https://issues.apache.org/bugzilla/show_bug.cgi?id=51342
Bug #: 51342
Summary: Inconsistency in ssl-howto apr example configuration
Product: Tomcat 6
Version: 6.0.29
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: Documentation
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
When going through the SSL docs to use APR for native OpenSSL I found an
inconsistency in the docs.
in
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File
it suggests that a correct connector in the server.xml should look like:
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="optional" SSLProtocol="TLSv1"/>
-->
this however didn't work and resulted in:
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'clientAuth' to 'true' did not find a matching property.
An actual working config can be found in
http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS . I propose copying the
example section:
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true"
SSLCertificateFile="${catalina.base}/conf/localhost.crt"
SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
To replace the, what I believe to be false, example in the ssl-howto.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
