > I'm looking to use some kind of combined realm where I can authenticate > (and authorize) users both using the built-in login-config and externally > using oauth. Ideally, in both cases, I'd be able to have access to roles, > but this isn't a necessity. >

[GitHub] tomcat issue #96: Remove PUT and DELETE methods from an OPTIONS request if r...

Github user markt-asf commented on the issue: https://github.com/apache/tomcat/pull/96 Getting back to whether readOnly should affect POST, my own view is that it should not. readOnly refers to whether the default Servlet can change static content. For static content request parameter

[GitHub] tomcat issue #96: Remove PUT and DELETE methods from an OPTIONS request if r...

Github user markt-asf commented on the issue: https://github.com/apache/tomcat/pull/96 I wanted to clear something up. It is not a case of me being willing to change something or not. I don't get to decide these things on my own. It is a community decision. Normally, we discuss things

Re: Dynamic reloading of SSL certificates

Yes, if tomcat can supports hot reloading of certs it is very feasible: https://github.com/rmannibucau/letsencrypt-manager/blob/master/src/main/java/com/github/rmannibucau/letsencrypt/manager/LetsEncryptManager.java Romain Manni-Bucau @rmannibucau | Blog

Re: Dynamic reloading of SSL certificates

Le 02/01/2018 à 09:40, Romain Manni-Bucau a écrit : > up? I haven't got much time to look into this yet. However since Let's Encrypt client implementations in Java are starting to appear [1] I wonder if the certificate renewal process could be directly integrated into Tomcat instead of relying on

[Bug 61945] infinite recursion in Jasper compilation of a recursive JSP tagfile

https://bz.apache.org/bugzilla/show_bug.cgi?id=61945 Remy Maucherat changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

svn commit: r1819844 - in /tomcat/trunk: java/org/apache/jasper/compiler/Compiler.java webapps/docs/changelog.xml

Author: remm Date: Tue Jan 2 14:54:04 2018 New Revision: 1819844 URL: http://svn.apache.org/viewvc?rev=1819844&view=rev Log: 61945: Remove recursion when using prototype mode. Modified: tomcat/trunk/java/org/apache/jasper/compiler/Compiler.java tomcat/trunk/webapps/docs/changelog.xml Mo

[Bug 61948] BufferUnderflowException and IllegalArgumentException in TLSClientHelloExtractor

https://bz.apache.org/bugzilla/show_bug.cgi?id=61948 --- Comment #3 from Evgenij Ryazanov --- I don't know the source of requests from system journal. I think that both requests were ill-formed. They may even be specially crafted. I agree that simple try-catch will be more efficient and reasonabl

[Bug 61948] BufferUnderflowException and IllegalArgumentException in TLSClientHelloExtractor

https://bz.apache.org/bugzilla/show_bug.cgi?id=61948 --- Comment #2 from Remy Maucherat --- Do you have any exceptions for legitimate TLS records ? If not, instead of validating all reads, it is reasonable to catch the exceptions and log as debug instead. I reviewed the code and it seems to prope

Re: Dynamic reloading of SSL certificates

up? Romain Manni-Bucau @rmannibucau | Blog | Old Blog | Github | LinkedIn 2017-09-05 16:41 GMT+02:00 Romain Manni-B