[Bug 44225] SSL connector tries to load the private keystore file after privileges have already been dropped by JSVC

bugzilla Thu, 11 May 2017 03:20:48 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=44225


Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED

--- Comment #2 from Mark Thomas <ma...@apache.org> ---
It doesn't appear as if anyone is interested in writing a patch for this.

Also, limiting the key file to root doesn't offer any additional security. The
Tomcat process will have the key in memory and hence the OS user tomcat is
running as will always be able to access it.

Therefore, closing this as WONTFIX.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 44225] SSL connector tries to load the private keystore file after privileges have already been dropped by JSVC

Reply via email to