Hi Mark,
Thank you very much for all your testing of JDK 9 during its
development! Such contributions have significantly helped shape and
improve JDK 9.
Now that we have reached the JDK 9 Final Release Candidate phase [1] , I
would like to ask if your project can be considered to be 'ready
https://bz.apache.org/bugzilla/show_bug.cgi?id=60555
Vaibhav Bhandari changed:
What|Removed |Added
Resolution|FIXED |---
Status|CLOSED
All,
Just a heads up.
A few days ago I started to look at bug 59423. I saw all sorts of errors
when I tried to configure a clean Tomcat build for CLIENT-CERT.
As I dug into the errors it appeared that Tomcat wasn't handling an
unexpected connection close during the renegotiation. I have a patch
Author: markt
Date: Tue Aug 8 12:11:10 2017
New Revision: 1804407
URL: http://svn.apache.org/viewvc?rev=1804407&view=rev
Log:
Update test keys and certs to use new CA hierarchy that has a longer key (4096
bits) for the CA and more complete DNs.
Modified:
tomcat/trunk/test/org/apache/tomcat/
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Tuesday, August 08, 2017 5:23 AM
To: Tomcat Developers List
Subject: Test keys and certs
All,
Just a heads up.
A few days ago I started to look at bug 59423. I saw all sorts of errors when I
tried to configure a cl
On 08/08/17 13:59, George Stanchev wrote:
> Is it possible the recent changes [1] has affected it? Chrome no longer looks
> in CN, which is ignored but rather expects SAN to be filled up. Perhaps
> Tomcat's test certs lack SAN?
>
> [1] https://www.thesslstore.com/blog/security-changes-in-chro
2017-08-08 16:03 GMT+03:00 Mark Thomas :
> On 08/08/17 13:59, George Stanchev wrote:
>
>
>
>> Is it possible the recent changes [1] has affected it? Chrome no longer
>> looks in CN, which is ignored but rather expects SAN to be filled up.
>> Perhaps Tomcat's test certs lack SAN?
>>
>> [1] https:
https://bz.apache.org/bugzilla/show_bug.cgi?id=61391
Bug ID: 61391
Summary: SlowQueryReport not logging Failed Query if connection
abandoned
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: PC
Status: NEW
2017-08-03 1:10 GMT+03:00 Mark Thomas :
> The proposed Apache Tomcat 8.5.20 release is now available for voting.
>
> The major changes compared to the 8.5.16 release are:
>
> - Enable TLS connectors to use Java key stores that contain multiple
> keys where each key has a separate password. Based
On Thu, Aug 3, 2017 at 12:10 AM, Mark Thomas wrote:
> The proposed Apache Tomcat 8.5.20 release is now available for voting.
>
> The major changes compared to the 8.5.16 release are:
>
> - Enable TLS connectors to use Java key stores that contain multiple
> keys where each key has a separate pa
On Wed, Aug 2, 2017 at 11:30 PM, Mark Thomas wrote:
> The proposed Apache Tomcat 9.0.0.M26 release is now available for voting.
>
> This is a milestone release for the 9.0.x branch. It should be
> noted that, as a milestone release:
> - Servlet 4.0 is not finalised
> - The EGs have not started wo
Am 2. August 2017 23:30:23 MESZ schrieb Mark Thomas :
>The proposed Apache Tomcat 9.0.0.M26 release is now available for
>voting.
>
>This is a milestone release for the 9.0.x branch. It should be
>noted that, as a milestone release:
>- Servlet 4.0 is not finalised
>- The EGs have not started work
Am 3. August 2017 00:10:05 MESZ schrieb Mark Thomas :
>The proposed Apache Tomcat 8.5.20 release is now available for voting.
>
>The major changes compared to the 8.5.16 release are:
>
>- Enable TLS connectors to use Java key stores that contain multiple
> keys where each key has a separate passw
Author: markt
Date: Tue Aug 8 17:16:57 2017
New Revision: 180
URL: http://svn.apache.org/viewvc?rev=180&view=rev
Log:
Remove out of date comment
Modified:
tomcat/native/trunk/native/src/sslnetwork.c
Modified: tomcat/native/trunk/native/src/sslnetwork.c
URL:
http://svn.apache.org/vi
https://bz.apache.org/bugzilla/show_bug.cgi?id=61393
Bug ID: 61393
Summary: org.apache.tomcat.jni.TestSocketServer timeout failure
on a fast computer
Product: Tomcat 9
Version: 9.0.0.M25
Hardware: PC
Status: NEW
2017-08-03 0:30 GMT+03:00 Mark Thomas :
> The proposed Apache Tomcat 9.0.0.M26 release is now available for voting.
>
> This is a milestone release for the 9.0.x branch. It should be
> noted that, as a milestone release:
> - Servlet 4.0 is not finalised
> - The EGs have not started work on JSP 2.4,
On Wed, Aug 2, 2017 at 5:30 PM, Mark Thomas wrote:
> The proposed Apache Tomcat 9.0.0.M26 release is now available for voting.
>
> This is a milestone release for the 9.0.x branch. It should be
> noted that, as a milestone release:
> - Servlet 4.0 is not finalised
> - The EGs have not started work
The following votes were cast:
Binding:
+1: markt, violetagg, remm, fschumacher, kkolinko, csutherl
No other votes were cast.
This vote therefore passes.
Thanks to everyone who has contributed to this release.
Mark
-
To unsub
Author: markt
Date: Tue Aug 8 19:11:26 2017
New Revision: 20905
Log:
Release 9.0.0.M26
Added:
release/tomcat/tomcat-9/v9.0.0.M26/
- copied from r20904, dev/tomcat/tomcat-9/v9.0.0.M26/
Removed:
dev/tomcat/tomcat-9/v9.0.0.M26/
---
The following voters were cast:
Binding:
+1: violetagg, markt, csutherl, huxing, kkolinko, remm, fschumacher
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed to this release.
-
To unsubsc
Author: markt
Date: Tue Aug 8 19:15:03 2017
New Revision: 20906
Log:
Release 8.5.20
Added:
release/tomcat/tomcat-8/v8.5.20/
- copied from r20905, dev/tomcat/tomcat-8/v8.5.20/
Removed:
dev/tomcat/tomcat-8/v8.5.20/
---
Author: markt
Date: Tue Aug 8 19:18:00 2017
New Revision: 1804461
URL: http://svn.apache.org/viewvc?rev=1804461&view=rev
Log:
Reviewed for Oxygen - no changes
Modified:
tomcat/trunk/res/ide-support/eclipse/java-compiler-errors-warnings.txt
Modified: tomcat/trunk/res/ide-support/eclipse/java
Author: markt
Date: Tue Aug 8 19:19:44 2017
New Revision: 1804462
URL: http://svn.apache.org/viewvc?rev=1804462&view=rev
Log:
Eclipse Oxygen doesn't need this.
Modified:
tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
Modified:
tomcat/trunk/java/org/apache/tomcat/we
Author: markt
Date: Tue Aug 8 19:29:55 2017
New Revision: 1804463
URL: http://svn.apache.org/viewvc?rev=1804463&view=rev
Log:
Improve the handling of client disconnections during the TLS renegotiation
handshake.
Modified:
tomcat/trunk/java/org/apache/coyote/AbstractProcessor.java
tomcat
Hi,
The good news is I have managed to unpick the various TLS issues I've
been struggling with.
The Chrome not selecting the user cert issue looks to be related to how
many of the fields were complete in the DN. That has been resolved by
recreating the test keys and certs I have been using.
I wa
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
Bug ID: 61394
Summary: NIO/NIO2 + OpenSSL renegotiation doesn't send list of
CAS to user agent
Product: Tomcat 9
Version: unspecified
Hardware: PC
OS: Lin
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
Mark Thomas changed:
What|Removed |Added
Summary|NIO/NIO2 + OpenSSL |NIO/NIO2 + OpenSSL
|re
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #1 from Rainer Jung ---
The OpenSSL call for this should be SSL_CTX_set_client_CA_list() (at least
mod_ssl in Apache httpd uses it).
We already wired that functionality in tcnative, file native/src/sslcontext.c,
function setCACerti
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #2 from Mark Thomas ---
I don't think we are calling that method when we are using JSSE config with the
OpenSSL engine. I think we need the equivalent of the call to setCertificateRaw
for the trusted certs.
--
You are receiving th
Hi,
I'm planning to start preparing Tomcat 7/8.0 for a release later today.
Regards,
Violeta
30 matches
Mail list logo
