On Fri, Apr 10, 2020 at 6:32 PM Filip Hanik <fha...@pivotal.io> wrote:
>
>
> On Fri, Apr 10, 2020 at 1:28 AM Rémy Maucherat <r...@apache.org> wrote:
>
>>
>>
>>> This configuration gives the impression that the Endpoint is a child of
>>> the Connector.
>>> But the Connector truly only needs the ProtocolHandler interface to
>>> function. The injected object would then be better to an instance of a
>>> ProtocolHandler
>>>
>>> The XML can of course be configured to instantiate and inject the
>>> ProtocolHandler handler directly into the Connector
>>> In this setting, it doesn't make sense to have any properties on the
>>> Connector, since the Connector receives the protocol handler already
>>> configured.
>>>
>>> <Connector scheme="https" secure="true">
>>> <Protocol className="org.apache.coyote.http11.Http11Protocol"
>>> maxHeaderCount="10" >
>>> <Endpoint className="org.apache.tomcat.util.net.NioEndpoint"
>>> port="8443" SSLEnabled="true"
>>>
>>>
>>> sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation">
>>> <SocketProperties directBuffer="true" directSslBuffer="true" />
>>> <SSLHostConfig honorCipherOrder="false">
>>> <Certificate
>>> certificateKeyFile="${catalina.home}/conf/key.pem"
>>> certificateFile="${catalina.home}/conf/cert.pem"
>>> type="RSA" />
>>> </SSLHostConfig>
>>> </Endpoint>
>>> <UpgradeProtocol
>>> className="org.apache.coyote.http2.Http2Protocol" />
>>> <Protocol
>>> </Connector>
>>>
>>
>> Either way, I experimented a bit and it's not doable. Too many intrusive
>> changes and impossibility to be compatible.
>>
>
> Sounds good.
>
I started working on it more to make a real attempt and see how it behaves
in practice. Even though the changes are problematic [the biggest
Catalina/Tomcat API break ever, surpassing the TLS configuration changes
earlier], the Connector is still the biggest problem for duplicated
properties and random hacks, including reflection abuse. That's a goal/todo
for 10 so it is worth doing it to put it on review to know if it exceeds
the pain threshold of most.
Rémy
>
> Filip
>
