Re: Is there a 6.0.x patch for CVE-2016-5388?

2016-10-03 Thread Vamsavardhana Reddy
Hi, Thanks for your reply. I meant to ask if Tomcat will be releasing a 6.0.x version (say 6.0.46?) addressing this CVE. If yes, what time frame may I expect this version out? Best regards, Vamsi

Is there a 6.0.x patch for CVE-2016-5388?

2016-10-03 Thread Vamsavardhana Reddy
Hi, Is there a 6.0.x patch for CVE-2016-5388? I do not see it listed in https://tomcat.apache.org/security-6.html . Thanks and best regards, Vamsi

Re: Problem accessing a secure resource with FORM login method when web application clustered on Tomcat 6.0.18

2011-03-03 Thread Vamsavardhana Reddy
On Thu, Mar 3, 2011 at 5:57 PM, Mark Thomas wrote: > On 03/03/2011 12:18, Vamsavardhana Reddy wrote: > > My guess is that there is an issue with Tomcat AJP connector because of > > which the request is getting forwarded to the login page when the HTTP > > server switches the

Problem accessing a secure resource with FORM login method when web application clustered on Tomcat 6.0.18

2011-03-03 Thread Vamsavardhana Reddy
Hi, I am using Tomcat 6.0.18 embedded in Geronimo server to cluster my web application. I have two nodes Node1 and Node2. On Node1 the HTTP port is 8080 and AJP port 8009. On Node2 the HTTP port is 8090 and AJP port 8019. I am using Apache HTTP Server (HTTP on port 80) with mod_jk as the front-en

Re: How to access the client's X509 Cert of an https request ?

2008-04-11 Thread Vamsavardhana Reddy
I thought that is the only way. Is there any other way to get hold of the client cert? ++Vamsi On Fri, Apr 11, 2008 at 1:52 PM, Mark Thomas <[EMAIL PROTECTED]> wrote: > Hanson Char wrote: > > > Finally, I found at least one answer to this problem: > > > > If you read the spec, there are simpler

Re: What is the difference between TomCat and Geronimo?

2008-04-09 Thread Vamsavardhana Reddy
Also Geronimo has a distribution with Tomcat as the web container. ++Vamsi On Wed, Apr 9, 2008 at 12:40 PM, Mark Thomas <[EMAIL PROTECTED]> wrote: > Ben Stover wrote: > > > What is the difference between TomCat and Geronimo? > > > > Geronimo is a full J2EE container. Tomcat is a Servlet/JSP cont

Re: rolling the console log

2008-04-03 Thread Vamsavardhana Reddy
May be you can pipe it to rotatelogs? See [1]. [1] http://httpd.apache.org/docs/2.0/programs/rotatelogs.html ++Vamsi On Fri, Apr 4, 2008 at 2:57 AM, Angelina Talley <[EMAIL PROTECTED]> wrote: > Hello! We are running Tomcat 5.0 in a production environment (so > upgrading isn't an option) and ha

Re: displaying an image from outside the webapps directory

2008-03-30 Thread Vamsavardhana Reddy
Have you considered using the allowLinking attribute (See http://tomcat.apache.org/tomcat-6.0-doc/config/context.html) and creating a soft-link inside the webapp directory to the directory which is outside of webapp? ++Vamsi On Fri, Mar 21, 2008 at 4:28 PM, Kimberly Begley <[EMAIL PROTECTED]> wro

Re: Multi domain certificate with keytool

2008-03-13 Thread Vamsavardhana Reddy
right keystore to the Tomcat server.xml file. You don't need to > specify a keyAlias as there is only one certificate in the keystore. > > > Vamsavardhana Reddy-2 wrote: > > > > You should be able to create a PKCS12 keystore using OpenSSL with the > > private

Re: Multi domain certificate with keytool

2008-03-12 Thread Vamsavardhana Reddy
You should be able to create a PKCS12 keystore using OpenSSL with the private key and the certificate you have. See if the following thread helps. http://www.mail-archive.com/[EMAIL PROTECTED]/msg08816.html ++Vamsi On Wed, Mar 12, 2008 at 6:59 PM, Some user <[EMAIL PROTECTED]> wrote: > > Dear

Re: catalina.out is not reloading

2008-02-11 Thread Vamsavardhana Reddy
I am guessing... Somewhere in the script there should be a ">> catalina.out" to append to catalina.out. Change that to "> catalina.out" so that the old file is automatically rewritten. Or else you may use rotatelogs program that comes with apache http server. See http://httpd.apache.org/docs/2.

Tomcat access logs

2008-02-07 Thread Vamsavardhana Reddy
Is there a way to specify how many days access logs should be retained by tomcat so that old access logs (for e.g. more than a month old) are automatically deleted? I am using Tomcat 5.5.15. ++Vamsi

Re: Invalid Keystore Format Exception

2008-01-30 Thread Vamsavardhana Reddy
I tried: > >> $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -storetype JKS > >> > >> Thanks for the suggestion though, > >> - Ole > >> > >> > >> > >> Vamsavardhana Reddy wrote: > >>> May be you should use the "-stor

Re: Invalid Keystore Format Exception

2008-01-30 Thread Vamsavardhana Reddy
you using? ++Vamsi On Jan 30, 2008 8:12 PM, Ole Ersoy <[EMAIL PROTECTED]> wrote: > Hi Vamsi, > > I tried: > $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -storetype JKS > > Thanks for the suggestion though, > - Ole > > > > Vamsavardhana Reddy wrote: >

Re: Invalid Keystore Format Exception

2008-01-29 Thread Vamsavardhana Reddy
May be you should use the "-storetype JKS" to be sure of the format in which the keystore is generated. ++Vamsi On Jan 30, 2008 11:11 AM, Ole Ersoy <[EMAIL PROTECTED]> wrote: > Hi, > > I'm trying to get SSL working real quick for some experiments, and I did > this: > > $JAVA_HOME/bin/keytool -ge

Re: How to get port of a running Tomcat instance

2007-08-23 Thread Vamsavardhana Reddy
I do not know if this info is helpful... ServletRequest has getServerPort() and getServerName() methods that should give the port and server through which the request came. Vamsi On 8/24/07, Brian Barnett <[EMAIL PROTECTED]> wrote: > > Can someone provide a java code snippet showing how to get t

Re: Use JMX to manage applications

2007-08-23 Thread Vamsavardhana Reddy
On 8/23/07, lightbulb432 <[EMAIL PROTECTED]> wrote: > > > What is the preferred API for accessing MBeans from within servlets or > JSPs? > > MBeanServerConnection jmxServerConnection = JMXConnectorFactory.connect > (new > JMXServiceURL(urlForJMX),null).getMBeanServerConnection(); > jmxServerConnect

Re: Thawte SSL certificates

2007-08-13 Thread Vamsavardhana Reddy
Can you send me the certificate(s) you received from the Thawte CA? May be I can help. You should be comfortable sending it as there is nothing secret about Certificates. It is only your private-key that should not be transmitted. Vamsi On 8/13/07, Lyallex <[EMAIL PROTECTED]> wrote: > > Hi >