https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #11 from Michael Osipov ---
(In reply to Mark Thomas from comment #10)
> We need to allow in-progress usage of the old SSLContext to continue while
> new requests get the new SSLContext. We don't want new requests to have to
https://bz.apache.org/bugzilla/show_bug.cgi?id=67926
--- Comment #5 from Michael Osipov ---
(In reply to Mark Thomas from comment #4)
> +1 - we are already using that class in the SPNEGO authenticator
I'll try prepare a PR for this.
--
You are receiving this mail because:
You are the assig
https://bz.apache.org/bugzilla/show_bug.cgi?id=67926
--- Comment #4 from Mark Thomas ---
+1 - we are already using that class in the SPNEGO authenticator
--
You are receiving this mail because:
You are the assignee for the bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #10 from Mark Thomas ---
We need to allow in-progress usage of the old SSLContext to continue while new
requests get the new SSLContext. We don't want new requests to have to wait for
a long running request using the old SSLContext
https://bz.apache.org/bugzilla/show_bug.cgi?id=67932
Bug ID: 67932
Summary: module-info re-export other libraries
Product: Tomcat 10
Version: unspecified
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #9 from Michael Osipov ---
(In reply to Christopher Schultz from comment #8)
> Michael, do you know if calling the JMX-based "reload" operation will cause
> the same crash? I haven't dug-into the code, but it's p
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #8 from Christopher Schultz ---
Michael, do you know if calling the JMX-based "reload" operation will cause the
same crash? I haven't dug-into the code, but it's possible this bug has existed
far l
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #7 from Michael Osipov ---
(In reply to Remy Maucherat from comment #6)
> Since deallocating the ssl context should be tied to GC when using NIO, I
> don't understand how it happens. OTOH, actually doing it is quite ris
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #6 from Remy Maucherat ---
Since deallocating the ssl context should be tied to GC when using NIO, I don't
understand how it happens. OTOH, actually doing it is quite risky, so maybe it
could be better to leak it ...
It would
https://bz.apache.org/bugzilla/show_bug.cgi?id=67926
--- Comment #3 from Michael Osipov ---
I think the easiest solution is to use org.ietf.jgss.Oid.Oid(byte[]) and the
invoke #toString()
--
You are receiving this mail because:
You are the assignee for the bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=67926
Han Li changed:
What|Removed |Added
Keywords||Beginner
--
You are receiving this mail
https://bz.apache.org/bugzilla/show_bug.cgi?id=67628
--- Comment #3 from Mark Thomas ---
I think this is a documentation issue.
The intention was to:
- allow OpenSSL notation to be used with JSSE
- track ciphers and behaviour of latest OpenSSL development branch
- have consistent (as possible
https://bz.apache.org/bugzilla/show_bug.cgi?id=67783
Mark Thomas changed:
What|Removed |Added
Resolution|--- |INVALID
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #5 from Michael Osipov ---
I will continue testing on Friday. I have an idea how to provoke this. I
noticed this especially with I tested
https://github.com/apache/tomcat-native/pull/22 locally.
--
You are receiving this mail
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #4 from Michael Osipov ---
(In reply to Mark Thomas from comment #3)
> Can you reproduce this with NioEndpoint+OpenSSL or is this AprEndpoint
> specific?
Unfortunately, yes:
> Stack: [0x004466a0,0x004466b00
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #3 from Mark Thomas ---
Can you reproduce this with NioEndpoint+OpenSSL or is this AprEndpoint
specific?
--
You are receiving this mail because:
You are the assignee for the bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #2 from Michael Osipov ---
Mapping from errno.h on HP-UX:
> # define ECONNRESET232 /* Connection reset by peer */
> # define ECONNREFUSED 239 /* Connection refused */
--
You are receiving this mail becaus
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
--- Comment #1 from Michael Osipov ---
Before you ask: Yes, I know the low checkPeriod is silly, but it still should
not cause a crash, at most a performance degregation during the reload phase.
--
You are receiving this mail because:
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
Michael Osipov changed:
What|Removed |Added
CC||micha...@apache.org
--
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=67927
Bug ID: 67927
Summary: TLSCertificateReloadListener triggers race condition
(?) in OpenSSL code which causes the JVM to die
Product: Tomcat 9
Version: 9.0.x
Hardware
https://bz.apache.org/bugzilla/show_bug.cgi?id=67666
--- Comment #4 from Michael Osipov ---
Just build Tomcat from bec7a51d7fc3fb913c755b258169d1816b77bea5. I can confirm
that is works now.
--
You are receiving this mail because:
You are the assignee for the bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=67926
--- Comment #2 from Michael Osipov ---
(In reply to Mark Thomas from comment #1)
> Whether the user is provided with the OID in string or byte form doesn't
> change the fact that the PEM file isn't going to be usable.
>
> The
https://bz.apache.org/bugzilla/show_bug.cgi?id=67926
Mark Thomas changed:
What|Removed |Added
Severity|minor |enhancement
--- Comment #1 from Mark
https://bz.apache.org/bugzilla/show_bug.cgi?id=67926
Michael Osipov changed:
What|Removed |Added
CC||micha...@apache.org
--
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=67926
Bug ID: 67926
Summary: PEMFile prints unidentifiable string representation of
ASN.1 OIDs
Product: Tomcat 9
Version: 9.0.82
Hardware: All
OS: All
https://bz.apache.org/bugzilla/show_bug.cgi?id=67666
Mark Thomas changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=67666
--- Comment #2 from Mark Thomas ---
The fix for BZ 67667 addressed most of the errors. The remaining issue has been
fixed.
Reloading isn't going to work for PEM files that are passed directly to OpenSSL
although with BZ 67667 those should
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=67626
Michael Osipov changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #16 from Mark Thomas ---
See https://github.com/apache/tomcat/pull/674
That should support any cert the current code supports plus the OpenSSL
defaults.
It is possible there are other combinations that need to be supported
https://bz.apache.org/bugzilla/show_bug.cgi?id=64826
--- Comment #1 from Michael Osipov ---
Last point has been addressed with Bug 66670.
--
You are receiving this mail because:
You are the assignee for the bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=66670
Michael Osipov changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
https://bz.apache.org/bugzilla/show_bug.cgi?id=67849
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=67849
--- Comment #1 from Guillaume Poirier-Morency ---
Our workaround is to add a mime mapping in our web.xml configuration:
js
application/javascript
https://github.com/PavlidisLab/Gemma/commit
https://bz.apache.org/bugzilla/show_bug.cgi?id=67849
Bug ID: 67849
Summary: MIME type mapping for JavaScript is text/javascript
instead of application/javascript
Product: Tomcat 9
Version: 9.0.80
Hardware: PC
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #15 from Michael Osipov ---
(In reply to Mark Thomas from comment #14)
> I have this working with the current test cases and a default OpenSSL
> self-signed key as per the original report.
>
> The code needs to b
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #14 from Mark Thomas ---
I have this working with the current test cases and a default OpenSSL
self-signed key as per the original report.
The code needs to be cleaned up rather so I am currently expecting to commit
the fix early
https://bz.apache.org/bugzilla/show_bug.cgi?id=66875
--- Comment #8 from Han Li ---
(In reply to Mark Thomas from comment #7)
> The original bug report was for two JSON responses in a single HTTP
> response. Is that still an issue?
>
> Is the error message regarding the response a
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #13 from Remy Maucherat ---
(In reply to Mark Thomas from comment #12)
> I think some refactoring will be required
> for the ASN.1 parser to make it more robust.
I managed to do OCSP using it (
https://github.com/apache/
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #12 from Mark Thomas ---
My current assessment is that it is possible to handle this. We are going to
need to do a little more by hand. I think some refactoring will be required for
the ASN.1 parser to make it more robust.
--
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #11 from Mark Thomas ---
Yes. The steps to reproduce this worked perfectly. Thanks.
Currently working through the ASN.1 and relevant RFCs to see what we have and
if I can get Java to work with it.
--
You are receiving this mail
https://bz.apache.org/bugzilla/show_bug.cgi?id=67793
Mircea Butmalai changed:
What|Removed |Added
Component|Authentication |Catalina
--
You are receiving
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #10 from Michael Osipov ---
(In reply to Mark Thomas from comment #9)
> I'm working on this now. I don't think I am as far forward as you. It would
> be useful if I could see that code you have so far.
>
> My curr
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #9 from Mark Thomas ---
I'm working on this now. I don't think I am as far forward as you. It would be
useful if I could see that code you have so far.
My current thinking is that the PKCS8 branch in PEMFile is going to need
https://bz.apache.org/bugzilla/show_bug.cgi?id=67793
Mircea Butmalai changed:
What|Removed |Added
Component|Catalina|Authentication
--
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #8 from Christopher Schultz ---
I have uncommitted work locally which can read the ASN.1 and perform the
decryption, which does not fail (i.e. no exception is thrown).
But when interpreting the decrypted data as an ASN.1 stream
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #7 from Mark Thomas ---
Is that in your pem-utils project?
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail
https://bz.apache.org/bugzilla/show_bug.cgi?id=66875
--- Comment #7 from Mark Thomas ---
The original bug report was for two JSON responses in a single HTTP response.
Is that still an issue?
Is the error message regarding the response already being committed in addition
to the multiple JSON
https://bz.apache.org/bugzilla/show_bug.cgi?id=67793
Mircea Butmalai changed:
What|Removed |Added
CC||mircea.butma...@radcom.ro
--
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=67818
--- Comment #1 from Michael Osipov ---
Tested the patch locally with my smartcard and Edge properly says:
Die Verbindung mit dieser Website ist nicht
sicher.deblndw024v.ad001.siemens.net hat ihr Anmeldezertifikat nicht
akzeptiert, oder es
https://bz.apache.org/bugzilla/show_bug.cgi?id=67818
Michael Osipov changed:
What|Removed |Added
Summary|SSLContext#setVerify() |SSL#setVerify()/SSLContext
https://bz.apache.org/bugzilla/show_bug.cgi?id=67818
Michael Osipov changed:
What|Removed |Added
CC||micha...@apache.org
--
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=67818
Bug ID: 67818
Summary: SSLContext#setVerify() silently sets undocumented
default verify paths
Product: Tomcat Native
Version: 2.0.6
Hardware: All
OS: All
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #6 from Christopher Schultz ---
It looks like handling OID 1.2.840.113549.3.7 is something I was working on a
while back in my project on GitHub. When running this through my own code, I
get some debug output saying something about
https://bz.apache.org/bugzilla/show_bug.cgi?id=67793
Bug ID: 67793
Summary: FORM authenticator does not remember original max
inactive interval in all use-cases
Product: Tomcat 10
Version: 10.1.8
Hardware: All
https://bz.apache.org/bugzilla/show_bug.cgi?id=67783
Bug ID: 67783
Summary: Fault when starting tomcat with a pkcs12 keystore that
contains the TrustedKeyUsage OID
Product: Tomcat 9
Version: 9.0.80
Hardware: PC
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #5 from Mark Thomas ---
We may end up supporting a subset of the OpenSSL functionality (and documenting
that).
For me the target is not to support everything OpenSSL does (although it would
be great if we could) but to support
https://bz.apache.org/bugzilla/show_bug.cgi?id=67757
Remy Maucherat changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=67664
Remy Maucherat changed:
What|Removed |Added
CC||ronald.dehuys...@gmail.com
https://bz.apache.org/bugzilla/show_bug.cgi?id=67757
Bug ID: 67757
Summary: tomcat-jdbc 10.1.14 -
org.apache.tomcat.jdbc.pool.PooledConnection is not an
interface
Product: Tomcat Modules
Version: unspecified
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #4 from Michael Osipov ---
(In reply to Mark Thomas from comment #3)
> It seems that very few (no?) users are creating keys with pass-phrases this
> way as this isn't an issue that has been reported previously and we went
>
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #3 from Mark Thomas ---
It seems that very few (no?) users are creating keys with pass-phrases this way
as this isn't an issue that has been reported previously and we went through a
phase of getting reports of unsupported formats
https://bz.apache.org/bugzilla/show_bug.cgi?id=64570
--- Comment #2 from Konstantin Kolinko ---
https://tomcat.apache.org/tomcat-11.0-doc/jdbc-pool.html
See "rollbackOnReturn" attribute. It is false by default.
--
You are receiving this mail because:
You are the assignee f
https://bz.apache.org/bugzilla/show_bug.cgi?id=67732
--- Comment #2 from Marcelo Marques ---
Thanks, appreciated the information.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e
https://bz.apache.org/bugzilla/show_bug.cgi?id=67732
Christopher Schultz changed:
What|Removed |Added
Status|NEW |RESOLVED
OS
https://bz.apache.org/bugzilla/show_bug.cgi?id=67732
Bug ID: 67732
Summary: APR Deprecation Note in 10.1 doc is missing
Product: Tomcat Native
Version: 2.0.6
Hardware: PC
Status: NEW
Severity: normal
Priority
https://bz.apache.org/bugzilla/show_bug.cgi?id=67722
--- Comment #3 from Marcelo Marques ---
Thanks for the information.
I noticed that the note about APR deprecations was added to the 10.0.x doc
https://tomcat.apache.org/tomcat-10.0-doc/config/http.html
But it is missing from the 10.1.x doc
https://bz.apache.org/bugzilla/show_bug.cgi?id=67731
Michael Osipov changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=67731
Michael Osipov changed:
What|Removed |Added
CC||micha...@apache.org
--
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=67731
Bug ID: 67731
Summary: Remove win-ipv6.patch
Product: Tomcat Native
Version: 2.0.6
Hardware: All
OS: All
Status: NEW
Severity: enhancement
https://bz.apache.org/bugzilla/show_bug.cgi?id=67722
--- Comment #2 from Michael Osipov ---
(In reply to Remy Maucherat from comment #1)
> In the logs, the first error is:
> 12-Oct-2023 14:42:21.043 SEVERE [main]
> org.apache.catalina.connector.Connector. Protocol handler
> instanti
https://bz.apache.org/bugzilla/show_bug.cgi?id=67722
Remy Maucherat changed:
What|Removed |Added
Resolution|--- |INVALID
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=67722
Ruediger Pluem changed:
What|Removed |Added
Version|10.0.0 |10.1.14
--
You are receiving
https://bz.apache.org/bugzilla/show_bug.cgi?id=67722
Ruediger Pluem changed:
What|Removed |Added
Target Milestone|--- |--
OS
https://bz.apache.org/bugzilla/show_bug.cgi?id=67538
--- Comment #7 from Michael Osipov ---
Also fixed in:
* tomcat-native main for 2.0.7 and onwards
--
You are receiving this mail because:
You are the assignee for the bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=67538
Michael Osipov changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=67538
--- Comment #5 from Michael Osipov ---
(In reply to Christopher Schultz from comment #3)
> (In reply to Michael Osipov from comment #2)
> > > Compilation is expected to be done with Java 11, but tests can be run with
> > &g
https://bz.apache.org/bugzilla/show_bug.cgi?id=67667
Michael Osipov changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=67697
Remy Maucherat changed:
What|Removed |Added
Status|NEW |RESOLVED
OS
https://bz.apache.org/bugzilla/show_bug.cgi?id=67664
Remy Maucherat changed:
What|Removed |Added
CC||rad...@gmail.com
--- Comment #4 from
https://bz.apache.org/bugzilla/show_bug.cgi?id=67697
Bug ID: 67697
Summary: Unable to use tomcat-jdbc 10.1.14
Product: Tomcat Modules
Version: unspecified
Hardware: Macintosh
Status: NEW
Severity: regression
https://bz.apache.org/bugzilla/show_bug.cgi?id=67685
Remy Maucherat changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
https://bz.apache.org/bugzilla/show_bug.cgi?id=67670
Remy Maucherat changed:
What|Removed |Added
CC||pier...@pieroxy.net
--- Comment #9
https://bz.apache.org/bugzilla/show_bug.cgi?id=67685
Bug ID: 67685
Summary: Connector Compression adds unwanted "Content-Length"
header with size of uncompressed response
Product: Tomcat 10
Version: 10.1.14
Ha
https://bz.apache.org/bugzilla/show_bug.cgi?id=67616
Michael Osipov changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=67616
Michael Osipov changed:
What|Removed |Added
Summary|org/apache/tomcat/jni/SSL.j |o.a.tomcat.jni.SSL contains
1201 - 1300 of 47427 matches
Mail list logo
