DO NOT REPLY [Bug 48236] another workaround for CVE-2009-3555 for the BIO connector

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48236 Ralf Hauser changed: What|Removed |Added CC||more...@privasphere.com --- Comment

Re: svn commit: r882320 - in /tomcat/trunk/java/org/apache/tomcat/util/net/jsse: JSSESocketFactory.java JSSESupport.java

2009-11-19 Thread Bill Barker
This looks like it should work (haven't tested it yet), but hoping that there are people that can test on non-Sun JVMs to see if there could be problems. This patch is a little heavy on knowing how the JVM implements things :(. wrote in message news:20091119220644.2d8f42388...@eris.apache.or

svn commit: r882369 - /tomcat/tc5.5.x/trunk/STATUS.txt

2009-11-19 Thread markt
Author: markt Date: Fri Nov 20 00:50:20 2009 New Revision: 882369 URL: http://svn.apache.org/viewvc?rev=882369&view=rev Log: Propose alternative fix Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STA

svn commit: r882368 - /tomcat/tc6.0.x/trunk/STATUS.txt

2009-11-19 Thread markt
Author: markt Date: Fri Nov 20 00:50:06 2009 New Revision: 882368 URL: http://svn.apache.org/viewvc?rev=882368&view=rev Log: Propose alternative fix Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STA

SSL MITM status update

2009-11-19 Thread Mark Thomas
Feedback / comments on the info below. I'd like to get it out to users@ and announce@ fairly soon. Cheers, Mark === Overview Work on the root cause is progressing but is still in a state of flux. The purpose of this update is provide inf

svn commit: r882320 - in /tomcat/trunk/java/org/apache/tomcat/util/net/jsse: JSSESocketFactory.java JSSESupport.java

2009-11-19 Thread markt
Author: markt Date: Thu Nov 19 22:06:43 2009 New Revision: 882320 URL: http://svn.apache.org/viewvc?rev=882320&view=rev Log: Improve workaround for CVE-2009-3555 On the plus side, it doesn't rely on an async event to close the connection On the down side, I haven't yet found a way to log client in

DO NOT REPLY [Bug 48236] another workaround for CVE-2009-3555 for the BIO connector

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48236 --- Comment #3 from Mark Thomas 2009-11-19 13:41:24 GMT --- Testing has been positive. I ended up keeping the listener from the original patch to log the handshake attempts. I'm not so concerned about the logging being in a separate thread

DO NOT REPLY [Bug 48236] another workaround for CVE-2009-3555 for the BIO connector

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48236 Mark Thomas changed: What|Removed |Added CC||hau...@acm.org --- Comment #2 from M

DO NOT REPLY [Bug 48158] warn that "per directory client certificate authentication" is harmful

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48158 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|

DO NOT REPLY [Bug 48192] Allow to specify the SSLSocket class in connector tag of server.xml

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48192 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|

Re: Tomcat Native patch - adding dynamic locking callbacks for openssl engines

2009-11-19 Thread Mladen Turk
On 11/19/2009 08:39 PM, Daniel Ruggeri wrote: All; Hello. I have been using Tomcat and TCNative for quite a while now, but have just now subscribed to this list so I may contribute a proposed patch. Since I am new, please be patient if I'm doing things wrong - I've RTFM, but that only goes so far

Tomcat Native patch - adding dynamic locking callbacks for openssl engines

2009-11-19 Thread Daniel Ruggeri
All;    Hello. I have been using Tomcat and TCNative for quite a while now, but have just now subscribed to this list so I may contribute a proposed patch. Since I am new, please be patient if I'm doing things wrong - I've RTFM, but that only goes so far.    The attached patch adds dynamic loc

svn commit: r882231 - in /tomcat/trunk: java/org/apache/catalina/connector/ java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/

2009-11-19 Thread markt
Author: markt Date: Thu Nov 19 18:00:09 2009 New Revision: 882231 URL: http://svn.apache.org/viewvc?rev=882231&view=rev Log: Fix SSL for BIO post refactoring Make attribute names consistent Endpoints are now responsible for configuring the SSL "engine" Basics work but still needs more testing NIO

svn commit: r882186 - /tomcat/trunk/java/org/apache/coyote/http11/Http11Protocol.java

2009-11-19 Thread markt
Author: markt Date: Thu Nov 19 16:05:48 2009 New Revision: 882186 URL: http://svn.apache.org/viewvc?rev=882186&view=rev Log: Fix Eclipse warning Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Protocol.java Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Protocol.java U

DO NOT REPLY [Bug 48240] New: Tomcat-Lite missing @Override markers

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48240 Summary: Tomcat-Lite missing @Override markers Product: Tomcat 7 Version: trunk Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2

DO NOT REPLY [Bug 48239] New: HexUtils exposes public array

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48239 Summary: HexUtils exposes public array Product: Tomcat 7 Version: trunk Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2

DO NOT REPLY [Bug 48238] Tomcat-lite won't compile

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48238 --- Comment #2 from Sebb 2009-11-19 07:45:11 UTC --- Created an attachment (id=24566) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=24566) ByteChunk.length() => ByteChunk.getLength(); += @Override -- Configure bugmail: https:

DO NOT REPLY [Bug 48238] Tomcat-lite won't compile

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48238 --- Comment #1 from Sebb 2009-11-19 07:43:54 UTC --- Created an attachment (id=24565) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=24565) Fix bug (sm not init); remove unnecessary casts -- Configure bugmail: https://issues.a

DO NOT REPLY [Bug 48238] New: Tomcat-lite won't compile

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48238 Summary: Tomcat-lite won't compile Product: Tomcat 7 Version: trunk Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Com

svn commit: r882169 - /tomcat/trunk/java/org/apache/catalina/connector/Connector.java

2009-11-19 Thread markt
Author: markt Date: Thu Nov 19 15:08:03 2009 New Revision: 882169 URL: http://svn.apache.org/viewvc?rev=882169&view=rev Log: Fix SSL config error as a result of attribute refactoring. Modified: tomcat/trunk/java/org/apache/catalina/connector/Connector.java Modified: tomcat/trunk/java/org/apa

svn commit: r882151 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

2009-11-19 Thread markt
Author: markt Date: Thu Nov 19 14:05:56 2009 New Revision: 882151 URL: http://svn.apache.org/viewvc?rev=882151&view=rev Log: Fix the Eclipse warnings - no functional change Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Modified: tomcat/trunk/java/org/apa

svn commit: r882148 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

2009-11-19 Thread markt
Author: markt Date: Thu Nov 19 14:01:27 2009 New Revision: 882148 URL: http://svn.apache.org/viewvc?rev=882148&view=rev Log: Remove unused code Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSE

DO NOT REPLY [Bug 48236] another workaround for CVE-2009-3555 for the BIO connector

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48236 --- Comment #1 from Mark Thomas 2009-11-19 05:44:36 GMT --- Thanks for the alternative suggestion. I'll do some testign and if all looks OK, change the way we disable the handshake. -- Configure bugmail: https://issues.apache.org/bugzilla

DO NOT REPLY [Bug 48236] New: another workaround for CVE-2009-3555 for the BIO connector

2009-11-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=48236 Summary: another workaround for CVE-2009-3555 for the BIO connector Product: Tomcat 6 Version: unspecified Platform: All OS/Version: All Status: NEW

Re: [VOTE] Releasing Apache Tomcat Native 1.1.18

2009-11-19 Thread jean-frederic clere
On 11/19/2009 09:41 AM, Henri Gomez wrote: It works with the update tarball : The updated tarball is now available at http://tomcat.apache.org/dev/dist/tomcat-connectors/native/source/1.1.18/ Cheers Jean-Frederic - To unsu

svn commit: r882085 - /tomcat/native/branches/1.1.x/KEYS

2009-11-19 Thread jfclere
Author: jfclere Date: Thu Nov 19 09:12:57 2009 New Revision: 882085 URL: http://svn.apache.org/viewvc?rev=882085&view=rev Log: Put back the old key. Modified: tomcat/native/branches/1.1.x/KEYS Modified: tomcat/native/branches/1.1.x/KEYS URL: http://svn.apache.org/viewvc/tomcat/native/branch

Re: [VOTE] Releasing Apache Tomcat Native 1.1.18

2009-11-19 Thread Henri Gomez
It works with the update tarball : I just used : ./configure --with-apr=/usr/bin --with-java-home=/System/Library/Frameworks/JavaVM.framework/Versions/Current/ make got : total 2544 -rwxr-xr-x 1 henri staff 186280 19 nov 09:39 libtcnative-1.0.1.18.dylib drwxr-xr-x 3 henri staff 102 1

Re: [VOTE] Releasing Apache Tomcat Native 1.1.18

2009-11-19 Thread jean-frederic clere
On 11/19/2009 08:51 AM, Henri Gomez wrote: did you run buildconf ? jnirelease.sh should have done that... Investigating... I'm running SnowLeopard I still have to update my box Cheers Jean-Frederic 2009/11/19 jean-frederic clere: On 11/18/2009 09:43 PM, Henri Gomez wrote: JF,