[Bug 64431] Enable response compression by default
https://bz.apache.org/bugzilla/show_bug.cgi?id=64431 --- Comment #5 from Craig --- I don't think BEAST is still relevant, see https://blog.qualys.com/ssllabs/2013/09/10/is-beast-still-a-threat for a details explanation. So I still suggest that Tomcat change the default to enable HTTP response compression. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/5205 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 5dd4733ea0d5a6281fc9d51c85fdb69b56336eed Blamelist: Mark Thomas BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64430] rotating catalina.out (using named pipe)
https://bz.apache.org/bugzilla/show_bug.cgi?id=64430 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #6 from Mark Thomas --- Thanks for the patch. Fixed in: - master for 10.0.0-M6 onwards - 9.0.x for 9.0.36 onwards - 8.5.x for 8.5.56 onwards - 7.0.x for 7.0.105 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new da3190c Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel. da3190c is described below commit da3190cd679c899fefa7010f0e137eed82dffa0a Author: Mark Thomas AuthorDate: Thu May 28 22:01:13 2020 +0100 Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel. --- bin/catalina.sh| 23 ++- webapps/docs/changelog.xml | 5 + 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/bin/catalina.sh b/bin/catalina.sh index 4e0b8bf..145cdf4 100755 --- a/bin/catalina.sh +++ b/bin/catalina.sh @@ -36,6 +36,14 @@ # will be redirected. # Default is $CATALINA_BASE/logs/catalina.out # +# CATALINA_OUT_CMD (Optional) Command which will be executed and receive +# as its stdin the stdout and stderr from the Tomcat java +# process. If CATALINA_OUT_CMD is set, the value of +# CATALINA_OUT will be used as a named pipe. +# No default. +# Example (all one line) +# CATALINA_OUT_CMD="/usr/bin/rotatelogs -f $CATALINA_BASE/logs/catalina.out.%Y-%m-%d.log 86400" +# # CATALINA_OPTS (Optional) Java runtime options used when the "start", # "run" or "debug" command is executed. # Include here and not in JAVA_OPTS all options, that should @@ -463,7 +471,20 @@ elif [ "$1" = "start" ] ; then fi shift - touch "$CATALINA_OUT" + if [ -z "$CATALINA_OUT_CMD" ] ; then +touch "$CATALINA_OUT" + else +if [ ! -e "$CATALINA_OUT" ]; then + if ! mkfifo "$CATALINA_OUT"; then +echo "cannot create named pipe $CATALINA_OUT. Start aborted." +exit 1 + fi +elif [ ! -p "$CATALINA_OUT" ]; then + echo "$CATALINA_OUT exists and is not a named pipe. Start aborted." + exit 1 +fi +$CATALINA_OUT_CMD <"$CATALINA_OUT" & + fi if [ "$1" = "-security" ] ; then if [ $have_tty -eq 1 ]; then echo "Using Security Manager" diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 3ce0fa1..248520e 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -97,6 +97,11 @@ Improve the quality and expand the coverage of the French translations provided with Apache Tomcat. (remm) + +64430: Add support for the CATALINA_OUT_CMD +environment variable that defines a command to which captured stdout and +stderr will be redirected. Patch provided by Harald Dunkel. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new 5372a7c Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel. 5372a7c is described below commit 5372a7c3c1e48ddbb4d5b424bc4bc68a70132225 Author: Mark Thomas AuthorDate: Thu May 28 22:01:13 2020 +0100 Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel. --- bin/catalina.sh| 23 ++- webapps/docs/changelog.xml | 5 + 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/bin/catalina.sh b/bin/catalina.sh index 28fa29a..013de4f 100755 --- a/bin/catalina.sh +++ b/bin/catalina.sh @@ -36,6 +36,14 @@ # will be redirected. # Default is $CATALINA_BASE/logs/catalina.out # +# CATALINA_OUT_CMD (Optional) Command which will be executed and receive +# as its stdin the stdout and stderr from the Tomcat java +# process. If CATALINA_OUT_CMD is set, the value of +# CATALINA_OUT will be used as a named pipe. +# No default. +# Example (all one line) +# CATALINA_OUT_CMD="/usr/bin/rotatelogs -f $CATALINA_BASE/logs/catalina.out.%Y-%m-%d.log 86400" +# # CATALINA_OPTS (Optional) Java runtime options used when the "start", # "run" or "debug" command is executed. # Include here and not in JAVA_OPTS all options, that should @@ -459,7 +467,20 @@ elif [ "$1" = "start" ] ; then fi shift - touch "$CATALINA_OUT" + if [ -z "$CATALINA_OUT_CMD" ] ; then +touch "$CATALINA_OUT" + else +if [ ! -e "$CATALINA_OUT" ]; then + if ! mkfifo "$CATALINA_OUT"; then +echo "cannot create named pipe $CATALINA_OUT. Start aborted." +exit 1 + fi +elif [ ! -p "$CATALINA_OUT" ]; then + echo "$CATALINA_OUT exists and is not a named pipe. Start aborted." + exit 1 +fi +$CATALINA_OUT_CMD <"$CATALINA_OUT" & + fi if [ "$1" = "-security" ] ; then if [ $have_tty -eq 1 ]; then echo "Using Security Manager" diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 5b5d83d..428370a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -91,6 +91,11 @@ Improve the quality and expand the coverage of the French translations provided with Apache Tomcat. (remm) + +64430: Add support for the CATALINA_OUT_CMD +environment variable that defines a command to which captured stdout and +stderr will be redirected. Patch provided by Harald Dunkel. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new b6a9b8c Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel. b6a9b8c is described below commit b6a9b8c1001532c2f7fd164a341a78218dba5cf4 Author: Mark Thomas AuthorDate: Thu May 28 22:01:13 2020 +0100 Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel. --- bin/catalina.sh| 23 ++- webapps/docs/changelog.xml | 5 + 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/bin/catalina.sh b/bin/catalina.sh index 4e0b8bf..145cdf4 100755 --- a/bin/catalina.sh +++ b/bin/catalina.sh @@ -36,6 +36,14 @@ # will be redirected. # Default is $CATALINA_BASE/logs/catalina.out # +# CATALINA_OUT_CMD (Optional) Command which will be executed and receive +# as its stdin the stdout and stderr from the Tomcat java +# process. If CATALINA_OUT_CMD is set, the value of +# CATALINA_OUT will be used as a named pipe. +# No default. +# Example (all one line) +# CATALINA_OUT_CMD="/usr/bin/rotatelogs -f $CATALINA_BASE/logs/catalina.out.%Y-%m-%d.log 86400" +# # CATALINA_OPTS (Optional) Java runtime options used when the "start", # "run" or "debug" command is executed. # Include here and not in JAVA_OPTS all options, that should @@ -463,7 +471,20 @@ elif [ "$1" = "start" ] ; then fi shift - touch "$CATALINA_OUT" + if [ -z "$CATALINA_OUT_CMD" ] ; then +touch "$CATALINA_OUT" + else +if [ ! -e "$CATALINA_OUT" ]; then + if ! mkfifo "$CATALINA_OUT"; then +echo "cannot create named pipe $CATALINA_OUT. Start aborted." +exit 1 + fi +elif [ ! -p "$CATALINA_OUT" ]; then + echo "$CATALINA_OUT exists and is not a named pipe. Start aborted." + exit 1 +fi +$CATALINA_OUT_CMD <"$CATALINA_OUT" & + fi if [ "$1" = "-security" ] ; then if [ $have_tty -eq 1 ]; then echo "Using Security Manager" diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 94f6836..fe8c50d 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -109,6 +109,11 @@ Improve the quality and expand the coverage of the French translations provided with Apache Tomcat. (remm) + +64430: Add support for the CATALINA_OUT_CMD +environment variable that defines a command to which captured stdout and +stderr will be redirected. Patch provided by Harald Dunkel. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 5dd4733 Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel. 5dd4733 is described below commit 5dd4733ea0d5a6281fc9d51c85fdb69b56336eed Author: Mark Thomas AuthorDate: Thu May 28 22:01:13 2020 +0100 Fix BZ 64430. Add support for CATALINA_OUT_CMD Patch by Harald Dunkel. --- bin/catalina.sh| 23 ++- webapps/docs/changelog.xml | 5 + 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/bin/catalina.sh b/bin/catalina.sh index 0ee6595..7823d5e 100755 --- a/bin/catalina.sh +++ b/bin/catalina.sh @@ -36,6 +36,14 @@ # will be redirected. # Default is $CATALINA_BASE/logs/catalina.out # +# CATALINA_OUT_CMD (Optional) Command which will be executed and receive +# as its stdin the stdout and stderr from the Tomcat java +# process. If CATALINA_OUT_CMD is set, the value of +# CATALINA_OUT will be used as a named pipe. +# No default. +# Example (all one line) +# CATALINA_OUT_CMD="/usr/bin/rotatelogs -f $CATALINA_BASE/logs/catalina.out.%Y-%m-%d.log 86400" +# # CATALINA_OPTS (Optional) Java runtime options used when the "start", # "run" or "debug" command is executed. # Include here and not in JAVA_OPTS all options, that should @@ -450,7 +458,20 @@ elif [ "$1" = "start" ] ; then fi shift - touch "$CATALINA_OUT" + if [ -z "$CATALINA_OUT_CMD" ] ; then +touch "$CATALINA_OUT" + else +if [ ! -e "$CATALINA_OUT" ]; then + if ! mkfifo "$CATALINA_OUT"; then +echo "cannot create named pipe $CATALINA_OUT. Start aborted." +exit 1 + fi +elif [ ! -p "$CATALINA_OUT" ]; then + echo "$CATALINA_OUT exists and is not a named pipe. Start aborted." + exit 1 +fi +$CATALINA_OUT_CMD <"$CATALINA_OUT" & + fi if [ "$1" = "-security" ] ; then if [ $have_tty -eq 1 ]; then echo "Using Security Manager" diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 32ea0dd..c4b0e83 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -119,6 +119,11 @@ Improve the quality and expand the coverage of the French translations provided with Apache Tomcat. (remm) + +64430: Add support for the CATALINA_OUT_CMD +environment variable that defines a command to which captured stdout and +stderr will be redirected. Patch provided by Harald Dunkel. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [GitHub] [tomcat] 0kfVA7MuF6gZEboZvmDg opened a new pull request #292: test
On 28/05/2020 17:01, GitBox wrote: > > 0kfVA7MuF6gZEboZvmDg opened a new pull request #292: > URL: https://github.com/apache/tomcat/pull/292 PR closed, user blocked and abuse reported. FYI, I leant towards this being deliberate abuse rather than a naive new user based on the user name. It looks suspiciously bot-like. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf commented on pull request #292: test
markt-asf commented on pull request #292: URL: https://github.com/apache/tomcat/pull/292#issuecomment-635474822 The Apache Tomcat repo is not your personal test sandbox. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf closed pull request #292: test
markt-asf closed pull request #292: URL: https://github.com/apache/tomcat/pull/292 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] 0kfVA7MuF6gZEboZvmDg opened a new pull request #292: test
0kfVA7MuF6gZEboZvmDg opened a new pull request #292: URL: https://github.com/apache/tomcat/pull/292 test This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64478] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
https://bz.apache.org/bugzilla/show_bug.cgi?id=64478 Mark Thomas changed: What|Removed |Added Resolution|--- |INVALID Status|REOPENED|RESOLVED --- Comment #4 from Mark Thomas --- This behaviour is not observed in a clean 9.0.35 install. Something is creating the invalid request. Again, the users list is the place to seek help. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64478] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
https://bz.apache.org/bugzilla/show_bug.cgi?id=64478 Md. Adnan Rashidul Islam changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID |--- -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64478] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
https://bz.apache.org/bugzilla/show_bug.cgi?id=64478 --- Comment #3 from Md. Adnan Rashidul Islam --- I have only start the Tomcat with all default settings and having now applications in /webapp. No external request is made. The error appears when it just starts. The other version i have checked (version 9.0.33) and there is no such error. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64430] rotating catalina.out (using named pipe)
https://bz.apache.org/bugzilla/show_bug.cgi?id=64430 --- Comment #5 from Mark Thomas --- I like the modified approach. I'll run some tests locally and if all is well, I'll apply this for the next release round. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Expose the local certificate through SSLSupport
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 21419a185c457d3b2b76573a56f85f92138b504b Author: remm AuthorDate: Thu May 28 16:21:35 2020 +0200 Expose the local certificate through SSLSupport To be used for more TLS env support in the rewrite resolver, it cannot hurt. Using a default since it's an API change and not there with OpenSSL. --- java/org/apache/tomcat/util/net/SSLSupport.java | 11 +++ java/org/apache/tomcat/util/net/jsse/JSSESupport.java | 15 +++ webapps/docs/changelog.xml| 4 3 files changed, 30 insertions(+) diff --git a/java/org/apache/tomcat/util/net/SSLSupport.java b/java/org/apache/tomcat/util/net/SSLSupport.java index 75740f9..f46d266 100644 --- a/java/org/apache/tomcat/util/net/SSLSupport.java +++ b/java/org/apache/tomcat/util/net/SSLSupport.java @@ -85,6 +85,17 @@ public interface SSLSupport { public X509Certificate[] getPeerCertificateChain() throws IOException; /** + * The server certificate chain (if any) that were sent to the peer. + * + * @return The certificate chain sent with the server + * certificate first, followed by those of any certificate + * authorities + */ +default public X509Certificate[] getLocalCertificateChain() { +return null; +} + +/** * Get the keysize. * * What we're supposed to put here is ill-defined by the diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java index 98c6eb9..0ca7ba7 100644 --- a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java +++ b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java @@ -21,6 +21,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; import java.util.HashMap; import java.util.Map; @@ -87,6 +88,14 @@ public class JSSESupport implements SSLSupport, SSLSessionManager { } @Override +public X509Certificate[] getLocalCertificateChain() { +if (session == null) { +return null; +} +return convertCertificates(session.getLocalCertificates()); +} + +@Override public java.security.cert.X509Certificate[] getPeerCertificateChain() throws IOException { // Look up the current SSLSession if (session == null) @@ -99,6 +108,12 @@ public class JSSESupport implements SSLSupport, SSLSessionManager { log.debug(sm.getString("jsseSupport.clientCertError"), t); return null; } + +return convertCertificates(certs); +} + + +private static java.security.cert.X509Certificate[] convertCertificates(Certificate[] certs) { if( certs==null ) return null; java.security.cert.X509Certificate [] x509Certs = diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 4f160b4..94f6836 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -83,6 +83,10 @@ 64467: Improve performance of closing idle HTTP/2 streams. (markt) + +Expose server certificate through the SSLSupport +interface. (remm) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated (914ee22 -> a40282b)
This is an automated email from the ASF dual-hosted git repository. remm pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 914ee22 Add missing French translation (remm) new 21419a1 Expose the local certificate through SSLSupport new a40282b Checkstyle The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/tomcat/util/net/SSLSupport.java | 11 +++ java/org/apache/tomcat/util/net/jsse/JSSESupport.java | 15 +++ webapps/docs/changelog.xml| 4 3 files changed, 30 insertions(+) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Checkstyle
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit a40282bc6740bad923d46d20b77adba68ba43d59 Author: remm AuthorDate: Thu May 28 16:32:54 2020 +0200 Checkstyle --- java/org/apache/tomcat/util/net/SSLSupport.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/tomcat/util/net/SSLSupport.java b/java/org/apache/tomcat/util/net/SSLSupport.java index f46d266..39c51e7 100644 --- a/java/org/apache/tomcat/util/net/SSLSupport.java +++ b/java/org/apache/tomcat/util/net/SSLSupport.java @@ -91,7 +91,7 @@ public interface SSLSupport { * certificate first, followed by those of any certificate * authorities */ -default public X509Certificate[] getLocalCertificateChain() { +public default X509Certificate[] getLocalCertificateChain() { return null; } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Checkstyle
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new b28d5eb Checkstyle b28d5eb is described below commit b28d5eb0da84971fcadee3ebfaa03d18f5912387 Author: remm AuthorDate: Thu May 28 16:32:54 2020 +0200 Checkstyle --- java/org/apache/tomcat/util/net/SSLSupport.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/tomcat/util/net/SSLSupport.java b/java/org/apache/tomcat/util/net/SSLSupport.java index c287183..6c0166b 100644 --- a/java/org/apache/tomcat/util/net/SSLSupport.java +++ b/java/org/apache/tomcat/util/net/SSLSupport.java @@ -91,7 +91,7 @@ public interface SSLSupport { * certificate first, followed by those of any certificate * authorities */ -default public X509Certificate[] getLocalCertificateChain() { +public default X509Certificate[] getLocalCertificateChain() { return null; } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64478] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
https://bz.apache.org/bugzilla/show_bug.cgi?id=64478 Siham Sharif changed: What|Removed |Added CC||siham.sha...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: WIP for more TLS env resolution
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 693721e WIP for more TLS env resolution 693721e is described below commit 693721eb06a20042c4404450ddc25de7f83d6944 Author: remm AuthorDate: Thu May 28 16:28:19 2020 +0200 WIP for more TLS env resolution Make explicit each missing env value, to help eventual documenting. --- .../catalina/valves/rewrite/ResolverImpl.java | 107 +++-- 1 file changed, 97 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java index 1ae6600..ea44acc 100644 --- a/java/org/apache/catalina/valves/rewrite/ResolverImpl.java +++ b/java/org/apache/catalina/valves/rewrite/ResolverImpl.java @@ -16,10 +16,12 @@ */ package org.apache.catalina.valves.rewrite; +import java.io.IOException; import java.nio.charset.Charset; +import java.security.cert.X509Certificate; import java.util.Calendar; +import java.util.concurrent.TimeUnit; -import org.apache.catalina.Globals; import org.apache.catalina.WebResource; import org.apache.catalina.WebResourceRoot; import org.apache.catalina.connector.Request; @@ -135,16 +137,101 @@ public class ResolverImpl extends Resolver { @Override public String resolveSsl(String key) { -if (key.equals("SSL_PROTOCOL")) { -return String.valueOf(request.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY)); -} else if (key.equals("SSL_SESSION_ID")) { -return String.valueOf(request.getAttribute(Globals.SSL_SESSION_ID_ATTR)); -} else if (key.equals("SSL_CIPHER")) { -return String.valueOf(request.getAttribute(Globals.CIPHER_SUITE_ATTR)); -} else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { -return String.valueOf(request.getAttribute(Globals.KEY_SIZE_ATTR)); +SSLSupport sslSupport = (SSLSupport) request.getAttribute(SSLSupport.SESSION_MGR); +try { +// FIXME SSL_SESSION_RESUMED +// FIXME SSL_SECURE_RENEG +// FIXME SSL_CIPHER_EXPORT +// FIXME SSL_CIPHER_ALGKEYSIZE +// FIXME SSL_COMPRESS_METHOD +// FIXME SSL_SRP_USER +// FIXME SSL_SRP_USERINFO +// FIXME SSL_TLS_SNI +if (key.equals("SSL_PROTOCOL")) { +return sslSupport.getProtocol(); +} else if (key.equals("SSL_SESSION_ID")) { +return sslSupport.getSessionId(); +} else if (key.equals("SSL_CIPHER")) { +return sslSupport.getCipherSuite(); +} else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { +return sslSupport.getKeySize().toString(); +} else if (key.startsWith("SSL_CLIENT_")) { +X509Certificate[] certificates = sslSupport.getPeerCertificateChain(); +if (certificates != null && certificates.length > 0) { +key = key.substring("SSL_CLIENT_".length()); +String result = resolveSslCertificates(key, certificates); +if (result != null) { +return result; +} else if (key.startsWith("SAN_OTHER_msUPN_")) { +key = key.substring("SAN_OTHER_msUPN_".length()); +// FIXME return certificates[0].getSubjectAlternativeNames() +} else if (key.equals("CERT_RFC4523_CEA")) { +// FIXME return certificates[0]; +} else if (key.equals("VERIFY")) { +// FIXME return certificates[0]; +} +} +} else if (key.startsWith("SSL_SERVER_")) { +X509Certificate[] certificates = sslSupport.getLocalCertificateChain(); +if (certificates != null && certificates.length > 0) { +key = key.substring("SSL_SERVER_".length()); +String result = resolveSslCertificates(key, certificates); +if (result != null) { +return result; +} else if (key.startsWith("SAN_OTHER_dnsSRV_")) { +key = key.substring("SAN_OTHER_dnsSRV_".length()); +// FIXME return certificates[0].getSubjectAlternativeNames() +} +} +} +} catch (IOException e) { +// TLS access error +} +return null; +} + +private String resolveSslCertificates(String key, X509Certificate[] certificates) { +if (key.equals("M_VERSION")) { +return String.valueOf(certificates[0].getVersion()); +} else if (key.equals("M_SERIAL")) { +return certificates[0]
[tomcat] branch master updated (1d1d835 -> 7ac3bfe)
This is an automated email from the ASF dual-hosted git repository. remm pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 1d1d835 Add missing French translation (remm) add 7ac3bfe Expose the local certificate through SSLSupport No new revisions were added by this update. Summary of changes: java/org/apache/tomcat/util/net/SSLSupport.java | 11 +++ java/org/apache/tomcat/util/net/jsse/JSSESupport.java | 15 +++ webapps/docs/changelog.xml| 4 3 files changed, 30 insertions(+) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64478] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
https://bz.apache.org/bugzilla/show_bug.cgi?id=64478 Mark Thomas changed: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #2 from Mark Thomas --- A client appears to have sent an HTTP/1.1 request without a protocol. It may have been trying to send an HTTP/0.9 request but it included a trailing " " (space) after the URI. The users list is the place to seek additional help. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64471] Rfc6265CookieProcessor doesn't consider IPv6
https://bz.apache.org/bugzilla/show_bug.cgi?id=64471 --- Comment #7 from Christopher Schultz --- (In reply to Mark Thomas from comment #5) > See section 5.1.3 of RFC 6265. It explicitly states that an IP address can > not match a domain string. +1 Thanks for the specific reference. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64471] Rfc6265CookieProcessor doesn't consider IPv6
https://bz.apache.org/bugzilla/show_bug.cgi?id=64471 --- Comment #6 from Julian Reschke --- FWIW, if there's something unclear abour RFC 6265, or if it doesn't describe browser behavior correctly, this should be raised at https://github.com/httpwg/http-extensions/labels/6265bis -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64478] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
https://bz.apache.org/bugzilla/show_bug.cgi?id=64478 --- Comment #1 from mgrigorov --- What kind of request do you make against Tomcat ? What headers are in the request ? The provided information is not enough to investigate any kind of problem. You better ask for help at us...@tomcat.apache.org -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64478] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
https://bz.apache.org/bugzilla/show_bug.cgi?id=64478 Md. Adnan Rashidul Islam changed: What|Removed |Added CC||aris...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64478] New: org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
https://bz.apache.org/bugzilla/show_bug.cgi?id=64478 Bug ID: 64478 Summary: org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header Product: Tomcat 9 Version: 9.0.35 Hardware: Other OS: Linux Status: NEW Severity: blocker Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: aris...@gmail.com Target Milestone: - With the Tomcat version 9.0.35, the following error occurs without deploying any custom application, 28-May-2020 06:08:44.960 FINE [main] org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for [StandardServer[8005]] to [INITIALIZING] 28-May-2020 06:08:44.963 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/9.0.35 28-May-2020 06:08:44.963 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: May 5 2020 20:36:20 UTC 28-May-2020 06:08:44.963 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.35.0 28-May-2020 06:08:44.963 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux 28-May-2020 06:08:44.963 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 4.1.12-124.38.1.el6uek.x86_64 28-May-2020 06:08:44.963 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64 28-May-2020 06:08:44.963 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/local/jdk/jre 28-May-2020 06:08:44.963 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_251-b08 28-May-2020 06:08:44.964 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation 28-May-2020 06:08:44.964 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /home/tomcat/test1/apache-tomcat-9.0.35 28-May-2020 06:08:44.964 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /home/tomcat/test1/apache-tomcat-9.0.35 28-May-2020 06:08:44.964 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/home/tomcat/test1/apache-tomcat-9 .0.35/conf/logging.properties 28-May-2020 06:08:44.964 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 28-May-2020 06:08:44.964 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048 28-May-2020 06:08:44.964 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources 28-May-2020 06:08:44.964 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 28-May-2020 06:08:44.964 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs= 28-May-2020 06:08:44.965 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/home/tomcat/test1/apache-tomcat-9.0.35 28-May-2020 06:08:44.965 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/home/tomcat/test1/apache-tomcat-9.0.35 28-May-2020 06:08:44.965 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/home/tomcat/test1/apache-tomcat-9.0.35/temp 28-May-2020 06:08:44.965 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The Apache Tomcat Native library which allows using OpenSSL was not found on the j ava.library.path: [/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib] 28-May-2020 06:08:45.213 FINE [main] org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for [org.apache.catalina.deploy.NamingResourcesImpl@3c0f93f1] to [INITIAL IZING] 28-May-2020 06:08:45.215 FINE [main] org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for [org.apache.catalina.deploy.NamingResourcesImpl@3c0f93f1] to [INITIAL IZED] 28-May-2020 06:08:45.229 FINE [main] org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for [StandardService[Catalina]] to [INITIALIZING] 28-May-2020 06:08:45.230 FINE [main] org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for [StandardEngine[Catalina]] to [INITIALIZING] 28-May-2020 06:08:45.231 FINE [main] org.apache.catalina.util.LifecycleBase.setStateInternal Setting state for [StandardEngine[Catalina]] to [INITIALIZED] 28-May-2020 06:08:45.231 FINE [main] org.apache.catalina.util.LifecycleBase.setStateInternal
[Bug 64471] Rfc6265CookieProcessor doesn't consider IPv6
https://bz.apache.org/bugzilla/show_bug.cgi?id=64471 --- Comment #5 from Mark Thomas --- See section 5.1.3 of RFC 6265. It explicitly states that an IP address can not match a domain string. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org