[GUMP@vmgump]: Project tomcat-trunk-test-apr (in module tomcat-trunk) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-test-apr has an issue affecting its community integration. This issue affects 1 projects. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-trunk-test-apr : Tomcat 9.x, a web server implementing the Java Servlet 4.0, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-apr/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/logs-APR -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-apr/gump_work/build_tomcat-trunk_tomcat-trunk-test-apr.html Work Name: build_tomcat-trunk_tomcat-trunk-test-apr (Type: Build) Work ended in a state of : Failed Elapsed: 25 mins 20 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.12-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-APR -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20141110-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native/dest-20141110/lib -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20141110.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20141110-native-src.tar.gz -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false -Dtest .openssl.path=/srv/gump/public/workspace/openssl/dest-20141110/bin/openssl -Dexecute.test.apr=true -Dexecute.test.nio2=false -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.3-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/public/workspace/hamcrest/build/hamcrest-all-20141110.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-trunk] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-jni.jar:/srv/gump/public/workspace/tomcat-trunk/output/bu ild/lib/tom
[GUMP@vmgump]: Project tomcat-tc8.0.x-test-apr (in module tomcat-8.0.x) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc8.0.x-test-apr has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 4 runs. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-tc8.0.x-test-apr : Tomcat 8.x, a web server implementing the Java Servlet 3.1, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/logs-APR -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-APR/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr.html Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr (Type: Build) Work ended in a state of : Failed Elapsed: 27 mins 9 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.12-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-APR -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20141110-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native/dest-20141110/lib -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20141110.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20141110-native-src.tar.gz -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false -Dtest .openssl.path=/srv/gump/public/workspace/openssl/dest-20141110/bin/openssl -Dexecute.test.apr=true -Dexecute.test.bio=false -Dexecute.test.nio2=false -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.3-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/public/workspace/hamcrest/build/hamcrest-all-20141110.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-8.0.x] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja r:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tom
Re: svn commit: r1637684 - /tomcat/trunk/webapps/docs/ssl-howto.xml
Konstantin, On 11/9/14 10:12 AM, kkoli...@apache.org wrote: > Author: kkolinko > Date: Sun Nov 9 15:12:29 2014 > New Revision: 1637684 > > URL: http://svn.apache.org/r1637684 > Log: > Minor corrections: > - Remove '\' at end-of-line when wrapping long lists of command arguments. > Such character makes no sense on Windows ('^' is used there). > I think that readers should be wise enough to unwrap the lines, and > unwrapping is easier when you do not have to delete stray '\' characters. It would probably be better to write the command on a single long line and have the browser auto-wrap the code. That way, copy/paste will work properly onto the command-line. I believe Konstantin Preißer recently changed some of the CSS classes to allow word-wrapping in elements... not sure about . -chris signature.asc Description: OpenPGP digital signature
Re: [VOTE] Release Apache Tomcat 7.0.57
Konstantin, On 11/8/14 8:34 PM, Konstantin Kolinko wrote: > 2014-11-08 20:07 GMT+03:00 Konstantin Kolinko : >> 2014-11-03 12:52 GMT+03:00 Violeta Georgieva : >>> The proposed Apache Tomcat 7.0.57 release is now available for voting. >>> >> >> Testing on Win7 with 32-bit JDKs >> 1. All tests are passing with JDK 6u45 + 7u72 combo (compiling with >> 6u45, all tests are run with 7u72) with all BIO, NIO, APR. >> >> 2. If I run the tests with JDK 6u45 only, the following tests are >> consistently failing with BIO and succeeding with NIO and APR: >> >> org.apache.tomcat.util.net.TestClientCert >> org.apache.tomcat.util.net.TestCustomSsl >> org.apache.tomcat.util.net.TestSsl >> >> The failure in all cases is >> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure >> >> >> Quick recipe for reproduction is to use the following settings in >> build.properties: >> 1) Remove/comment the value for java.7.home if you have set one >> 2) Set >> test.name=org/apache/tomcat/util/net/**/Test*.java >> >> >> It is odd that NIO tests do pass. >> For APR most of those tests are skipped, so no much wonder. > > The tests pass if I add the following line to TestCustomSsl.java and > TesterSupport.java.: > > [[[ >connector.setProperty("sslEnabledProtocols", "TLSv1,TLSv1.1,SSLv2Hello"); > ]]] > > Patch that I used: > > https://people.apache.org/~kkolinko/patches/2014-11-09_tc7_Java6_SSLHello.patch > > If I remove "SSLv2Hello" from the above value the tests with BIO fail. > Why the tests pass with NIO connector is a mystery for me. I agree that BIO failing while NIO works is odd, but I wonder if the problem here is with the unit tests: the client is probably using the default SSL procotols which includes both SSLv3 and SSLv2Hello, probably using SSLv2Hello even if the protocol is higher (e.g. SSLv3, etc.). Without SSLv2Hello enabled on the server at all, the client cannot handshake because I think JSSE always uses SSLv2Hello if it's enabled on the client. Quick fix would be to change the unit tests, but the unit tests do expose a problem likely to be found in the wild: clients who use SSLv2Hello even if they only will use TLS for actual communication. http://stackoverflow.com/questions/26488667/tomcat-7-getting-sslv2hello-is-disabled-error-when-trying-to-make-client-server > I feared that NIO would have SSLv3 enabled by default, but I verified > that SSLv3 is disabled > > a) OpenSSL cannot connect with SSLv3 protocol. I used the followin command: > > openssl s_client -connect localhost:8443 -ssl3 -msg > > WhenIf I explicitly enable "SSLv3" with sslEnabledProtocols attribute, > then OpenSSL can connect with SSLv3. > > Connector configuration: > port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" > address="127.0.0.1" > sslProtocol="tls" > keystoreFile="${catalina.base}/conf/localhost.jks" > truststoreFile="${catalina.base}/conf/ca.jks" > secure="true" > SSLEnabled="true" > /> > > The localhost.jks and ca.jks files were copied to conf directory from > /test/org/apache/tomcat/util/net\/ > > b) If I add the following line to logging.properties, > [[[ > org.apache.tomcat.util.net.jsse.JSSESocketFactory.level = FINE > ]]] > then I see log messages that SSLv2Hello and SSLv3 were disabled when > running the tests. > > FINE: The SSL protocol [SSLv2Hello] which is enabled by default in > this JRE was excluded from the defaults used by Tomcat > FINE: The SSL protocol [SSLv3] which is enabled by default in this JRE > was excluded from the defaults used by Tomcat > (...) > FINE: Specified SSL protocols that are supported and enableable are : > [TLSv1, SSLv2Hello] > FINE: Some specified SSL protocols are not supported by the SSL engine > : [TLSv1.1] > > > Smoke testing is OK. > > I think we are OK to release this. > > The test has to be patched to enable SSLv2Hello. (As an alternative > solution, maybe there a way to disable SSLv2Hello at the client side > of the connection ?) If using HttpsURLConnection, then the system property "-Dhttp.protocols=TLSv1,TLSv1.1,TLSv1.2" will make the client work. I think if clients in the wild start failing without SSLv2Hello enabled on the server, the admin can either explicitly enable SSLv2Hello on the server, or instruct their clients to stop using it. For Java clients using HttpsURLConnection (which will be the less-sophisticated clients), using the above system property can fix things up. Anyone using anything more complex is likely to have the ability to tweak the protocols used by the client and so neither case should represent a huge barrier for users. -chris signature.asc Description: OpenPGP digital signature
[Bug 56953] A improvement for "DataInputStream"
https://issues.apache.org/bugzilla/show_bug.cgi?id=56953 --- Comment #20 from hzha...@ebay.com --- (In reply to Konstantin Kolinko from comment #19) > Note that there was a regression caused by this change - bug 57173. I checked the case, and the problem does exist because I didn't implement several method on it. I'll try to fix it later. The suggestion to roll back the change can be adopted temporarily. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GUMP@vmgump]: Project tomcat-trunk-test-nio (in module tomcat-trunk) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-test-nio has an issue affecting its community integration. This issue affects 1 projects. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-trunk-test-nio : Tomcat 9.x, a web server implementing the Java Servlet 4.0, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-nio/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/logs-NIO -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/test-tmp-NIO/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-nio/gump_work/build_tomcat-trunk_tomcat-trunk-test-nio.html Work Name: build_tomcat-trunk_tomcat-trunk-test-nio (Type: Build) Work ended in a state of : Failed Elapsed: 29 mins 19 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.12-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-NIO -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20141109-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20141109.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20141109-native-src.tar.gz -Dtest.temp=output/test-tmp-NIO -Dtest.accesslog=true -Dexecute.test.nio=true -Dtest.openssl.path=/srv/gump/public/workspace/openssl/dest-20141109/bin/openssl -Dexecute.test.apr=false -Dexecute.test.nio2=false -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.3-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/public/workspace/hamcrest/build/hamcrest-all-20141109.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-trunk] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-jni.jar:/srv/gump/public/workspace/tomcat-trunk/output/bu ild/lib/tomcat-spdy.jar:/srv/gump/public/workspace/tomcat-tr
svn commit: r1637733 - in /tomcat/tc6.0.x/trunk: ./ webapps/docs/ssl-howto.xml
Author: kkolinko Date: Sun Nov 9 20:46:05 2014 New Revision: 1637733 URL: http://svn.apache.org/r1637733 Log: CTR: docs Minor improvements to SSL how-to. - Hilite keystore type (JKS vs PKCS12) to lessen confusion - Recommend to explicitly specify a protocol implementation when using SSL, instead of "HTTP/1.1" - Update examples to use explicit protocol implementation instead of "HTTP/1.1" - Remove example of setting SSLEngine="off" with APR. It makes no sense on this page as here we are enabling SSL, not disabling it. The "off" value is documented elsewhere. - The "8443" is not the default value for a port, as far as I know. One has to explicitly configure it. Backport of r1637711 from tomcat/tc7.0.x/trunk. Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml Propchange: tomcat/tc6.0.x/trunk/ -- Merged /tomcat/trunk:r1637695 Merged /tomcat/tc7.0.x/trunk:r1637711 Merged /tomcat/tc8.0.x/trunk:r1637709 Modified: tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1637733&r1=1637732&r2=1637733&view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml Sun Nov 9 20:46:05 2014 @@ -201,13 +201,14 @@ to the case sensitivity of aliases, it i differ only in case. -To import an existing certificate into a JKS keystore, please read the +To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool. -Note that OpenSSL often adds readable comments before the key, -keytooldoes not support that, so remove the OpenSSL comments if -they exist before importing the key using keytool. +Note that OpenSSL often adds readable comments before the key, but +keytool does not support that. So if your certificate has +comments before the key data, remove them before importing the certificate with +keytool. -To import an existing certificate signed by your own CA into a PKCS12 +To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile myCA.crt @@ -215,8 +216,8 @@ keystore using OpenSSL you would execute For more advanced cases, consult the http://www.openssl.org/";>OpenSSL documentation. -To create a new keystore from scratch, containing a single self-signed -Certificate, execute the following from a terminal command line: +To create a new JKS keystore from scratch, containing a single +self-signed Certificate, execute the following from a terminal command line: Windows: "%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: @@ -277,33 +278,33 @@ Tomcat can use two different implementat the APR implementation, which uses the OpenSSL engine by default. The exact configuration details depend on which implementation is being used. -The implementation used by Tomcat is chosen automatically unless it is overriden as described below. -If the installation uses APR +If you configured Connector by specifying generic +protocol="HTTP/1.1" then the implementation used by Tomcat is +chosen automatically. If the installation uses APR - i.e. you have installed the Tomcat native library - -then it will use the APR SSL implementation, otherwise it will use the Java JSSE implementation. +then it will use the APR SSL implementation, otherwise it will use the Java +JSSE implementation. - To avoid auto configuration you can define which implementation to use by specifying a classname - in the protocol attribute of the Connector. - To define a Java (JSSE) connector, regardless of whether the APR library is loaded or not do: - - -- - - - -Alternatively, to specify an APR connector (the APR library must be available) use: - - - - - - +As configuration attributes for SSL support significally differ between +APR vs. JSSE implementations, it is recommended to +avoid auto-selection of implementation. It is done by specifying a classname +in the protocol attribute of the Connector. + +To define a Java (JSSE) connector, regardless of whether the APR library is +loaded or not, use one of the following: +
svn commit: r1637711 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/ssl-howto.xml
Author: kkolinko Date: Sun Nov 9 18:35:48 2014 New Revision: 1637711 URL: http://svn.apache.org/r1637711 Log: Minor improvements to SSL how-to. - Hilite keystore type (JKS vs PKCS12) to lessen confusion - Recommend to explicitly specify a protocol implementation when using SSL, instead of "HTTP/1.1" - Update examples to use explicit protocol implementation instead of "HTTP/1.1" - Remove example of setting SSLEngine="off" with APR. It makes no sense on this page as here we are enabling SSL, not disabling it. The "off" value is documented elsewhere. - The "8443" is not the default value for a port, as far as I know. One has to explicitly configure it. Merged r1637709 from tomcat/tc8.0.x/trunk. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Propchange: tomcat/tc7.0.x/trunk/ -- Merged /tomcat/trunk:r1637695 Merged /tomcat/tc8.0.x/trunk:r1637709 Modified: tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1637711&r1=1637710&r2=1637711&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Sun Nov 9 18:35:48 2014 @@ -201,13 +201,14 @@ to the case sensitivity of aliases, it i differ only in case. -To import an existing certificate into a JKS keystore, please read the +To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool. -Note that OpenSSL often adds readable comments before the key, -keytooldoes not support that, so remove the OpenSSL comments if -they exist before importing the key using keytool. +Note that OpenSSL often adds readable comments before the key, but +keytool does not support that. So if your certificate has +comments before the key data, remove them before importing the certificate with +keytool. -To import an existing certificate signed by your own CA into a PKCS12 +To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile myCA.crt @@ -215,8 +216,8 @@ keystore using OpenSSL you would execute For more advanced cases, consult the http://www.openssl.org/";>OpenSSL documentation. -To create a new keystore from scratch, containing a single self-signed -Certificate, execute the following from a terminal command line: +To create a new JKS keystore from scratch, containing a single +self-signed Certificate, execute the following from a terminal command line: Windows: "%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: @@ -272,33 +273,33 @@ Tomcat can use two different implementat the APR implementation, which uses the OpenSSL engine by default. The exact configuration details depend on which implementation is being used. -The implementation used by Tomcat is chosen automatically unless it is overriden as described below. -If the installation uses APR +If you configured Connector by specifying generic +protocol="HTTP/1.1" then the implementation used by Tomcat is +chosen automatically. If the installation uses APR - i.e. you have installed the Tomcat native library - -then it will use the APR SSL implementation, otherwise it will use the Java JSSE implementation. +then it will use the APR SSL implementation, otherwise it will use the Java +JSSE implementation. - To avoid auto configuration you can define which implementation to use by specifying a classname - in the protocol attribute of the Connector. - To define a Java (JSSE) connector, regardless of whether the APR library is loaded or not do: - - -- - - - -Alternatively, to specify an APR connector (the APR library must be available) use: - - - - - - +As configuration attributes for SSL support significally differ between +APR vs. JSSE implementations, it is recommended to +avoid auto-selection of implementation. It is done by specifying a classname +in the protocol attribute of the Connector. + +To define a Java (JSSE) connector, regardless of whether the APR library is +loaded or not, use one of the following: + +Alternatively, to specify an APR connector (the APR librar
svn commit: r1637709 - in /tomcat/tc8.0.x/trunk: ./ webapps/docs/ssl-howto.xml
Author: kkolinko Date: Sun Nov 9 18:10:48 2014 New Revision: 1637709 URL: http://svn.apache.org/r1637709 Log: Minor improvements to SSL how-to. - Hilite keystore type (JKS vs PKCS12) to lessen confusion - Recommend to explicitly specify a protocol implementation when using SSL, instead of "HTTP/1.1" - Update examples to use explicit protocol implementation instead of "HTTP/1.1" - Add NIO2 protocol to the samples. - Remove example of setting SSLEngine="off" with APR. It makes no sense on this page as here we are enabling SSL, not disabling it. The "off" value is documented elsewhere. - The "8443" is not the default value for a port, as far as I know. One has to explicitly configure it. - Mention NIO2 along with BIO and NIO. Merged r1637695 from tomcat/trunk. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml Propchange: tomcat/tc8.0.x/trunk/ -- Merged /tomcat/trunk:r1637695 Modified: tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1637709&r1=1637708&r2=1637709&view=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml Sun Nov 9 18:10:48 2014 @@ -200,13 +200,14 @@ to the case sensitivity of aliases, it i differ only in case. -To import an existing certificate into a JKS keystore, please read the +To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool. -Note that OpenSSL often adds readable comments before the key, -keytooldoes not support that, so remove the OpenSSL comments if -they exist before importing the key using keytool. +Note that OpenSSL often adds readable comments before the key, but +keytool does not support that. So if your certificate has +comments before the key data, remove them before importing the certificate with +keytool. -To import an existing certificate signed by your own CA into a PKCS12 +To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile myCA.crt @@ -214,8 +215,8 @@ keystore using OpenSSL you would execute For more advanced cases, consult the http://www.openssl.org/";>OpenSSL documentation. -To create a new keystore from scratch, containing a single self-signed -Certificate, execute the following from a terminal command line: +To create a new JKS keystore from scratch, containing a single +self-signed Certificate, execute the following from a terminal command line: Windows: "%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: @@ -273,26 +274,35 @@ Tomcat can use two different implementat The exact configuration details depend on which implementation is being used. -The implementation used by Tomcat is chosen automatically unless it is overriden as described below. -If the installation uses APR +If you configured Connector by specifying generic +protocol="HTTP/1.1" then the implementation used by Tomcat is +chosen automatically. If the installation uses APR - i.e. you have installed the Tomcat native library - -then it will use the APR SSL implementation, otherwise it will use the Java JSSE implementation. +then it will use the APR SSL implementation, otherwise it will use the Java +JSSE implementation. - To avoid auto configuration you can define which implementation to use by specifying a classname - in the protocol attribute of the Connector. - To define a Java (JSSE) connector, regardless of whether the APR library is loaded or not do: - - Alternatively, to specify an APR connector (the APR library must be available) use: - @@ -306,11 +316,8 @@ then it will use the APR SSL implementat So to use SSL under APR, make sure the SSLEngine attribute is set to something other than off. The default value is on and if you specify another value, it has to be a valid engine name. - -If you haven't compiled in SSL support into your Tomcat Native library, then you can turn this initialization off - + SSLRandomSeed allows to specify a source of entropy. Productive system needs a reliable source of entropy but entropy may need a lot of time to be collected therefore test systems could use no blocking entropy @@ -327,19 +334,17 @@ will need to remove the comments and edi this: - The example above will throw an error if you have the APR and the Tomcat - Native libraries in your path, as Tomcat will try to use the APR connector. The APR connector uses different attributes for many SSL settings, particularly keys and certificates. An example of an APR configuration is: -You
svn commit: r1637695 - /tomcat/trunk/webapps/docs/ssl-howto.xml
Author: kkolinko Date: Sun Nov 9 17:07:22 2014 New Revision: 1637695 URL: http://svn.apache.org/r1637695 Log: Minor improvements to SSL how-to. - Hilite keystore type (JKS vs PKCS12) to lessen confusion - Recommend to explicitly specify a protocol implementation when using SSL, instead of "HTTP/1.1" - Update examples to use explicit protocol implementation instead of "HTTP/1.1" - Remove BIO protocol from sample, add NIO2. - Remove example of setting SSLEngine="off" with APR. It makes no sense on this page as here we are enabling SSL, not disabling it. The "off" value is documented elsewhere. - The "8443" is not the default value for a port, as far as I know. One has to explicitly configure it. Modified: tomcat/trunk/webapps/docs/ssl-howto.xml Modified: tomcat/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ssl-howto.xml?rev=1637695&r1=1637694&r2=1637695&view=diff == --- tomcat/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/trunk/webapps/docs/ssl-howto.xml Sun Nov 9 17:07:22 2014 @@ -200,13 +200,14 @@ to the case sensitivity of aliases, it i differ only in case. -To import an existing certificate into a JKS keystore, please read the +To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool. -Note that OpenSSL often adds readable comments before the key, -keytooldoes not support that, so remove the OpenSSL comments if -they exist before importing the key using keytool. +Note that OpenSSL often adds readable comments before the key, but +keytool does not support that. So if your certificate has +comments before the key data, remove them before importing the certificate with +keytool. -To import an existing certificate signed by your own CA into a PKCS12 +To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile myCA.crt @@ -214,8 +215,8 @@ keystore using OpenSSL you would execute For more advanced cases, consult the http://www.openssl.org/";>OpenSSL documentation. -To create a new keystore from scratch, containing a single self-signed -Certificate, execute the following from a terminal command line: +To create a new JKS keystore from scratch, containing a single +self-signed Certificate, execute the following from a terminal command line: Windows: "%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: @@ -273,26 +274,31 @@ Tomcat can use two different implementat The exact configuration details depend on which implementation is being used. -The implementation used by Tomcat is chosen automatically unless it is overriden as described below. -If the installation uses APR +If you configured Connector by specifying generic +protocol="HTTP/1.1" then the implementation used by Tomcat is +chosen automatically. If the installation uses APR - i.e. you have installed the Tomcat native library - -then it will use the APR SSL implementation, otherwise it will use the Java JSSE implementation. +then it will use the APR SSL implementation, otherwise it will use the Java +JSSE implementation. - To avoid auto configuration you can define which implementation to use by specifying a classname - in the protocol attribute of the Connector. - To define a Java (JSSE) connector, regardless of whether the APR library is loaded or not do: - - Alternatively, to specify an APR connector (the APR library must be available) use: - @@ -306,11 +312,8 @@ then it will use the APR SSL implementat So to use SSL under APR, make sure the SSLEngine attribute is set to something other than off. The default value is on and if you specify another value, it has to be a valid engine name. - -If you haven't compiled in SSL support into your Tomcat Native library, then you can turn this initialization off - + SSLRandomSeed allows to specify a source of entropy. Productive system needs a reliable source of entropy but entropy may need a lot of time to be collected therefore test systems could use no blocking entropy @@ -327,19 +330,17 @@ will need to remove the comments and edi this: - The example above will throw an error if you have the APR and the Tomcat - Native libraries in your path, as Tomcat will try to use the APR connector. The APR connector uses different attributes for many SSL settings, particularly keys and certificates. An example of an APR configuration is: -You will note that the example SSL connector elements are commented out by -default. You can either remove the comment tags from around the the example SSL -connector you wish to use or add a new Connector element of your own. In either -case, you will need to configure the SSL Connector for your re
svn commit: r1637687 - in /tomcat/tc6.0.x/trunk: ./ webapps/docs/ssl-howto.xml
Author: kkolinko Date: Sun Nov 9 15:28:04 2014 New Revision: 1637687 URL: http://svn.apache.org/r1637687 Log: CTR: docs Minor corrections: - Remove '\' at end-of-line when wrapping long lists of command arguments. Such character makes no sense on Windows ('^' is used there). I think that readers should be wise enough to unwrap the lines, and unwrapping is easier when you do not have to delete stray '\' characters. - Add double quotes to Windows command line samples, as %JAVA_HOME% is likely to contain a whitespace character. Merged r1637686 from tomcat/tc7.0.x/trunk. Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml Propchange: tomcat/tc6.0.x/trunk/ -- Merged /tomcat/trunk:r1637684 Merged /tomcat/tc7.0.x/trunk:r1637686 Merged /tomcat/tc8.0.x/trunk:r1637685 Modified: tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1637687&r1=1637686&r2=1637687&view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml Sun Nov 9 15:28:04 2014 @@ -50,19 +50,14 @@ these simple steps. For more informatio Create a keystore file to store the server's private key and self-signed certificate by executing the following command: Windows: - -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA - +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: - -$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA - - -and specify a password value of "changeit". -Uncomment the "SSL HTTP/1.1 Connector" entry in +$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA + +and specify a password value of "changeit". +Uncomment the "SSL HTTP/1.1 Connector" entry in $CATALINA_BASE/conf/server.xml and modify as described in -the Configuration section below. - +the Configuration section below. @@ -213,24 +208,19 @@ Note that OpenSSL often adds readable co they exist before importing the key using keytool. To import an existing certificate signed by your own CA into a PKCS12 -keystore using OpenSSL you would execute a command like: -openssl pkcs12 -export -in mycert.crt -inkey mykey.key \ --out mycert.p12 -name tomcat -CAfile myCA.crt \ --caname root -chain - -For more advanced cases, consult the http://www.openssl.org/";>OpenSSL +keystore using OpenSSL you would execute a command like: +openssl pkcs12 -export -in mycert.crt -inkey mykey.key +-out mycert.p12 -name tomcat -CAfile myCA.crt +-caname root -chain +For more advanced cases, consult the http://www.openssl.org/";>OpenSSL documentation. To create a new keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line: Windows: - -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA - +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: - -$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA - +$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (The RSA algorithm should be preferred as a secure algorithm, and this also ensures general compatibility with other servers and components.) @@ -243,15 +233,11 @@ to the keytool command show reflect this new location in the server.xml configuration file, as described later. For example: Windows: - -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA \ - -keystore \path\to\my\keystore - +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA + -keystore \path\to\my\keystore Unix: - -$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \ - -keystore /path/to/my/keystore - +$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA + -keystore /path/to/my/keystore After executing this command, you will first be prompted for the keystore password. The default password used by Tomcat is "changeit" @@ -401,9 +387,7 @@ numbers lower than 1024 on many operatin After completing these configuration changes, you must restart Tomcat as you normally do, and you should be in business. You should be able to access any web application supported by Tomcat via SSL. For example, try: - -https://localhost:8443 - +https://localhost:8443/ and you should see the usual Tomcat splash page (unless you have modified the ROOT web application). If this does not work, the following section @@ -424,13 +408,13 @@ by the Certificate Authority to create a as "secure". To create a CSR follow these steps: Create a local Certificate (as described in the previous section): -keytool -genkey -alias tomcat -keyalg RSA \ +keytool -genkey -alias tomcat -keyalg RSA -keystoreNote: In some cases you w
svn commit: r1637686 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/ssl-howto.xml
Author: kkolinko Date: Sun Nov 9 15:24:02 2014 New Revision: 1637686 URL: http://svn.apache.org/r1637686 Log: Minor corrections: - Remove '\' at end-of-line when wrapping long lists of command arguments. Such character makes no sense on Windows ('^' is used there). I think that readers should be wise enough to unwrap the lines, and unwrapping is easier when you do not have to delete stray '\' characters. - Add double quotes to Windows command line samples, as %JAVA_HOME% is likely to contain a whitespace character. Merged r1637685 from tomcat/tc8.0.x/trunk. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Propchange: tomcat/tc7.0.x/trunk/ -- Merged /tomcat/trunk:r1637684 Merged /tomcat/tc8.0.x/trunk:r1637685 Modified: tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1637686&r1=1637685&r2=1637686&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Sun Nov 9 15:24:02 2014 @@ -50,19 +50,14 @@ these simple steps. For more informatio Create a keystore file to store the server's private key and self-signed certificate by executing the following command: Windows: - -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA - +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: - -$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA - - -and specify a password value of "changeit". -Uncomment the "SSL HTTP/1.1 Connector" entry in +$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA + +and specify a password value of "changeit". +Uncomment the "SSL HTTP/1.1 Connector" entry in $CATALINA_BASE/conf/server.xml and modify as described in -the Configuration section below. - +the Configuration section below. @@ -213,24 +208,19 @@ Note that OpenSSL often adds readable co they exist before importing the key using keytool. To import an existing certificate signed by your own CA into a PKCS12 -keystore using OpenSSL you would execute a command like: -openssl pkcs12 -export -in mycert.crt -inkey mykey.key \ --out mycert.p12 -name tomcat -CAfile myCA.crt \ --caname root -chain - -For more advanced cases, consult the http://www.openssl.org/";>OpenSSL +keystore using OpenSSL you would execute a command like: +openssl pkcs12 -export -in mycert.crt -inkey mykey.key +-out mycert.p12 -name tomcat -CAfile myCA.crt +-caname root -chain +For more advanced cases, consult the http://www.openssl.org/";>OpenSSL documentation. To create a new keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line: Windows: - -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA - +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: - -$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA - +$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (The RSA algorithm should be preferred as a secure algorithm, and this also ensures general compatibility with other servers and components.) @@ -243,15 +233,11 @@ to the keytool command show reflect this new location in the server.xml configuration file, as described later. For example: Windows: - -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA \ - -keystore \path\to\my\keystore - +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA + -keystore \path\to\my\keystore Unix: - -$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \ - -keystore /path/to/my/keystore - +$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA + -keystore /path/to/my/keystore After executing this command, you will first be prompted for the keystore password. The default password used by Tomcat is "changeit" @@ -401,9 +387,7 @@ numbers lower than 1024 on many operatin After completing these configuration changes, you must restart Tomcat as you normally do, and you should be in business. You should be able to access any web application supported by Tomcat via SSL. For example, try: - -https://localhost:8443 - +https://localhost:8443/ and you should see the usual Tomcat splash page (unless you have modified the ROOT web application). If this does not work, the following section contains some troubleshooting tips. @@ -423,13 +407,13 @@ by the Certificate Authority to create a as "secure". To create a CSR follow these steps: Create a local Certificate (as described in the previous section): -keytool -genkey -alias tomcat -keyalg RSA \ +keytool -genkey -alias tomcat -keyalg RSA -keystoreNote: In some cases you will have to enter
svn commit: r1637685 - in /tomcat/tc8.0.x/trunk: ./ webapps/docs/ssl-howto.xml
Author: kkolinko Date: Sun Nov 9 15:14:20 2014 New Revision: 1637685 URL: http://svn.apache.org/r1637685 Log: Minor corrections: - Remove '\' at end-of-line when wrapping long lists of command arguments. Such character makes no sense on Windows ('^' is used there). I think that readers should be wise enough to unwrap the lines, and unwrapping is easier when you do not have to delete stray '\' characters. - Add double quotes to Windows command line samples, as %JAVA_HOME% is likely to contain a whitespace character. Merged r1637684 from tomcat/trunk. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml Propchange: tomcat/tc8.0.x/trunk/ -- Merged /tomcat/trunk:r1637684 Modified: tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1637685&r1=1637684&r2=1637685&view=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml Sun Nov 9 15:14:20 2014 @@ -48,7 +48,7 @@ these simple steps. For more informatio Create a keystore file to store the server's private key and self-signed certificate by executing the following command: Windows: -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA @@ -208,16 +208,16 @@ they exist before importing the key usin To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: -openssl pkcs12 -export -in mycert.crt -inkey mykey.key \ --out mycert.p12 -name tomcat -CAfile myCA.crt \ --caname root -chain +openssl pkcs12 -export -in mycert.crt -inkey mykey.key + -out mycert.p12 -name tomcat -CAfile myCA.crt + -caname root -chain For more advanced cases, consult the http://www.openssl.org/";>OpenSSL documentation. To create a new keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line: Windows: -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA @@ -232,10 +232,10 @@ to the keytool command show reflect this new location in the server.xml configuration file, as described later. For example: Windows: -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA \ +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore Unix: -$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \ +$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/my/keystore After executing this command, you will first be prompted for the keystore @@ -374,7 +374,7 @@ numbers lower than 1024 on many operatin After completing these configuration changes, you must restart Tomcat as you normally do, and you should be in business. You should be able to access any web application supported by Tomcat via SSL. For example, try: -https://localhost:8443 +https://localhost:8443/ and you should see the usual Tomcat splash page (unless you have modified the ROOT web application). If this does not work, the following section contains some troubleshooting tips. @@ -394,13 +394,13 @@ by the Certificate Authority to create a as "secure". To create a CSR follow these steps: Create a local Certificate (as described in the previous section): -keytool -genkey -alias tomcat -keyalg RSA \ +keytool -genkey -alias tomcat -keyalg RSA -keystoreNote: In some cases you will have to enter the domain of your website (i.e. www.myside.org) in the field "first- and lastname" in order to create a working Certificate. The CSR is then created with: -keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \ +keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore @@ -425,11 +425,11 @@ After that you can proceed with importin http://www.thawte.com/certs/trustmap.html Import the Chain Certificate into your keystore -keytool -import -alias root -keystore \ +keytool -import -alias root -keystore -trustcacerts -file And finally import your new Certificate -keytool -import -alias tomcat -keystore \ +keytool -import -alias tomcat -keystore -file ---
svn commit: r1637684 - /tomcat/trunk/webapps/docs/ssl-howto.xml
Author: kkolinko Date: Sun Nov 9 15:12:29 2014 New Revision: 1637684 URL: http://svn.apache.org/r1637684 Log: Minor corrections: - Remove '\' at end-of-line when wrapping long lists of command arguments. Such character makes no sense on Windows ('^' is used there). I think that readers should be wise enough to unwrap the lines, and unwrapping is easier when you do not have to delete stray '\' characters. - Add double quotes to Windows command line samples, as %JAVA_HOME% is likely to contain a whitespace character. Modified: tomcat/trunk/webapps/docs/ssl-howto.xml Modified: tomcat/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ssl-howto.xml?rev=1637684&r1=1637683&r2=1637684&view=diff == --- tomcat/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/trunk/webapps/docs/ssl-howto.xml Sun Nov 9 15:12:29 2014 @@ -48,7 +48,7 @@ these simple steps. For more informatio Create a keystore file to store the server's private key and self-signed certificate by executing the following command: Windows: -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA @@ -208,16 +208,16 @@ they exist before importing the key usin To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: -openssl pkcs12 -export -in mycert.crt -inkey mykey.key \ --out mycert.p12 -name tomcat -CAfile myCA.crt \ --caname root -chain +openssl pkcs12 -export -in mycert.crt -inkey mykey.key + -out mycert.p12 -name tomcat -CAfile myCA.crt + -caname root -chain For more advanced cases, consult the http://www.openssl.org/";>OpenSSL documentation. To create a new keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line: Windows: -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA @@ -232,10 +232,10 @@ to the keytool command show reflect this new location in the server.xml configuration file, as described later. For example: Windows: -%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA \ +"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore Unix: -$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \ +$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/my/keystore After executing this command, you will first be prompted for the keystore @@ -374,7 +374,7 @@ numbers lower than 1024 on many operatin After completing these configuration changes, you must restart Tomcat as you normally do, and you should be in business. You should be able to access any web application supported by Tomcat via SSL. For example, try: -https://localhost:8443 +https://localhost:8443/ and you should see the usual Tomcat splash page (unless you have modified the ROOT web application). If this does not work, the following section contains some troubleshooting tips. @@ -394,13 +394,13 @@ by the Certificate Authority to create a as "secure". To create a CSR follow these steps: Create a local Certificate (as described in the previous section): -keytool -genkey -alias tomcat -keyalg RSA \ +keytool -genkey -alias tomcat -keyalg RSA -keystoreNote: In some cases you will have to enter the domain of your website (i.e. www.myside.org) in the field "first- and lastname" in order to create a working Certificate. The CSR is then created with: -keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \ +keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore @@ -425,11 +425,11 @@ After that you can proceed with importin http://www.thawte.com/certs/trustmap.html Import the Chain Certificate into your keystore -keytool -import -alias root -keystore \ +keytool -import -alias root -keystore -trustcacerts -file And finally import your new Certificate -keytool -import -alias tomcat -keystore \ +keytool -import -alias tomcat -keystore -file - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1637681 - in /tomcat/tc6.0.x/trunk: ./ webapps/docs/changelog.xml webapps/docs/ssl-howto.xml
Author: kkolinko Date: Sun Nov 9 14:54:35 2014 New Revision: 1637681 URL: http://svn.apache.org/r1637681 Log: CTR: docs Correct typos in configuration samples: XML comments start with '
svn commit: r1637679 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/tomcat/util/http/mapper/Mapper.java webapps/docs/changelog.xml
Author: kkolinko Date: Sun Nov 9 14:04:37 2014 New Revision: 1637679 URL: http://svn.apache.org/r1637679 Log: Assert that MappingData object is empty before performing mapping work. It is backport of r1604663 Motivation: Remove dead branches. Protect Mapper from operating on non-recycled MappingData. Using non-recycled MappingData might result in mapping request onto a different target, like an issue that prevented us from releasing 8.0.4 and fixed by r1580080/r1580083. I do not know such bugs in Tomcat 6, but I want the code to be more safe. Just a single (mappingData.host != null) check is enough to discern recycled vs. non-recycled data. Checks for other MappingData fields are removed by this patch, simplifying the code. Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1637679&r1=1637678&r2=1637679&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Nov 9 14:04:37 2014 @@ -28,26 +28,6 @@ None PATCHES PROPOSED TO BACKPORT: [ New proposals should be added at the end of the list ] -* Assert that MappingData object is empty before performing mapping work. - It is backport of r1604663 - - Motivation: Remove dead branches. Protect Mapper from operating on - non-recycled MappingData. Using non-recycled MappingData might result in - mapping request onto a different target, like an issue that prevented us - from releasing 8.0.4 and fixed by r1580080/r1580083. I do not know such - bugs in Tomcat 6, but I want the code to be more safe. - Just a single (mappingData.host != null) check is enough to discern - recycled vs. non-recycled data. Checks for other MappingData fields are - removed by this patch, simplifying the code. - - A patch generated with "svn diff -x --ignore-space-change" for easier - overview of the change is - https://people.apache.org/~kkolinko/patches/2014-06-23_tc6_Mapper_diff-x-b.patch - - https://people.apache.org/~kkolinko/patches/2014-06-23_tc6_Mapper.patch - +1: kkolinko, markt, remm - -1: - * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56780 Enable Tomcat to start when using a IBM JRE in strict SP800-131a mode This back-ports the fix as well as some additional changes to more closely Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java?rev=1637679&r1=1637678&r2=1637679&view=diff == --- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java Sun Nov 9 14:04:37 2014 @@ -588,82 +588,86 @@ public final class Mapper { MappingData mappingData) throws Exception { +if (mappingData.host != null) { +// The legacy code (dating down at least to Tomcat 4.1) just +// skipped all mapping work in this case. That behaviour has a risk +// of returning an inconsistent result. +// I do not see a valid use case for it. +throw new AssertionError(); +} + uri.setLimit(-1); -Context[] contexts = null; +Context[] contexts; Context context = null; int nesting = 0; // Virtual host mapping -if (mappingData.host == null) { -Host[] hosts = this.hosts; -int pos = findIgnoreCase(hosts, host); -if ((pos != -1) && (host.equalsIgnoreCase(hosts[pos].name))) { +Host[] hosts = this.hosts; +int pos = findIgnoreCase(hosts, host); +if ((pos != -1) && (host.equalsIgnoreCase(hosts[pos].name))) { +mappingData.host = hosts[pos].object; +contexts = hosts[pos].contextList.contexts; +nesting = hosts[pos].contextList.nesting; +} else { +if (defaultHostName == null) { +return; +} +pos = find(hosts, defaultHostName); +if ((pos != -1) && (defaultHostName.equals(hosts[pos].name))) { mappingData.host = hosts[pos].object; contexts = hosts[pos].contextList.contexts; nesting = hosts[pos].contextList.nesting; } else { -if (defaultHostName == null) { -return; -} -pos = find(hosts, defaultHostName); -if ((pos != -1) && (defaultHostName.equals(hosts[pos].name))) { -mappingData.host = hosts[pos].object; -
svn commit: r1637676 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Sun Nov 9 13:32:17 2014 New Revision: 1637676 URL: http://svn.apache.org/r1637676 Log: proposal Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1637676&r1=1637675&r2=1637676&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Nov 9 13:32:17 2014 @@ -65,6 +65,13 @@ PATCHES PROPOSED TO BACKPORT: SSLContext.getSupportedSSLParameters() is @since Java 6. https://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLContext.html + I think it can be replaced with "sslProxy.getSupportedCipherSuites()". + + Updated patch: + https://people.apache.org/~kkolinko/patches/2014-11-09_tc6_bug56780-v3.patch + +1: kkolinko + -1: + PATCHES/ISSUES THAT ARE STALLED: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1637656 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Sun Nov 9 11:23:39 2014 New Revision: 1637656 URL: http://svn.apache.org/r1637656 Log: Proposed patch does not compile. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1637656&r1=1637655&r2=1637656&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Nov 9 11:23:39 2014 @@ -54,7 +54,16 @@ PATCHES PROPOSED TO BACKPORT: align the Tomcat 6 code with the code in Tomcat 7. http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v2.patch +1: markt, remm - -1: + -1: kkolinko: It does not compile with Java 5. + + First, Java 5 does not allow @Override annotations when implementing + method declared by an interface. + + Second, once I remove those overrides, compilation fails at + "context.getSupportedSSLParameters().getCipherSuites();" line + in JSSESocketFactory.java line 539. The method + SSLContext.getSupportedSSLParameters() is @since Java 6. + https://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLContext.html PATCHES/ISSUES THAT ARE STALLED: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GUMP@vmgump]: Project tomcat-tc8.0.x-test-apr (in module tomcat-8.0.x) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc8.0.x-test-apr has an issue affecting its community integration. This issue affects 1 projects. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-tc8.0.x-test-apr : Tomcat 8.x, a web server implementing the Java Servlet 3.1, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/logs-APR -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-APR/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr.html Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr (Type: Build) Work ended in a state of : Failed Elapsed: 26 mins 27 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.12-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-APR -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20141109-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native/dest-20141109/lib -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20141109.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20141109-native-src.tar.gz -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false -Dtest .openssl.path=/srv/gump/public/workspace/openssl/dest-20141109/bin/openssl -Dexecute.test.apr=true -Dexecute.test.bio=false -Dexecute.test.nio2=false -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.3-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/public/workspace/hamcrest/build/hamcrest-all-20141109.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-8.0.x] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja r:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-jni.
[GUMP@vmgump]: Project tomcat-tc8.0.x-test-nio (in module tomcat-8.0.x) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc8.0.x-test-nio has an issue affecting its community integration. This issue affects 1 projects. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-tc8.0.x-test-nio : Tomcat 8.x, a web server implementing the Java Servlet 3.1, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-nio/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/logs-NIO -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-nio/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio.html Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio (Type: Build) Work ended in a state of : Failed Elapsed: 27 mins 49 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.12-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-NIO -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20141109-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20141109.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20141109-native-src.tar.gz -Dtest.temp=output/test-tmp-NIO -Dtest.accesslog=true -Dexecute.test.nio=true -Dtest.openssl.path=/srv/gump/public/workspace/openssl/dest-20141109/bin/openssl -Dexecute.test.apr=false -Dexecute.test.bio=false -Dexecute.test.nio2=false -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.3-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/public/workspace/hamcrest/build/hamcrest-all-20141109.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-8.0.x] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja r:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-jni.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/bu ild/lib/tomcat-spdy.