Re: [PR] certificate regression [tomcat]

2025-02-03 Thread via GitHub
Dmole commented on PR #815: URL: https://github.com/apache/tomcat/pull/815#issuecomment-2631976321 Looks like it was not "intentional" after all https://github.com/apache/tomcat/commit/904701a434325534b856b70f085dbe1dee05c43a -- This is an automated message from the Apache Git Service.

Re: [PR] certificate regression [tomcat]

2025-02-03 Thread via GitHub
Dmole commented on PR #815: URL: https://github.com/apache/tomcat/pull/815#issuecomment-2631122523 When editing the documentation please explain how requiring an empty password, in a text file, in an unrelated attribute, qualifies as security, and not just obscurity. -- This is an automa

Re: [PR] certificate regression [tomcat]

2025-02-03 Thread via GitHub
rmaucher commented on PR #815: URL: https://github.com/apache/tomcat/pull/815#issuecomment-2631082908 > @rmaucher This is something worth mentioning in https://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_noteable_changes for 9.0.83 and similar releases in the other branches. It's

Re: [PR] certificate regression [tomcat]

2025-02-03 Thread via GitHub
ChristopherSchultz commented on PR #815: URL: https://github.com/apache/tomcat/pull/815#issuecomment-2631002992 @rmaucher This is something worth mentioning in https://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_noteable_changes for 9.0.83 and similar releases in the other branches. -

Re: [PR] certificate regression [tomcat]

2025-01-31 Thread via GitHub
Dmole commented on PR #815: URL: https://github.com/apache/tomcat/pull/815#issuecomment-2627508924 So can we add a warning to current versions that all Certificate tags require an empty certificateKeystorePassword attribute (even when no Keystore is in use) in order to prevent future break

Re: [PR] certificate regression [tomcat]

2025-01-30 Thread via GitHub
rmaucher commented on PR #815: URL: https://github.com/apache/tomcat/pull/815#issuecomment-2626487572 This is correct, there is no default value anymore for the key password. This is intentional. -- This is an automated message from the Apache Git Service. To respond to the message, pleas

Re: [PR] certificate regression [tomcat]

2025-01-30 Thread via GitHub
rmaucher closed pull request #815: certificate regression URL: https://github.com/apache/tomcat/pull/815 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail:

[PR] certificate regression [tomcat]

2025-01-30 Thread via GitHub
Dmole opened a new pull request, #815: URL: https://github.com/apache/tomcat/pull/815 When server.xml has this: ``` ``` it woks on 10.1.x, but not on main (without this patch) it will fail like this: ``` 30-Jan-2025 20:42:37.816 INFO [main] org.apache.coyo