.
Am I missing something? How can I make use of it without reinventing the wheel?
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=55477
Thanks,
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional c
-Original Message-
From: Mohammed Soukath Ali [mailto:mohammedsou...@vmware.com]
Sent: Wednesday, January 27, 2016 2:50 AM
To: users@tomcat.apache.org
Subject: SAML SSO (Service Provider) Configurations on Tomcat Server
Hi Team,
We are planning to implement SAML in our Tomcat server. Ple
after the response, after 3
minutes, the WEB sends a FIN and tomcat ACK's. the connection goes into
CLOSE_WAIT and stays in that state until restart of tomcat.
Any help would be greatly appreciated.
Thanks
Michael
after the response, after 3
minutes, the WEB sends a FIN and tomcat ACK's. the connection goes into
CLOSE_WAIT and stays in that state until restart of tomcat.
Any help would be greatly appreciated.
Thanks
Michael
calls are being handled by the Apache server?
Thanks,
Mike
Michael Fox
Database/System Administrator
Sidney Kimmel Comprehensive Cancer Center
Johns Hopkins University
fo...@jhmi.edu
I am running Red Hat Linux version 7.2, Apache version 2.4.6, Java JDK
1.8.0_65, Tomcat version 9.0.0.M1, Tomcat connector version 1.2.5, and have
uncommented the HTTP/2 Connector lines in the Tomcat server.xml file. When I
run the configure command for the Tomcat connector, I get the message:
e end of my original post (below).
Thanks,
Mike
-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de]
Sent: Friday, April 15, 2016 1:57 PM
To: Tomcat Users List
Subject: Re: SSL_CTX_set_alpn_select_cb undefined
Am 15.04.2016 um 19:37 schrieb Michael Fox:
> I am runnin
Thanks!
I'll look into the latest OpenSSL.
Best,
Mike
-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de]
Sent: Friday, April 15, 2016 2:57 PM
To: Tomcat Users List
Subject: Re: SSL_CTX_set_alpn_select_cb undefined
Am 15.04.2016 um 20:24 schrieb Michael Fox:
I have an Apache web server(2.4.6) which is accessible at http or https at
DNS_hostname, and a Tomcat server (9.0.0.M1)with an application available at
DNS_hostname:8080/app_name.
I then disabled the non-SSL HTTP/1.1 connector on port 8080 and enabled HTTP/2
in the Tomcat server.xml, using the c
al Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Friday, April 29, 2016 9:14 PM
To: Tomcat Users List
Subject: Re: Tomcat connector settings
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
On 4/29/16 4:25 PM, Michael Fox wrote:
> I have an Apac
connector settings
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
On 5/2/16 10:20 AM, Michael Fox wrote:
> I ultimately want to have a Tomcat application protected by our
> university's system for authentication, which is SiteMinder. They
> have told me that they can&#x
SSAGE-
Hash: SHA1
Michael,
On 5/5/16 3:28 PM, Michael Fox wrote:
> Please confirm that to configure the passthrough with an external
> HTTPS and an internal HTTP, I would set Apache to listen to SSL on
> port 8443 and Tomcat on port 8080, with a line inside the Virtual Host
Hello,
When I try to log on to Data Integrator Management Console I get the HTTP
Status 404 message:
The requested resource (diAdmin/launch/logon.do) is not available. Anybody give
me an idea how I might fix this problem?
Michael J. Hargis
EDI Specialist
Wockhardt/Morton Grove Pharmaceuticals
help you can give me.
Michael J. Hargis
EDI Specialist
Wockhardt/Morton Grove Pharmaceuticals
6451 Main St.
Morton Grove, IL
Phone: 847-410-6705
Cell: 847-975-4872
-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
Sent: Monday, May 30, 2016 7:52 AM
To: users
I get occasional Apache 2 crashes being caused by mod_jk and I'm running
out of ideas about the cause of the problem. I hope somebody here can point
me in the right direction.
-Michael
tomcat6 6.0.39-1
libapache2-mod-jk 1:1.2.37-3
apache2 2.4.7-1ubuntu4
java version "1.6.0_45&qu
nd would be an interesting check to see, whether it is just an
> old already fixed problem.
You are right, I will test and get back.
Viele Grüße,
Michael
--
luate the IF in line 284 to
TRUE? I wonder if this might be the real cause for my problems in the first
place.
2. In line 305 of the original jk_connect.c there is a FD_ISSET inside an
IF. Is there an equivalent operation for poll or is the whole IF
unnecessary then?
Thanks,
Michael
On 30
nk
something on my Linux machine is not right.
What would you guys suggest? Should I file a bug report? My system runs
stable now after the change to poll() and I don't hit that problem anymore.
Thanks,
Michael
places
already, just not at the spot that matters in my case.
Anyhow, I will submit a bug report later this week with all the information
and will post a link over here as well.
Thank you,
Michael
On 18 July 2016 at 16:56, Christopher Schultz
wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
FYI, the bug is submitted:
https://bz.apache.org/bugzilla/show_bug.cgi?id=59897
Chris and Rainer, thanks for pointing me in the right direction!
Michael
On 19 July 2016 at 11:42, Michael Diener wrote:
> Chris,
>
> thanks a lot for explaining what could be overflowing the FD_SETSIZE
service.
Note that this plugin reports all SSL certificate chains signed with SHA-1 that
expire after
January 1, 2017 as vulnerable. This is in accordance with Google's gradual
sunsetting of the
SHA-1 cryptographic hash algorithm.
Michael Mattes
DevIT Boeblingen Phone: +49-(0)70
That was fast!
Regards,
Michael Turner
Executive Director
Project Persephone
K-1 bldg 3F
7-2-6 Nishishinjuku
Shinjuku-ku Tokyo 160-0023
Tel: +81 (3) 6890-1140
Fax: +81 (3) 6890-1158
Mobile: +81 (90) 5203-8682
tur...@projectpersephone.org
http://www.projectpersephone.org/
"Love does not co
vices\WebClient\Parameters]
"BasicAuthLevel"=dword:0001
"UseBasicAuth"=dword:0001
Server.xml
I'm fairly new to this, but have done a fair bit of reading to get it working
previously in Tomcat7...so any help would be greatly appreciated.
Kind regards
Michael Salisbu
to work, only on the client itself those registry changes
as previously mentioned.
I'll run a Wireshark trace and see what comes up, nothing in the Tomcat logs
that I can see...
Thanks
Michael Salisbury
Senior Systems Architect | P 07 960 7011 | E mich...@skypoint.co.nz
| W
Thanks guys,
I was wondering when I'd get a point where it's no longer practical to run the
client through Windows, perhaps I'm getting close. I can connect fine over
HTTP, but when I put in the SSL/certificate configuration no go - implementing
the suggestions made by all.
Mi
First time post here.
Using :
Tomcat 8.0.26
JDK1.8.0 update 51
Apache MyFaces 2.2.8.
Maven build of webapp war file
Chrome 45.0.2454.101 m 64 bit
Windows 7 64 bit
Trying to rewrite the entire request body in a filter using a http request
wrapper. Not entirely sure if this is the right approach
thods beyond what I've done already. Is
there another design pattern here that I can utilize to get around this
issue? I would assume this issue probably varies from container to
container depending on how the server implements the seeded request classes.
On Sun, Oct 4, 2015 at 2:03 PM, Mic
On Sun, Oct 4, 2015 at 2:03 PM, Michael Greco
wrote:
> First time post here.
>
> Using :
> Tomcat 8.0.26
> JDK1.8.0 update 51
> Apache MyFaces 2.2.8.
> Maven build of webapp war file
> Chrome 45.0.2454.101 m 64 bit
> Windows 7 64 bit
>
> Trying to rewrite th
On Sun, Oct 4, 2015 at 7:25 PM, Michael Greco
wrote:
> On Sun, Oct 4, 2015 at 2:03 PM, Michael Greco
> wrote:
>
>> First time post here.
>>
>> Using :
>> Tomcat 8.0.26
>> JDK1.8.0 update 51
>> Apache MyFaces 2.2.8.
>> Maven build of webapp war
On Mon, Oct 5, 2015 at 3:30 AM, Mark Thomas wrote:
> On 04/10/2015 19:03, Michael Greco wrote:
> > First time post here.
> >
> > Using :
> > Tomcat 8.0.26
> > JDK1.8.0 update 51
> > Apache MyFaces 2.2.8.
> > Maven build of webapp war file
> >
breaking the specs?
It is currently a mere copy and paste from GenericPrincipal#hasRole()
and RealmBase#hasRole() in our code.
Best regards,
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
> On 21/11/2016 10:45, Osipov, Michael wrote:
> > Hi folks,
> >
> > I am currently porting our custom Tomcat components from 6.0 to 8.5.8+
> and need
> > to clarify some possible inconsistencies for new/changed roles "*" and
> "**"
> &
ttp11.Http11OutputBuffer.sendStatus().
RFC 7230, section 3.1.2 defines the EBNF the status-code is defined as
3DIGIT.
My question: is that an implementation error?
Not having checked Apache 2.4 yet, I know that mod_rewrite.c will return
an error if the status code is not between 100 and 900 [1].
Michae
Am 2016-11-29 um 15:40 schrieb Christopher Schultz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 11/29/16 8:14 AM, Michael Osipov wrote:
Hi folks,
while investigating another possible patch for the RewriteValve, I
have noticed that Tomcat 8.5 does not validate the set status
Am 2016-11-29 um 16:07 schrieb Mark Thomas:
On 29/11/2016 14:40, Christopher Schultz wrote:
Michael,
On 11/29/16 8:14 AM, Michael Osipov wrote:
Hi folks,
while investigating another possible patch for the RewriteValve, I
have noticed that Tomcat 8.5 does not validate the set status
code
HTTPS
and SPNEGO authentication. Both works with Tomcat and HTTPd's mod_dav.
Everything else is a rollercoaster ride.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: us
ason why there is no
"org.apache.tomcat.websocket.SSL_CIPHER_SUITES" property, or is it
simply an oversight?
Thanks, and keep up the great work!
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additi
On 17 January 2017 at 13:39, Mark Thomas wrote:
> On 17/01/2017 11:23, Michael Orr wrote:
>> Hi,
>>
>> There is a user property "org.apache.tomcat.websocket.SSL_PROTOCOLS"
>> that you can use to provide the list of permitted SSL protocols w
Hi,
I am unable to configure tomcat 9.0.0.M17 for http/2 support. My connector for
port 8443 has been uncommented and the necessary certificates were added to it.
I am receiving this error when I start my tomcat: Jan 25, 2017 4:28:21 PM
org.apache.catalina.util.LifecycleBase handleSubClassExce
e web-fragement is processed when I move the jar to the
web-inf\lib folder.
Regards,
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Am 10.05.2017 um 00:40 schrieb Mark Thomas:
On 09/05/17 15:25, Michael Heinen wrote:
Hi all,
I am currently mirgating an application from Tomcat 7.0.73 to 8.0.43.
On development platforms we use an embedded tomcat.
On of the jars on the classpath contains a web-fragment.xml in it's
MET
Am 10.05.2017 um 12:18 schrieb Mark Thomas:
On 10/05/17 10:26, Michael Heinen wrote:
Am 10.05.2017 um 00:40 schrieb Mark Thomas:
On 09/05/17 15:25, Michael Heinen wrote:
Hi all,
I am currently mirgating an application from Tomcat 7.0.73 to 8.0.43.
On development platforms we use an embedded
Am 10.05.2017 um 19:59 schrieb Mark Thomas:
On 10/05/17 12:40, Michael Heinen wrote:
Am 10.05.2017 um 12:18 schrieb Mark Thomas:
On 10/05/17 10:26, Michael Heinen wrote:
Am 10.05.2017 um 00:40 schrieb Mark Thomas:
On 09/05/17 15:25, Michael Heinen wrote:
Hi all,
I am currently mirgating an
ed?
Should Tomcat use libraries of the web app for the startup of a context,
here for web-xml parsing?
Regards,
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mai
Am 18.05.2017 um 19:01 schrieb Mark Thomas:
On 17/05/2017 14:32, Michael Heinen wrote:
I am currently migrating a web app from Tomcat 7.0.73 to 8.5.15. An
embedded Tomcat is used on development systems.
The web-inf/lib folder of the application contains a jar with a
SAXParserFactory
All,
I am having an issue with IIS Logs on Windows 2016. Specifically, the
cs-uri-stem and cs-uri-query columns are not recording requests properly. For
EVERY request that is handled by the connector, the cs-uri-stem records an
entry as "/jakarta/isapi_redirect.dll" and the cs-uri-query is al
All,
When using the ISAPI Handler Mapping in IIS 10 on Windows 2016, the IIS logs
are not identifying the URI Stem (cs-uri-stem) and URI Query (cs-uri-query) as
expected. For EVERY request that the handler processes (e.g. .cfm), the
cs-uri-stem records an entry as "/jakarta/isapi_redirect.dll"
--
On 01.09.2017 22:21, Thomas, Michael wrote:
> All,
>
> When using the ISAPI Handler Mapping in IIS 10 on Windows 2016, the IIS logs
> are not identifying the URI Stem (cs-uri-stem) and URI Query (cs-uri-query)
&
--
> On 01.09.2017 22:21, Thomas, Michael wrote:
>> All,
>>
>> When using the ISAPI Handler Mapping in IIS 10 on Windows 2016, the IIS logs
>> are not identifying the URI Stem (cs-uri-stem) and URI
Mark,
Do you know if tomcat 5.x and 6.x are vulnerable to this issue? I know they
are not supported, but are they exploitable by this vulnerability?
Thx
Mike
On 3 October 2017 at 11:55, Mark Thomas wrote:
> CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP Upload
>
> Severity: Import
--
On 06.09.2017 22:07, Thomas, Michael wrote:
>
> --
>> On 01.09.2017 22:21, Thomas, Michael wrote:
>>> All,
>>>
>>> When
XfUwBahUZvJn-qGmC8Rh9wHr8D0&m=DbQ305KuTM2F_E2iBepldzdcGBtdlaOltNKMsXQJiPY&s=dCzIxTcvs4S2BUcLmkC9Nk3iAk985CuVxROdGRwfI8E&e=
There (for IIS 8) it says "are replaced".
All of this without any guarantee though, I am not an MS expert in any way.
--
-
On 06/10/17 22:42, Mark Thomas wrote:
> On 06/10/17 16:27, Mark Thomas wrote:
>>> On 10.05.2017 8:54, Thomas, Michael wrote:
>>>
>>> Unfortunately I am not getting much traction with Microsoft. Fro
--
On 17/11/17 15:47, jumiller wrote:
> I finally managed to figure out what the issue is/was. The
> c:\windows\system32\inetsrv\config\applicationHost.config file has a
> definition for IsapiFilter in the overrideMode="Allow"> s
though)
Do the changes make sense, and what would be the side effect ? In our case, the
"netInBuffer" could be full, i.e., postion = limit for large data. Maybe the
"netInBuffer" should not be cleared since "compact" would reset the
"netInBuffer", should it?
Please advise.
Thanks,
Michael
Hi, Remy,
Is the fix available for 8.5.16? if not, could you please share the code
changes?
Thanks,
Michael
-Original Message-
From: Rémy Maucherat [mailto:r...@apache.org]
Sent: Friday, January 5, 2018 5:58 AM
To: Tomcat Users List
Subject: [EXTERNAL]Re
I'm using Tomcat 8.5.4. I've got a JASPIC question
When I call AuthConfigFactory#registerConfigProvider() if I pass null for the
3rd parameter (the appContext) there is no registration. The registrationID
returned by calling registerConfigProvider() is null. And in testing I can
verify the Au
morrow. If no
solution is available, this will basically mean that I have to drop
HTTPd proxying the requests and lose potential balancing features in the
future for this service.
Michael
-
To unsubscribe, e-mail: user
> Dear Michael,
>
> i don't know if this issue also take happen with it, but may be using mod_jk
> an option for you, also?
Hi Guido,
just installed mod_jk through ports and configured it. No avail, I have the
very same issue.
I will raise this on the HTTPd maili
Am 2018-07-05 um 14:44 schrieb Jäkel, Guido:
Dear Michael,
I wasn't faced by this yes, but what's about adding something like
RequestHeader unset Expect early
at the Apache httpd?
I know that tip, but it makes no sense at all. The client expected
10
Just did the test. Zero changed, broken as before.
Anyway, thanks for helping. I will try to continue with Yann on the Bugzilla
issue.
Michael
>
> Dear Michael,
>
> did you give it a try, also? To my knowledge the keyword "early" may hide
> this header from the Apac
ava
I consider this to be a bug, I know that Tomcat has its own URLEncoder,
but it seems that we need a compliant URLDecoder or use UDecoder?.
Can someone confirm?
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
y how the report shall look like, it is at the
discretion of the container, you should rely on that at all.
Though, I'd be very greatful if you can isolate the case, I'd really want to fix
this.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
eel of your application.
The current valve shows you consicely status -- reason phrease, message,
status description and the stacktrace if given.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Am 2018-07-25 um 22:13 schrieb Michael Osipov:
Hi folks,
I might have found a bug and looking for someone to confirm. (Tested in
Tomcat 8.5.32).
Consider the following servlet:
@WebServlet("/request-dispatcher")
public class TestServlet extends HttpServlet {
private static
Am 2018-08-02 um 16:30 schrieb Mark Thomas:
On 02/08/18 11:15, Mark Thomas wrote:
On 30/07/18 19:48, Michael Osipov wrote:
Am 2018-07-25 um 22:13 schrieb Michael Osipov:
Hi folks,
I might have found a bug and looking for someone to confirm. (Tested
in Tomcat 8.5.32).
I agree that this is a
// < PRIVATE access!!
Oh hell, this is so wrong. The servlet instance exists only once in the
webapp classloader. No one is creating a new instace on each an every
request. You *cannot* share a variable like that, it is not threadsafe.
This is your problem. You have t
not defined and do not expect it to work properly. The best and
morstreliable you can do is to encode your values with
https://tools.ietf.org/html/rfc5987. This is the same approach done for
Content-Disposition filename qualifier. You may want to evaluate mod_lua
for that.
On Wed, Oct 3, 2018 at 12:50 PM Mark Thomas wrote:
> CVE-2018-11784 Apache Tomcat - Open Redirect
Is it possible to get more information on the "specially crafted URL"?
I'd like more information so that I can test if some of our apps are
vulnerable.
In addition, I'd like to verify that the valu
he are released (hence logout performed) as soon as the
security context has been established and the GSS src name has been
obtained.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
TomCat users.
I currently am running Apache Tomcat 8.5.13.0 on Windows Server 2012 R2 servers
to support a NCR Aptra Vision application. A Tripwire vulnerability scan
showed the servers have the Apache Tomcat CVE-2017-12617 Vulnerability. To
mitigate I see I could upgrade to Apache Tomcat 8.5.
:35, Adams, Michael wrote:
> TomCat users.
> I currently am running Apache Tomcat
> https://urldefense.proofpoint.com/v2/url?u=http-3A__8.5.13.0&d=DwICaQ&c=LkAXfnqL6_MvrMPL5JzdE3Ild0DUTpmjbCJvMv5_TcQ&r=p3_goTYT-PvEzXC6jGr9rg&m=EyqQRJjlE-MS2UtSwB36b0J
bject: [External] Re: Question regarding mitigating the CVE-2017-12617
vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 2/13/19 13:35, Adams, Michael wrote:
> I currently am running Apache Tomcat 8.5.13.0 on Windows Server
> 2012 R2 servers to support a NCR A
Am 2019-03-10 um 12:16 schrieb Mark Thomas:
On 10/03/2019 09:08, Guido Jäkel wrote:
Dear John, Hi Rainer,
Thank you for your hints. I leaned to used this features on Github locate the
commit - it's
https://github.com/apache/tomcat/commit/fd2abbb525660a9968694afd99a58f8c22cb54c6
and
Am 2019-03-10 um 22:29 schrieb Mark Thomas:
On 10/03/2019 20:54, Michael Osipov wrote:
Am 2019-03-10 um 12:16 schrieb Mark Thomas:
On 10/03/2019 09:08, Guido Jäkel wrote:
Dear John, Hi Rainer,
Thank you for your hints. I leaned to used this features on Github
locate the commit - it&#
Am 2019-03-11 um 09:03 schrieb Rainer Jung:
Am 11.03.2019 um 08:09 schrieb Michael Osipov:
Am 2019-03-10 um 22:29 schrieb Mark Thomas:
On 10/03/2019 20:54, Michael Osipov wrote:
Am 2019-03-10 um 12:16 schrieb Mark Thomas:
On 10/03/2019 09:08, Guido Jäkel wrote:
Dear John, Hi Rainer,
Thank
ooks/upload.py'
> * Uses proxy env variable NO_PROXY == 'localhost .siemens.net
.siemens.com .siemens.de'
> * Found bundle for host sitex-ldadw.ad001.siemens.net: 0x800cd5390
[can multiplex]
> * Re-using existing connection! (#0) with host
sitex-ldadw.ad001.siemens.net
> * Connected to sitex-ldadw.ad001.siemens.net (147.54.64.55) port 443 (#0)
> * Server auth using Negotiate with user ''
> * Using Stream ID: 3 (easy handle 0x800d65000)
> } [5 bytes data]
> > PUT /webhooks/upload.py HTTP/2
> > Host: sitex-ldadw.ad001.siemens.net
> > Authorization: Negotiate YIISJQYGKwYBBQUCoI...
> > User-Agent: curl/7.64.0
> > Accept: */*
> > Expect: 100-continue
> > Content-Length: 6502195
> >
> } [5 bytes data]
> < HTTP/2 100
> } [5 bytes data]
> 3 6349k0 03 191k 0 1432k 0:00:04 --:--:--
0:00:04 1432k* We are completely uploaded and fine
> { [5 bytes data]
> < HTTP/2 204
> < date: Thu, 28 Mar 2019 14:36:56 GMT
> < server: Apache/2.4.38 (FreeBSD) OpenSSL/1.1.1a-freebsd
mod_auth_gssapi/1.6.1
> < www-authenticate: Negotiate oYG3MIG0oAMKA...
> < x-frame-options: SAMEORIGIN
> <
> { [5 bytes data]
> 100 6349k0 0 100 6349k 0 15.3M --:--:-- --:--:--
--:--:-- 22.2M
> * Connection #0 to host sitex-ldadw.ad001.siemens.net left intact
>
> real0m0,420s
> user0m0,212s
> sys 0m0,169s
It works, even without "Expect: 100-continue".
As far as I understand the HTTP/2 spec, the header is not necessary
anymore and this is builtin into the protocol.
Any ideas?
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Am 2019-03-29 um 12:14 schrieb Mark Thomas:
On 28/03/2019 15:14, Osipov, Michael wrote:
Hi folks,
right away, I don't know whether it is us (Tomcat) or curl. I'd lke to
narrow down the cause.
It seems to be related to the use of kerberos. I don't see any errors
when I provid
Am 2019-03-29 um 22:07 schrieb Mark Thomas:
On 29/03/2019 12:28, Michael Osipov wrote:
Am 2019-03-29 um 12:14 schrieb Mark Thomas:
On 28/03/2019 15:14, Osipov, Michael wrote:
Hi folks,
right away, I don't know whether it is us (Tomcat) or curl. I'd lke to
narrow down the cause.
I
Am 2019-03-29 um 22:07 schrieb Mark Thomas:
On 29/03/2019 12:28, Michael Osipov wrote:
Am 2019-03-29 um 12:14 schrieb Mark Thomas:
On 28/03/2019 15:14, Osipov, Michael wrote:
Hi folks,
right away, I don't know whether it is us (Tomcat) or curl. I'd lke to
narrow down the cause.
I
connection 0
and here the access log:
147.54.64.55 - 2019-03-30T21:58:31.073 "PUT
/backend-dev/manager-1/text/deploy?path=%2Fbackend-dev&update=false&version=003
HTTP/1.1" 101 - 0
147.54.64.55 osipo...@ad001.siemens.net 2019-03-30T21:58:31.8
Am 2019-03-29 um 22:07 schrieb Mark Thomas:
On 29/03/2019 12:28, Michael Osipov wrote:
Am 2019-03-29 um 12:14 schrieb Mark Thomas:
On 28/03/2019 15:14, Osipov, Michael wrote:
Hi folks,
right away, I don't know whether it is us (Tomcat) or curl. I'd lke to
narrow down the cause.
I
rity:jee and using my custom Tomcat authentication
implementation.
If someone knows better, I'd be glad to hear his/her approach.
Michael
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
, there
must be a bug in security:jee, you should debug that. I had to debug
this many many times due to a lot of issues with security:jee.
See [1] the attention admonition, you may suffer from one of those.
Michael
[1] http://tomcatspnegoad.sourceforge
i recently did a JASPIC plugin for OIDC.
ended writing a simple authorization class that returned user roles based
on the request/Principal instead of trying to add JACC
arjan tijms guide is what i used for the most part
but you're right there is no decent Tomcat tutorial yet
On Wed, Jun 5,
Hi,
I'm running Tomcat 8.5 on RHEL 7.6. I'm successfully using client certificate
validation from the smart card, but I would like to add client-cert OCSP
revocation checking. I *think* I've set up the connector correctly in the
server.xml file, but although the server starts and operates fin
Thomas
Sent: Thursday, June 20, 2019 3:33 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
Tomcat version?
Tomcat Native version?
Mark
On 19/06/2019 23:46, Michael Magnuson wrote:
> Hi,
>
> I'm running Tomcat 8.5 on RHEL 7.6. I'm succes
uot; from "want" has no effect either way.
Mike
From: Mark Thomas
Sent: Thursday, June 20, 2019 9:02 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 20/06/2019 16:19, Michael Magnuson wrote:
> Mark,
>
attribute, is the correct syntax "require" or
"required"?
Thanks,
Mike
From: Mark Thomas
Sent: Thursday, June 20, 2019 10:00 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 20/06/2019 17:24, Michael M
26 Jan 2017]
I have compiled all native components myself, except for Java and
OpenSSL. They are provided by HPE in binary form.
Note: OpenSSL update to 1.0.2r is pending, but this should not be cause
here.
Michael
-
To u
Am 2019-06-21 um 14:33 schrieb Mark Thomas:
On 21/06/2019 13:13, Osipov, Michael wrote:
Folks,
we're migrating off old hosts to new ones, but remain at 8.5.x (.34 to
.42 at the moment) and Java 8. Surprisingly, an empty Tomcat wih just
manager installed takes way too long too start.
Mark Thomas wrote:
> On 20/06/2019 18:27, Michael Magnuson wrote:
>> Thanks Mark. A couple clarifications on your example first. You don't list
>> the clientAuth= attribute. I assume this was a simple oversight.
>
> It is replaced by certificateVerification="req
Thanks. Is that setup using a CRL instead of OCSP?
From: Mark Thomas
Sent: Friday, June 21, 2019 8:44 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 21/06/2019 16:31, Michael Magnuson wrote:
> Hmm. It's s
Can I point certificateRevocationListFile= to an empty file so it always
reverts to OCSP?
From: Mark Thomas
Sent: Friday, June 21, 2019 9:10 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 21/06/2019 16:46, Michael
e.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 21/06/2019 17:12, Michael Magnuson wrote:
>
>
> Can I point certificateRevocationListFile= to an empty file so it always
> reverts to OCSP?
Just don't specify it at all.
I've co
25/06/2019 18:04, Michael Magnuson wrote:
>
>
> Mark, are you defining your server SSL certificate someplace else, other than
> within the connector in server.xml?
No.
> From your example connector config, I'm not seeing it defined.
Server key is defined b
no OCSP action.
From: Mark Thomas
Sent: Tuesday, June 25, 2019 11:33 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 25/06/2019 19:24, Michael Magnuson wrote:
>
>
> Oh I see. I was trying to use those fields for
Thomas
Sent: Tuesday, June 25, 2019 12:41 PM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 25/06/2019 20:22, Michael Magnuson wrote:
>
>
> Mark, thanks for the further clarification. With that setup, it prompts for
> the smart card PIN and yo
erver
at sitex-ldadw.ad001.siemens.net Port 443
* Closing connection 0
* TLSv1.3 (OUT), TLS alert, close notify (256):
real1m0,175s
user0m0,047s
sys 0m0,007s
Where can I start digging? Tomcat? HTTPd? Maybe I should run HTTPd in
debug mode for a day
Am 2019-07-02 um 17:18 schrieb Christopher Schultz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 7/2/19 10:40, Osipov, Michael wrote:
Hi folks,
I am trying to understand a sporadic failure (several times a day)
where a request proxied by HTTPd takes so long that the default
901 - 1000 of 1140 matches
Mail list logo
