Author: remm
Date: Thu Nov 26 17:17:03 2015
New Revision: 1716745
URL: http://svn.apache.org/viewvc?rev=1716745&view=rev
Log:
Add some docs fixes for the OpenSSL configuration in NIOx, now that JSSE style
is supposed to be supported. Probably not the last improvement since it is
rather difficult to explain (IMO).
Modified:
tomcat/trunk/webapps/docs/config/http.xml
tomcat/trunk/webapps/docs/ssl-howto.xml
Modified: tomcat/trunk/webapps/docs/config/http.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1716745&r1=1716744&r2=1716745&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Thu Nov 26 17:17:03 2015
@@ -1382,9 +1382,11 @@
Tomcat also bundles a special SSL implementation for JSSE that is backed
by OpenSSL. To enable it, the native library should be enabled as if
intending to use the APR connector, the value of this attribute should be
- <code>org.apache.tomcat.util.net.openssl.OpenSSLImplementation</code>,
- and the SSL attributes configuration used should be the one from the APR
- connector.</p>
+ <code>org.apache.tomcat.util.net.openssl.OpenSSLImplementation</code>.
+ In that case, the attributes from either from either JSSE and OpenSSL
+ configuration styles can be used, as long as the two types are not mixed
+ (for example, it is not allowed to define use of a Java keystore and
+ specify a separate pem private key using the OpenSSL attribute).</p>
</attribute>
</attributes>
Modified: tomcat/trunk/webapps/docs/ssl-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ssl-howto.xml?rev=1716745&r1=1716744&r2=1716745&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/trunk/webapps/docs/ssl-howto.xml Thu Nov 26 17:17:03 2015
@@ -303,8 +303,9 @@ loaded or not, use one of the following:
<p>Tomcat also provides a SSL engine that directly uses OpenSSL. If the APR
library
is installed (as for using the APR connector), using the sslImplementationName
attribute
-allows enabling it. In that case, the configuration must not use the JSSE
attributes, but
-all the attributes that are defined for the APR connector.</p>
+allows enabling it. In that case, the configuration can use either the JSSE
attributes or
+the OpenSSL attributes (as used for the APR connector), but must not mix
attributes from
+both types in the same SSLHostConfig or Connector element.</p>
<source><![CDATA[<!-- Define a HTTP/1.1 Connector on port 8443, JSSE NIO
implementation and OpenSSL -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443"
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
