Re: [OT] Forthcoming PEM utility code

2021-12-28 Thread Michael Osipov
Am 2021-12-28 um 01:20 schrieb Christopher Schultz: Michael, [...] Although, I haven't see your code I know that this is a lot of work I have done some of that some for our enterprise CAs with pure Java recently. Kudos! It's always fun finding out ANOTHER RFC that only one tool in the world

[Bug 65770] New: Make keys reload automatically

2021-12-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770 Bug ID: 65770 Summary: Make keys reload automatically Product: Tomcat Connectors Version: unspecified Hardware: PC OS: All Status: NEW Severity: enhance

Re: [OT] Forthcoming PEM utility code

2021-12-28 Thread Rémy Maucherat
On Mon, Dec 27, 2021 at 5:13 PM Christopher Schultz wrote: > > Michael, All, > > I haven't actually committed any source yet, as I'm still polishing it > up a bit but I intend to release a bunch of PEM-related code on GH under > this repository: > > https://github.com/ChristopherSchultz/pem-utils

[Bug 65770] Make keys reload automatically

2021-12-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770 --- Comment #1 from Remy Maucherat --- I'm not sure it is a very good idea to use an automagical reload here. There is functionality to trigger a reload of the SSL host configs using JMX, this is more predictable. Is it not a good solution for

[Bug 65770] Make keys reload automatically

2021-12-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770 --- Comment #2 from Anders Rundgren --- Since administrating SSL certificates is a major PITA, I'm looking for a built-in solution that is compatible with ACME. For my current use I will use: https://github.com/schnatterer/tomcat-reloading-con

[Bug 65770] Make keys reload automatically

2021-12-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770 --- Comment #3 from Mark Thomas --- I think there is an argument for providing a listener to do this as part of the Tomcat distribution. Those users that need it can then enable it. -- You are receiving this mail because: You are the assignee

[Bug 65770] Make keys reload automatically

2021-12-28 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770 --- Comment #4 from Michael Osipov --- Stupid question: Why is it not possible to use the background process to detect mtime change of cert/private key and initiate a connector reload? This would be, of course, off by default. -- You are rece

[GitHub] [tomcat] xiezhaokun commented on a change in pull request #462: Add support for password-based encryption scheme 2 params (PBES2)

2021-12-28 Thread GitBox
xiezhaokun commented on a change in pull request #462: URL: https://github.com/apache/tomcat/pull/462#discussion_r776122608 ## File path: java/org/apache/tomcat/util/net/jsse/PEMFile.java ## @@ -210,6 +214,14 @@ public PrivateKey toPrivateKey(String password, String keyAlgorit

[GitHub] [tomcat] xiezhaokun commented on a change in pull request #462: Add support for password-based encryption scheme 2 params (PBES2)

2021-12-28 Thread GitBox
xiezhaokun commented on a change in pull request #462: URL: https://github.com/apache/tomcat/pull/462#discussion_r776122608 ## File path: java/org/apache/tomcat/util/net/jsse/PEMFile.java ## @@ -210,6 +214,14 @@ public PrivateKey toPrivateKey(String password, String keyAlgorit