Author: markt
Date: Mon Jun 25 19:29:44 2012
New Revision: 1353709
URL: http://svn.apache.org/viewvc?rev=1353709&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53459
Fix SSLVerifyClient option in APR SSL example and further clarify how to modify
server.xml based on the desired connector implementation.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1353708
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1353709&r1=1353708&r2=1353709&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Jun 25 19:29:44 2012
@@ -113,6 +113,10 @@
<bug>53456</bug>: Minor corrections and improvements to the HTTP
connector configuration reference. Patch provided by sebb. (markt)
</fix>
+ <fix>
+ <bug>53459</bug>: Correction and clarifications to the SSL Connector
+ configuration examples in the SSL how-to. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
Modified: tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1353709&r1=1353708&r2=1353709&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Mon Jun 25 19:29:44 2012
@@ -343,11 +343,14 @@ sources like "/dev/urandom" that will al
<code>$CATALINA_BASE</code> represents the base directory for the
Tomcat instance. An example <code><Connector></code> element
for an SSL connector is included in the default <code>server.xml</code>
-file installed with Tomcat. For JSSE, it should look something like this:</p>
+file installed with Tomcat. To configure an SSL connector that uses JSSE, you
+will need to remove the comments and edit it so it looks something like
+this:</p>
<source>
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
-<!--
+<-- Hard-coded to use the NIO protocol implementation -->
<Connector
+ protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
@@ -355,19 +358,20 @@ file installed with Tomcat. For JSSE, i
-->
</source>
<p>
- The example above will throw an error if you have the APR and the Tomcat
Native libraries in your path,
- as Tomcat will try to use the APR connector. The APR connector uses
different attributes for
- SSL keys and certificates. An example of an APR configuration is:
+ The example above will throw an error if you have the APR and the Tomcat
+ Native libraries in your path, as Tomcat will try to use the APR connector.
+ The APR connector uses different attributes for many SSL settings,
+ particularly keys and certificates. An example of an APR configuration is:
<source>
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
-<!--
+<-- Hard-coded to use the APR protocol implementation -->
<Connector
+ protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
- clientAuth="optional" SSLProtocol="TLSv1"/>
--->
+ SSLVerifyClient="optional" SSLProtocol="TLSv1"/>
</source>
</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
