Author: markt Date: Mon Jun 25 19:29:44 2012 New Revision: 1353709 URL: http://svn.apache.org/viewvc?rev=1353709&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53459 Fix SSLVerifyClient option in APR SSL example and further clarify how to modify server.xml based on the desired connector implementation.
Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Propchange: tomcat/tc7.0.x/trunk/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r1353708 Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1353709&r1=1353708&r2=1353709&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Jun 25 19:29:44 2012 @@ -113,6 +113,10 @@ <bug>53456</bug>: Minor corrections and improvements to the HTTP connector configuration reference. Patch provided by sebb. (markt) </fix> + <fix> + <bug>53459</bug>: Correction and clarifications to the SSL Connector + configuration examples in the SSL how-to. (markt) + </fix> </changelog> </subsection> <subsection name="Other"> Modified: tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1353709&r1=1353708&r2=1353709&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Mon Jun 25 19:29:44 2012 @@ -343,11 +343,14 @@ sources like "/dev/urandom" that will al <code>$CATALINA_BASE</code> represents the base directory for the Tomcat instance. An example <code><Connector></code> element for an SSL connector is included in the default <code>server.xml</code> -file installed with Tomcat. For JSSE, it should look something like this:</p> +file installed with Tomcat. To configure an SSL connector that uses JSSE, you +will need to remove the comments and edit it so it looks something like +this:</p> <source> <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> -<!-- +<-- Hard-coded to use the NIO protocol implementation --> <Connector + protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="${user.home}/.keystore" keystorePass="changeit" @@ -355,19 +358,20 @@ file installed with Tomcat. For JSSE, i --> </source> <p> - The example above will throw an error if you have the APR and the Tomcat Native libraries in your path, - as Tomcat will try to use the APR connector. The APR connector uses different attributes for - SSL keys and certificates. An example of an APR configuration is: + The example above will throw an error if you have the APR and the Tomcat + Native libraries in your path, as Tomcat will try to use the APR connector. + The APR connector uses different attributes for many SSL settings, + particularly keys and certificates. An example of an APR configuration is: <source> <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> -<!-- +<-- Hard-coded to use the APR protocol implementation --> <Connector + protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="/usr/local/ssl/server.crt" SSLCertificateKeyFile="/usr/local/ssl/server.pem" - clientAuth="optional" SSLProtocol="TLSv1"/> ---> + SSLVerifyClient="optional" SSLProtocol="TLSv1"/> </source> </p> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org