Cookie interoperability
I know this one has been beaten to death a little ( https://issues.apache.org/bugzilla/show_bug.cgi?id=44679), but I (and looks like some others) are stuck on older versions of Tomcat (6.0.14) in order to read non-standard cookies set by 3rd parties. In my case, the cookie value in not enclosed in double quotes has a couple of spaces in it, so tomcat 6.0.16 and above read the cookie value to the first space. There are a couple other comments in bugs about problems with cookie names with colons and the common base64 encoded string with the trailing =. There was some talk about adding configuration options to Tomcat to handle specific cases. I was thinking about allowing lenient cookie parsing at the context level or globally by defining the separator characters as ',' and ';' when parsing cookie values (this appears to be the Tomcat 6.0.14 behavior). As mentioned in the 44679 bug the there were security concerns with pre-6.0.16 cookie parsing - will the security concerns / browser issues return with this approach? If so, does it makes sense to perform lenient cookie parsing for specific cookie names to limit the security risk? This would not really help people with cookie name problems and would likely impact cookie parsing performance. I don't see a particularly elegant solution emerging. Thoughts?
DO NOT REPLY [Bug 45255] support disable jsessionid from url against session fixation attacks
https://issues.apache.org/bugzilla/show_bug.cgi?id=45255 --- Comment #7 from Dillon Sellars 2009-02-19 18:45:27 PST --- Created an attachment (id=23284) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23284) Patch to allow URL rewriting to be disabled Attaching a proposed patch for review. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: tomcat-native: multicast on win32
Lorenz Breu wrote: David Knox wrote: I saw something like this once. It turned out to be a firewall on XP. Just a thought. thx for the pointer, after weeks of programming and debugging and profiling and testing i completely forgot about the "simple" problems :) unfortunately, even with all (known) forms of firewall deactivated on this box, the multicast join still does not work. if you think its a bug in tomcat-native, try doing multicasting using the java.net library to confirm that you have your environment setup for a working multicast. if it works in java but not in tomcat-native, at least you will have had it narrowed down. best Filip - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46717] Wrong Session Expiration because of non thread-safe code
https://issues.apache.org/bugzilla/show_bug.cgi?id=46717 --- Comment #1 from Mark Thomas 2009-02-19 14:57:56 PST --- I have proposed the same fix for 5.5.x -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r746047 - /tomcat/current/tc5.5.x/STATUS.txt
Author: markt Date: Thu Feb 19 22:57:51 2009 New Revision: 746047 URL: http://svn.apache.org/viewvc?rev=746047&view=rev Log: Propose fix Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=746047&r1=746046&r2=746047&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Thu Feb 19 22:57:51 2009 @@ -223,3 +223,9 @@ http://svn.apache.org/viewvc?rev=742714&view=rev +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46717 + Hard to reproduce thread safety issue with session expiration + http://svn.apache.org/viewvc?rev=708273&view=rev + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46734] Broken "Workers HowTo" link on "Apache HowTo" page
https://issues.apache.org/bugzilla/show_bug.cgi?id=46734 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #1 from Mark Thomas 2009-02-19 14:51:04 PST --- Thanks for the report. This has been fixed in svn (r746040 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=746040 ) and I have also manually updated the links on the web site. Note that it will take ~1 hour for the changes to sync to the live web server. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r746040 - in /tomcat/connectors/trunk/jk/xdocs/webserver_howto: apache.xml iis.xml
Author: markt Date: Thu Feb 19 22:47:21 2009 New Revision: 746040 URL: http://svn.apache.org/viewvc?rev=746040&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46734 Correct broken link Modified: tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml tomcat/connectors/trunk/jk/xdocs/webserver_howto/iis.xml Modified: tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml?rev=746040&r1=746039&r2=746040&view=diff == --- tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml (original) +++ tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml Thu Feb 19 22:47:21 2009 @@ -36,7 +36,8 @@ -It is recommended that you also read the Workers HowTo document +It is recommended that you also read the +Workers HowTo document to learn how to setup the working entities between your web server and Tomcat Engines. For more detailed configuration information consult the Reference Guide for workers.properties, Modified: tomcat/connectors/trunk/jk/xdocs/webserver_howto/iis.xml URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/webserver_howto/iis.xml?rev=746040&r1=746039&r2=746040&view=diff == --- tomcat/connectors/trunk/jk/xdocs/webserver_howto/iis.xml (original) +++ tomcat/connectors/trunk/jk/xdocs/webserver_howto/iis.xml Thu Feb 19 22:47:21 2009 @@ -41,7 +41,8 @@ -It is recommended that you also read the Workers HowTo document +It is recommended that you also read the +Workers HowTo document to learn how to setup the working entities between your web server and Tomcat Engines. For more detailed configuration information consult the Reference Guide for workers.properties, - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46694] Servlet Facets when running multiple application on one tomcat instance
https://issues.apache.org/bugzilla/show_bug.cgi?id=46694 Mark Thomas changed: What|Removed |Added Status|NEEDINFO|RESOLVED Resolution||INVALID --- Comment #2 from Mark Thomas 2009-02-19 14:40:34 PST --- No further information provided and this looks very much like a configuration issue. One possible cause was suggested on the dev list earlier this week and there are several others that spring to mind. The users list is the place to track this down. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46738] SingleSignOn session invalidation by multiple webapp's
https://issues.apache.org/bugzilla/show_bug.cgi?id=46738 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Mark Thomas 2009-02-19 14:38:08 PST --- There isn't enough information in this report to reproduce the issue. It looks, on first impression, like a configuration issue. Please use the users list in the first instance. If the discussion on the users list concludes that there is a bug, please re-open this issue and provide all necessary information to re-create the issue. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: May Chun Chew/FEA/PEC is out of the office.
May Chun Chew wrote: > I will be out of the office starting 02/20/2009 and will not return until > 02/23/2009. > > I am Contactable at (65)97876648. For any urgent matters, pls contact my > colleague, YY Wong at email: yoke.yuen.w...@appliedbiosystems.com. at > 63629428. Again! p > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
May Chun Chew/FEA/PEC is out of the office.
I will be out of the office starting 02/20/2009 and will not return until 02/23/2009. I am Contactable at (65)97876648. For any urgent matters, pls contact my colleague, YY Wong at email: yoke.yuen.w...@appliedbiosystems.com. at 63629428. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46738] New: SingleSignOn session invalidation by multiple webapp's
https://issues.apache.org/bugzilla/show_bug.cgi?id=46738 Summary: SingleSignOn session invalidation by multiple webapp's Product: Tomcat 6 Version: 6.0.18 Platform: PC OS/Version: All Status: NEW Severity: critical Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: vladi...@vilinski.de Hi, I'm using SingleSignOn Valve and have multiple webapp's. When I call session.invalidate() in one of webapp's, it only invalidates session in this one webapp. Citation from documentation: "As soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in all web applications will be invalidated. Any subsequent attempt to access a protected resource in any application will require the user to authenticate himself or herself again." Tomcat 6.0.18. Java HotSpot(TM) Client VM (build 10.0-b23, mixed mode, sharing) Best Regards, Vilinski -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Tomcat committers speaking at ApacheCon EU
Folks, For those of you that haven't looked at http://www.eu.apachecon.com/c/aceu2009 yet, the following Tomcat committers will be speaking at ApacheCon. Mark Thomas (ma...@a.o): - Everything Tomcat - 2 day training course - Securing Tomcat for your Environment - Becoming a Tomcat super user Filip Hanik (fha...@a.o): - What's new in Servlet 3.0 - Performance Tuning Apache Tomcat for Production - What the Bayeux? Understanding, Using and Developing with the Bayeux Protocol Jean-Frederic Clere (jfcl...@a.o): - mod_proxy versus mod_jk. Clustering with HTTP Server as front-end - Improving mod_proxy : Example of an "home made" balancer: Mod_cluster Jeanfrancois Arcand (jfarc...@a.o): - Introduction to NIO.2 (Asynchronous I/O) and how you can benefit from being asynchronous! ApacheCon is a great opportunity to put some names to faces as well as to discuss Tomcat issues and feature ideas with both committers and other users. In addition to those of us that are speaking, a number of the other committers will be around. We hope to see you there. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Going for jk 1.2.28
Mladen Turk wrote: > Comments, objections? Go for it. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Going for jk 1.2.28
+1 2009/2/19 Mladen Turk : > Hi, > > We have a bug in 1.2.27 that cause core in some configuration > scenarios (#46352). The fix is in the SVN for more then a month. > Beyond that there are two additional bug fixes > one preventing Netware build, and other fixing IIS > advanced configuration (#46579) > > There are also few valuable updates like dynamic > contact address change for workers. > > Given all that I plan to go for a new release. > I'll use our standard release system with > pre-release build and then call for a vote > giving 72 hours between each step. > > Comments, objections? > > Regards > -- > ^(TM) > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Going for jk 1.2.28
Hi, We have a bug in 1.2.27 that cause core in some configuration scenarios (#46352). The fix is in the SVN for more then a month. Beyond that there are two additional bug fixes one preventing Netware build, and other fixing IIS advanced configuration (#46579) There are also few valuable updates like dynamic contact address change for workers. Given all that I plan to go for a new release. I'll use our standard release system with pre-release build and then call for a vote giving 72 hours between each step. Comments, objections? Regards -- ^(TM) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r745898 - in /tomcat/connectors/trunk/jk: native/iis/jk_isapi_plugin.c xdocs/miscellaneous/changelog.xml
Author: mturk Date: Thu Feb 19 15:28:47 2009 New Revision: 745898 URL: http://svn.apache.org/viewvc?rev=745898&view=rev Log: Update uriworkermap on watchog interval Modified: tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Modified: tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c?rev=745898&r1=745897&r2=745898&view=diff == --- tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c (original) +++ tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c Thu Feb 19 15:28:47 2009 @@ -2377,6 +2377,11 @@ jk_log(logger, JK_LOG_DEBUG, "Watchdog thread running"); } +if (worker_mount_file[0]) { +jk_shm_lock(); +uri_worker_map_update(uw_map, 0, logger); +jk_shm_unlock(); +} wc_maintain(logger); } if (JK_IS_DEBUG_LEVEL(logger)) { @@ -2499,10 +2504,11 @@ uw_map->reject_unsafe = 1; else uw_map->reject_unsafe = 0; -uw_map->fname = worker_mount_file; uw_map->reload = worker_mount_reload; -if (worker_mount_file[0]) +if (worker_mount_file[0]) { +uw_map->fname = worker_mount_file; rc = uri_worker_map_load(uw_map, logger); +} } if (rc) { rc = JK_FALSE; Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?rev=745898&r1=745897&r2=745898&view=diff == --- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original) +++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Thu Feb 19 15:28:47 2009 @@ -44,6 +44,11 @@ + IIS: Update uriworkermap.properies file on + a regular interval. This requires both worker_mount_reload + and watchog_interval to be defined. (mturk) + + AJP: Allow changing worker address via jkstatus manager. The address is resolved on next request for that worker. (mturk) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r745894 - /tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c
Author: mturk Date: Thu Feb 19 15:12:44 2009 New Revision: 745894 URL: http://svn.apache.org/viewvc?rev=745894&view=rev Log: Do not calc difftime if force is given Modified: tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c Modified: tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c?rev=745894&r1=745893&r2=745894&view=diff == --- tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c (original) +++ tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c Thu Feb 19 15:12:44 2009 @@ -1152,8 +1152,8 @@ int rc = JK_TRUE; time_t now = time(NULL); -if ((uw_map->reload > 0 && difftime(now, uw_map->checked) > uw_map->reload) || -force) { +if (force || (uw_map->reload > 0 && difftime(now, uw_map->checked) > + uw_map->reload)) { struct stat statbuf; uw_map->checked = now; if ((rc = jk_stat(uw_map->fname, &statbuf)) == -1) { - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46734] New: Broken "Workers HowTo" link on "Apache HowTo" page
https://issues.apache.org/bugzilla/show_bug.cgi?id=46734 Summary: Broken "Workers HowTo" link on "Apache HowTo" page Product: Tomcat 6 Version: unspecified Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: dev@tomcat.apache.org ReportedBy: ssla...@yahoo.com On "Apache HowTo" page ( http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html ) there is a "Workers HowTo" link ( http://tomcat.apache.org/connectors-doc/webserver_howto/workers.html ) which appears to be broken. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r745842 - in /tomcat/connectors/trunk/jk: native/apache-2.0/ native/common/ xdocs/miscellaneous/
Author: mturk Date: Thu Feb 19 12:55:05 2009 New Revision: 745842 URL: http://svn.apache.org/viewvc?rev=745842&view=rev Log: Allow dynamic worker address change Modified: tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c tomcat/connectors/trunk/jk/native/common/jk_ajp_common.h tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c tomcat/connectors/trunk/jk/native/common/jk_service.h tomcat/connectors/trunk/jk/native/common/jk_shm.h tomcat/connectors/trunk/jk/native/common/jk_status.c tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Modified: tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c?rev=745842&r1=745841&r2=745842&view=diff == --- tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c (original) +++ tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c Thu Feb 19 12:55:05 2009 @@ -3211,7 +3211,11 @@ } #if JK_NEED_SET_MUTEX_PERMS +#if (MODULE_MAGIC_NUMBER_MAJOR >= 20090208) +rv = ap_unixd_set_global_mutex_perms(jk_log_lock); +#else rv = unixd_set_global_mutex_perms(jk_log_lock); +#endif if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s, "mod_jk: Could not set permissions on " Modified: tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?rev=745842&r1=745841&r2=745842&view=diff == --- tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c (original) +++ tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c Thu Feb 19 12:55:05 2009 @@ -2167,6 +2167,18 @@ jk_shm_lock(); if (aw->sequence != aw->s->h.sequence) jk_ajp_pull(aw, l); +if (aw->addr_sequence != aw->s->addr_sequence) { +aw->addr_sequence = aw->s->addr_sequence; +aw->host = aw->s->hostname; +aw->port = aw->s->port; +if (!jk_resolve(aw->host, aw->port, &aw->worker_inet_addr, +aw->worker.we->pool, l)) { +if (is_error) +*is_error = JK_HTTP_SERVER_ERROR; +JK_TRACE_EXIT(l); +return JK_FALSE; + } +} jk_shm_unlock(); aw->s->used++; @@ -2464,24 +2476,39 @@ ajp_worker_t *p = pThis->worker_private; p->port = jk_get_worker_port(props, p->name, port); p->host = jk_get_worker_host(props, p->name, host); +if (!p->host) { +p->host = "undefined"; +} if (JK_IS_DEBUG_LEVEL(l)) jk_log(l, JK_LOG_DEBUG, "worker %s contact is '%s:%d'", p->name, p->host, p->port); - -/* XXX: Why do we only resolve, if port > 1024 ? */ +/* Copy the contact to shm */ +strncpy(p->s->hostname, p->host, JK_SHM_STR_SIZ); +p->s->port = p->port; +/* Resolve if port > 1024. + * + */ if (p->port > 1024) { if (jk_resolve(p->host, p->port, &p->worker_inet_addr, we->pool, l)) { +p->s->addr_sequence = p->addr_sequence = 1; JK_TRACE_EXIT(l); return JK_TRUE; } jk_log(l, JK_LOG_ERROR, - "can't resolve tomcat address %s", p->host); + "worker %s can't resolve tomcat address %s", + p->name, p->host); +} +else { +p->s->port = p->port = 0; +if (JK_IS_DEBUG_LEVEL(l)) +jk_log(l, JK_LOG_DEBUG, + "worker %s contact is disabled", + p->name, p->host, p->port); +JK_TRACE_EXIT(l); +return JK_TRUE; } -jk_log(l, JK_LOG_ERROR, - "invalid host and port %s %d", - ((p->host == NULL) ? "NULL" : p->host), p->port); } else { JK_LOG_NULL_PARAMS(l); @@ -2548,6 +2575,7 @@ if (pThis && pThis->worker_private) { ajp_worker_t *p = pThis->worker_private; +p->worker.we = we; p->ep_cache_sz = jk_get_worker_cache_size(props, p->name, cache); p->ep_mincache_sz = jk_get_worker_cache_size_min(props, p->name, (p->ep_cache_sz+1) / 2); Modified: tomcat/connectors/trunk/jk/native/common/jk_ajp_common.h URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.h?rev=745842&r1=745841&r2=745842&view=diff == --- tomcat/connectors/trunk/jk/native/common/jk_ajp_common.h (original) +++ tomcat/connectors/trunk/jk/native/common/jk_ajp_common.h Thu Feb 19 12:55:05 2009 @@ -27
Re: OCSP implementation
sura wrote: I have developed a web application uisng jsf with two way SSL and runs in apache. Now I want to validate revocation status of client certificate using OCSP. How can I achieve this online validation process. I have design the system as follows and I want to know is this a good approach or are there better ways to achieve this? When client presents his serial, web application(Client) will send it to Apache server where it will create a socket connection with OCSP responder. Then Servlet inside Apache will create OCSPREq and send it to the OCSP responder. Responder will process it and send result to the Servlet and based on the result apache will send boolean value to the client. regards, Suranjith. Although I'm not 100% sure that I have understood what exactly you are doing .. you could have a look at this patch : https://issues.apache.org/bugzilla/show_bug.cgi?id=45392 With this patch if the certificates have an OCSP field tomcat connects to the OCSP server and validates the certificate, so if there is an error tomcat just returns an error to the client .. and no further processing is carried. Best regards, Aristotelis - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: tomcat-native: multicast on win32
David Knox wrote: > I saw something like this once. It turned out to be a firewall on XP. > Just a thought. thx for the pointer, after weeks of programming and debugging and profiling and testing i completely forgot about the "simple" problems :) unfortunately, even with all (known) forms of firewall deactivated on this box, the multicast join still does not work. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org