https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #25 from Rainer Jung ---
The support in mod_proxy_ajp was ported to Apache 2.4 today as r1662076.
It will be part of the next Apache HTTP server release 2.4.13.
--
You are receiving this mail because:
You are the assignee for the
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #24 from Rainer Jung ---
Support to forward the info via AJP has been added to mod_proxy_ajp in httpd
trunk in r1661067. The feature has been proposed for addition to mod_proxy_ajp
in httpd 2.4.
--
You are receiving this mail beca
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
Christopher Schultz changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #22 from Christopher Schultz ---
Fixed in Tomcat 8 in r1660953. Will be in Tomcat 8.0.21.
I'll see about back-porting to Tomcat 7. It should be easy at this point.
--
You are receiving this mail because:
You are the assignee for
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #21 from Christopher Schultz ---
Fixed in trunk in r1660924.
I'm working on back-porting this to Tomcat 8, since a lot has changed between
Tomcat 8 and Tomcat 9/trunk.
--
You are receiving this mail because:
You are the assignee
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #20 from Rainer Jung ---
Some attributes are "known" in the AJP 1.3 protocol and their names are
marshalled on the wire with hex abbreviations. Those must be known by the
receiver as well otherwise it is a protocol violation. So new
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #19 from Christopher Schultz ---
I have a question about your implementation in mod_jk: why are you passing the
SSL_PROTOCOL as a "SC_A_REQ_ATTRIBUTE" instead of a first-class piece of
information, like SC_A_SSL_CIPHER is done?
Wou
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #18 from Rainer Jung ---
Comment on attachment 32493
--> https://bz.apache.org/bugzilla/attachment.cgi?id=32493
Updated patch
The part for java/org/apache/coyote/ajp looks fine to me.
The rest also, but I didn't inspect it very t
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
Christopher Schultz changed:
What|Removed |Added
Attachment #32486|0 |1
is obsolete|
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
Christopher Schultz changed:
What|Removed |Added
Attachment #32487|0 |1
is obsolete|
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #16 from Christopher Schultz ---
I've got an updated patch with AJP support that I'm testing now.
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #15 from Rainer Jung ---
I added a proprietary request attribute named "AJP_SSL_PROTOCOL" to mod_jk in
r1660504. It could be mapped to a uniform attribute name, e.g.
"org.apache.tomcat.util.net.secure_protocol_version" or whatever i
Am 17.02.2015 um 21:13 schrieb bugzi...@apache.org:
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #12 from Christopher Schultz ---
Rats... looks like to support AJP, there need to be additional data sent by the
proxy. There is no pre-defined field for SSL_PROTOCOL (similar to
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #14 from Christopher Schultz ---
Created attachment 32487
--> https://bz.apache.org/bugzilla/attachment.cgi?id=32487&action=edit
Updated patch
This patch supports APR-based connectors and also works when the SSL protocol
is the f
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #13 from Christopher Schultz ---
Okay, the patch doesn't work as presented.
If you request the SSL protocol before any of the other SSL attributes, then
the protocol comes back as null. That's because
o.a.c.connector.Request.getAtt
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #12 from Christopher Schultz ---
Rats... looks like to support AJP, there need to be additional data sent by the
proxy. There is no pre-defined field for SSL_PROTOCOL (similar to
o.a.coyote.ajp.Constants.SC_A_SSL_CIPHER) so that'll
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #11 from Christopher Schultz ---
Something is missing, here. I can't get the NIO connector to give me the
protocol value. I changed the code to use "(unknown)" when the value returned
by SSLSupport is null, and I'm not seeing that,
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #10 from Christopher Schultz ---
I'm evaluating this. The change for AprSSLSupport doesn't seem that onerous.
Why didn't you implement that?
--
You are receiving this mail because:
You are the assignee for the bug.
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=57540
Ralf Hauser changed:
What|Removed |Added
Attachment #32437|0 |1
is obsolete|
https://issues.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #8 from Christopher Schultz ---
(In reply to Ralf Hauser from comment #6)
> Created attachment 32437 [details]
> apache.tomcat.tls.protocol.57540.patch
Is IOException the most natural exception type for SSLSupport.getProtocol?
https://issues.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #7 from Mark Thomas ---
Reviewing the proposed patch:
1. The changes to tomcat/util/net/jsse/openssl/Protocol.java need to be removed
2. There looks to be the right hooks in tc-native to obtain the protocol so do
that rather t
https://issues.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #6 from Ralf Hauser ---
Created attachment 32437
--> https://issues.apache.org/bugzilla/attachment.cgi?id=32437&action=edit
apache.tomcat.tls.protocol.57540.patch
--
You are receiving this mail because:
You are the assignee
https://issues.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #5 from Mark Thomas ---
(In reply to Christopher Schultz from comment #4)
> (In reply to Ralf Hauser from comment #1)
> > 4) furthermore, I suggest to add in
> > org.apache.tomcat.util.net.jsse.openssl.Protocol
> >
> > TLSv
https://issues.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #4 from Christopher Schultz ---
(In reply to Ralf Hauser from comment #1)
> 4) furthermore, I suggest to add in
> org.apache.tomcat.util.net.jsse.openssl.Protocol
>
> TLSv1_1("TLSv1.1")
And "TLSv1.0" and/or "TLSv1".
Would
https://issues.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #3 from Ralf Hauser ---
thanks Mark, so 1a) should rather be:
"org.apache.tomcat.util.net.secure_protocol_version"
--
You are receiving this mail because:
You are the assignee for the bug.
--
https://issues.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #2 from Mark Thomas ---
The key needs to be in the org.apache.tomcat name space, not the javax.servlet
space since the Servlet name space is reserved.
--
You are receiving this mail because:
You are the assignee for the bug.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57540
--- Comment #1 from Ralf Hauser ---
4) furthermore, I suggest to add in
org.apache.tomcat.util.net.jsse.openssl.Protocol
TLSv1_1("TLSv1.1")
--
You are receiving this mail because:
You are the assignee for the bug.
--
27 matches
Mail list logo
