RE: RHEL 8.6 ==> Tomcat Native 1.2.32 ==> OpenSSLEngine could not initialize

2023-06-22 Thread S Abirami
Hi Christopher, Thanks for the reply. We found the solution for the problem. Tomcat Native, we used the same '*.so' compiled in RHEL 7.9. Once compiled with RHEL 8.6 it worked. Regards, Abirami.S -Original Message- From: Christopher Schultz Sent: Thursday, June 22, 2023 7:35 PM To: use

Re: Get Client Certificate Information

2023-06-22 Thread Timothy Ward
The compile actually created 4 .class files: CGIServlet$CGIEnvironment.class CGIServlet$CGIRunner.class CGIServlet$HTTPHeaderInputStream.class CGIServlet.class So, I combined them into CGIServlet.jar I'll look at ant deploy. On Thu, Jun 22, 2023 at 5:29 PM Christopher Schultz < ch...@christ

Re: Get Client Certificate Information

2023-06-22 Thread Christopher Schultz
Timothy, On 6/22/23 14:01, Timothy Ward wrote: I am trying to go the route of modifying the CGIServlet from: h ttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771

Re: Get Client Certificate Information

2023-06-22 Thread Timothy Ward
I am trying to go the route of modifying the CGIServlet from: h ttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771 I got it to compile with my changes

RE: [SECURITY] CVE-2023-34981 Apache Tomcat - Information disclosure

2023-06-22 Thread jonmcalexander
Now that is what I call proactive! Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel

Re: [SECURITY] CVE-2023-34981 Apache Tomcat - Information disclosure

2023-06-22 Thread James H. H. Lampert
Funny thing: we recently needed to update a customer's Tomcat because they were complaining about a security issue that had prompted 8.5.88. And by the time we got the update request, 8.5.89 was already out, but we hadn't yet heard of CVE-2023-34981. So we'd already skipped over 8.5.88 before

Re: RHEL 8.6 ==> Tomcat Native 1.2.32 ==> OpenSSLEngine could not initialize

2023-06-22 Thread Christopher Schultz
Hello, On 6/22/23 07:47, S Abirami wrote: Hi All, Our application using embedded tomcat 9.0.62 on RHEL linux environment. Tomcat native version :1.2.32 openssl version OpenSSL 1.1.1k After upgrading from RHEL 7.9 to RHEL 8.6 version, embedded tomcat throws an exception when starting the ap

Re: Get Client Certificate Information

2023-06-22 Thread Christopher Schultz
Timothy, On 6/21/23 16:56, Timothy Ward wrote: import javax.servlet.http.HttpServletRequest; import javax.security.cert.Certificate; import javax.security.cert.X509Certificate; public class GrabCert extends Object { public static String getCommonName() { try { X509Certificat

RHEL 8.6 ==> Tomcat Native 1.2.32 ==> OpenSSLEngine could not initialize

2023-06-22 Thread S Abirami
Hi All, Our application using embedded tomcat 9.0.62 on RHEL linux environment. Tomcat native version :1.2.32 openssl version OpenSSL 1.1.1k After upgrading from RHEL 7.9 to RHEL 8.6 version, embedded tomcat throws an exception when starting the application for https. org.apache.catalina.uti

Re: [SECURITY] CVE-2023-34981 Apache Tomcat - Information disclosure

2023-06-22 Thread Mark Thomas
On 22/06/2023 00:17, Stefan Mayr wrote: Hi, Am 21.06.2023 um 12:20 schrieb Mark Thomas: CVE-2023-34981 Apache Tomcat - Information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M5 Apache Tomcat 10.1.8 Apache Tomcat 9.0.74 Apache