[GUMP@vmgump]: Project tomcat-trunk-test-apr (in module tomcat-trunk) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-test-apr has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 31 runs. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-trunk-test-apr : Tomcat 9.x, a web server implementing the Java Servlet 4.0, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-apr/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/logs-APR -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-apr/gump_work/build_tomcat-trunk_tomcat-trunk-test-apr.html Work Name: build_tomcat-trunk_tomcat-trunk-test-apr (Type: Build) Work ended in a state of : Failed Elapsed: 35 mins 57 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-APR -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150506-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native-trunk/dest-20150506/lib -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20150506.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150506-native-src.tar.gz -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false -Dtest.openssl.path=/srv/gump/public/workspace/openssl-master/dest-20150506/bin/openssl -Dexecute.test.apr=true -Dtest.excludePerformance=true -Dexecute.test.nio2=false -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.4-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-trunk] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat
svn commit: r1677930 - /tomcat/trunk/webapps/docs/config/ajp.xml
Author: markt Date: Wed May 6 06:22:14 2015 New Revision: 1677930 URL: http://svn.apache.org/r1677930 Log: Remove another socketWrapperCache identified in a kkolinko review Modified: tomcat/trunk/webapps/docs/config/ajp.xml Modified: tomcat/trunk/webapps/docs/config/ajp.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/ajp.xml?rev=1677930r1=1677929r2=1677930view=diff == --- tomcat/trunk/webapps/docs/config/ajp.xml (original) +++ tomcat/trunk/webapps/docs/config/ajp.xml Wed May 6 06:22:14 2015 @@ -689,13 +689,6 @@ code-1/code for unlimited cache and code0/code for no cache./p /attribute - attribute name=socket.socketWrapperCache required=false -p(int)Tomcat will cache SocketWrapper objects to reduce garbage -collection. The integer value specifies how many objects to keep in the -cache at most. The default is code500/code. Other values are -code-1/code for unlimited cache and code0/code for no cache./p - /attribute - /attributes /subsection - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1677840 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SocketProperties.java webapps/docs/config/http.xml
On 06/05/2015 03:03, Konstantin Kolinko wrote: 2015-05-05 18:36 GMT+03:00 ma...@apache.org: Author: markt Date: Tue May 5 15:36:31 2015 New Revision: 1677840 URL: http://svn.apache.org/r1677840 Log: Remove unused property (SocketWrappers are no longer reused) Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java tomcat/trunk/webapps/docs/config/http.xml Searching for socketWrapperCache, it is also mentioned in config/ajp.xml Removed. Thanks. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57892] Log once a warning if a symbolic link is ignored (e.g. to web.xml )
https://bz.apache.org/bugzilla/show_bug.cgi?id=57892 Ralf Hauser hau...@acm.org changed: What|Removed |Added Summary|Log a warning if web.xml is |Log once a warning if a |a symbolic link that is |symbolic link is ignored |ignored |(e.g. to web.xml ) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1191 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1677930 Blamelist: markt BUILD FAILED: exception upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677967 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/changelog.xml
Author: markt Date: Wed May 6 12:34:05 2015 New Revision: 1677967 URL: http://svn.apache.org/r1677967 Log: Use the truststoreProvider rather than the keystoreProvider for the trust manager Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 6 12:34:05 2015 @@ -1 +1 @@ -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802
svn commit: r1677976 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Wed May 6 12:39:18 2015 New Revision: 1677976 URL: http://svn.apache.org/r1677976 Log: Vote Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1677976r1=1677975r2=1677976view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed May 6 12:39:18 2015 @@ -66,7 +66,7 @@ PATCHES PROPOSED TO BACKPORT: http://svn.apache.org/r1672285 tc7 : http://svn.apache.org/r1672274 http://svn.apache.org/r1672286 - +1: rjung, kkolinko + +1: rjung, kkolinko, markt -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1675198 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprEndpoint.java java/org/apache/tomcat/util/net/SSLHostConfig.java webapps/docs/config/http.xml
On 06/05/2015 02:24, Konstantin Kolinko wrote: 2015-04-21 23:56 GMT+03:00 ma...@apache.org: Author: markt Date: Tue Apr 21 20:56:14 2015 New Revision: 1675198 URL: http://svn.apache.org/r1675198 Log: Document the protocols attribute for SSLHostConfig and align the implementation with it. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/webapps/docs/config/http.xml (...) Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1675198r1=1675197r2=1675198view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Tue Apr 21 20:56:14 2015 @@ -1050,7 +1050,7 @@ attributes -attribute name=hostName required=true +attribute name=hostName required=false pThe name of the SSL Host. This should either be the fully qualified domain name (e.g. codetomcat.apache.org/code) or a wild card domain name (e.g. code*.apache.org/code). If not specified, the default value @@ -1058,7 +1058,20 @@ /attribute attribute name=protocols required=false - p/p + pThe names of the protocols to support when communicating with clients. + This should be a comma separated list of any combination of the following: + /p + ulliSSLv2Hello/liliSSLv2/liliSSLv3/liliTLSv1/li + liTLSv1.1/liliTLSv1.2/liliall/li/ul + pNote that OpenSSL based secure connectors will always support + codeSSLv2Hello/code regardless of whether or not it is included in the + value for this attribute./p + pNote that codeall/code is an alias for + codeTLSv1,TLSv1.1,TLSv1.2/code./p + pNote that codeSSLv2/code and codeSSLv3/code are inherently + unsafe./p + pIf not specified, the default value of codeall/code will be + used./p /attribute As far as I remember from reading the source code, the above phrase Note that OpenSSL based secure connectors will always support SSLv2Hello regardless of whether or not it is included in the value for this attribute. about protocols attribute is not true. I think that it works as following: 1) If protocols includes several protocols (like in TLSv1,TLSv1.1,TLSv1.2) then OpenSSL configures a generic handshake method that supports SSLv2Hello. 2) If protocols includes only one protocol (e.g. TLSv1 or TLSv1.2), it configures a handshake method for that specific protocol, and SSLv2Hello is not enabled. In our sslcontext.c of Tomcat-Native 1.1.x: The case of 1) uses ctx = SSL_CTX_new(SSLv23_server_method()); The case of 2) uses ctx = SSL_CTX_new(TLSv1_2_server_method()); ctx = SSL_CTX_new(TLSv1_1_server_method()); ctx = SSL_CTX_new(TLSv1_server_method()); etc. Interesting. I should be able to change things so both JSSE and OpenSSL based connectors work the same way. I'll take a look. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57802] Compatibility with ICEfaces 1.8 over JSF 1.1 apps
https://bz.apache.org/bugzilla/show_bug.cgi?id=57802 --- Comment #19 from Patrick WENDJI wlpa2...@gmail.com --- (In reply to Mark Thomas from comment #18) Thanks for the test case. Your analysis was heading in the right direction but missed the real root cause. The problem was the incorrect default implementation of ELResolver.convertToType(). It failed to call context.setPropertyResolved(false). This meant older ELResolver implementations that inherited this method would return null and if ELContext.getPropertyResolved() was true, that null was treated as a valid conversion triggering the NPE. This has been fixed in trunk and 8.0.x for 8.0.23 onwards. I hope I helped. When will Tomcat 8.0.23 be released? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677974 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Wed May 6 12:38:16 2015 New Revision: 1677974 URL: http://svn.apache.org/r1677974 Log: Proposal Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1677974r1=1677973r2=1677974view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed May 6 12:38:16 2015 @@ -69,6 +69,14 @@ PATCHES PROPOSED TO BACKPORT: +1: rjung, kkolinko -1: + +* Use the truststoreProvider rather than the keystoreProvider for the trust + manager + http://svn.apache.org/r1677971 + +1: markt + -1: + + PATCHES/ISSUES THAT ARE STALLED: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44312 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1677884 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/
On 06/05/2015 02:55, Konstantin Kolinko wrote: 2015-05-05 22:48 GMT+03:00 ma...@apache.org: Author: markt Date: Tue May 5 19:48:53 2015 New Revision: 1677884 URL: http://svn.apache.org/r1677884 Log: Move alias, keystoreType and keystoreProvider to SSlHostConfig Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677884r1=1677883r2=1677884view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Tue May 5 19:48:53 2015 @@ -337,13 +337,14 @@ public class JSSESocketFactory implement @Override public KeyManager[] getKeyManagers() throws Exception { -String keystoreType = endpoint.getKeystoreType(); +String keystoreType = sslHostConfig.getCertificateKeystoreType(); if (keystoreType == null) { keystoreType = defaultKeystoreType; } -return getKeyManagers(keystoreType, endpoint.getKeystoreProvider(), -sslHostConfig.getKeyManagerAlgorithm(), endpoint.getKeyAlias()); +return getKeyManagers(keystoreType, sslHostConfig.getCertificateKeystoreProvider(), +sslHostConfig.getKeyManagerAlgorithm(), +sslHostConfig.getCertificateKeyAlias()); } @Override @@ -353,7 +354,7 @@ public class JSSESocketFactory implement truststoreType = System.getProperty(javax.net.ssl.trustStoreType); } if (truststoreType == null) { -truststoreType = endpoint.getKeystoreType(); +truststoreType = sslHostConfig.getCertificateKeystoreType(); } if (truststoreType == null) { truststoreType = defaultKeystoreType; @@ -364,7 +365,7 @@ public class JSSESocketFactory implement algorithm = TrustManagerFactory.getDefaultAlgorithm(); } -return getTrustManagers(truststoreType, endpoint.getKeystoreProvider(), +return getTrustManagers(truststoreType, sslHostConfig.getCertificateKeystoreProvider(), algorithm); } Noted when reviewing the above change. It was not introduced by this commit, but existed before it. About the above return getTrustManagers(truststoreType, line: Reading documentation (config/http.html), there exists configuration attribute truststoreProvider. It is odd that the call uses keystore Provider option instead of truststoreProvider as the second argument to getTrustManagers(). I noticed that while I was working on the patch. Looking at it some more was on my TODO list. As far as I can tell, it is a bug in r1079387 that no-one has tripped over so far. This isn't really surprising as keyStoreProvider != trustStoreProvider is going to be rare. I'll get it fixed and back-ported. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677971 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/changelog.xml
Author: markt Date: Wed May 6 12:36:50 2015 New Revision: 1677971 URL: http://svn.apache.org/r1677971 Log: Use the truststoreProvider rather than the keystoreProvider for the trust manager Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 6 12:36:50 2015 @@ -1,2 +1,2 @@ -/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553-1667555 ,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635 -/tomcat/trunk:1156115-1157160,1157162-1157859,1157862-1157942,1157945-1160347,1160349-1163716,1163718-1166689,1166691-1174340,1174342-1175596,1175598-1175611,1175613-1175932,1175934-1177783,1177785-1177980,1178006-1180720,1180722-1183094,1183096-1187753,1187755,1187775,1187801,1187806,1187809,1187826-1188312,1188314-1188401,1188646-1188840,1188842-1190176,1190178-1195223,1195225-1195953,1195955,1195957-1201238,1201240-1203345,1203347-1206623,1206625-1208046,1208073,1208096,1208114,1208145,1208772,1209194-1212125,1212127-1220291,1220293,1220295-1221321,1221323-1222329,1222332-1222401,1222405-1222795,1222850-1222950,1222969-1225326,1225328-1225463,1225465,1225627,1225629-1226534,1226536-1228908,1228911-1228923,1228927-1229532,1229534-1230766,1230768-1231625,1231627-1233414,1233419-1235207,1235209-1237425,1237427,1237429-1237977,1237981,1237985,1237995,1238070,1238073,1239024-1239048,1239050-1239062,1239135,1239256,1239258-1239485,1239785-1240046,1240101,1240106,1240109,1240112,1240114 ,1240116,1240118,1240121,1240329,1240474-1240850,1240857,1241087,1241160,1241408-1241822,1241908-1241909,1241912-1242110,1242371-1292130,1292134-1292458,1292464-1292670,1292672-1292776,1292780-1293392,1293397-1297017,1297019-1297963,1297965-1299820,1300108,1300111-1300460,1300520-1300948,1300997,1301006,1301280,1302332,1302348,1302608-1302610,1302649,1302837,1303138,1303163,1303338,1303521,1303587,1303698,1303803,1303852,1304011,1304035,1304037,1304135,1304249,1304253,1304260,1304271,1304275,1304468,1304895,1304930-1304932,1305194,1305943,1305965,1306556,1306579-1306580,1307084,1307310,1307511-1307512,1307579,1307591,1307597,1310636,1310639-1310640,1310642,1310701,1311212,1311995,1327617,1327670,1331766,1333161,1333173,1333827,1334787,1335026,1335257,1335547,1335692,1335711,1335731,1336515,1336813,1336864,1336868,1336884,1337419,1337426,1337546,1337572,1337591-1337595,1337643,1337707,1337719,1337734,1337741,1337745,1338151-1338154,1338178,1342027,1342029,1342315,1342320,1342476,1342 498,1342503,1342717,1342795,1342805,1343044-1343046,1343335,1343394,1343400,1343629,1343708,1343718,1343895,1344063,1344068,1344250,1344266,1344515,1344528,1344612,1344629,1344725,1344868,1344890,1344893,1344896,1344901,1345020,1345029,1345039,1345287-1345290,1345294,1345309,1345325,1345357,1345367,1345579-1345580,1345582,1345688,1345699,1345704,1345731-1345732,1345737,1345744,1345752,1345754,1345779,1345781,1345846,1346107,1346365,1346376,1346404,1346510,1346514,1346519,1346581,1346635,1346644,1346683,1346794,1346885,1346932,1347034,1347047,1347087,1347108-1347109,1347583,1347737,1348105,1348357,1348398,1348425,1348461-1348495,1348498,1348752,1348762,1348772,1348776,1348859,1348968,1348973,1348989,1349007,1349237,1349298,1349317,1349410,1349473,1349539,1349879,1349887,1349893,1349922,1349984,1350124,1350241,1350243,1350294-1350295,1350299,1350864,1350900,1351010,1351054,1351056,1351068,1351134-1351135,1351148,1351259,1351604,1351636-1351640,1351991,1351993,1352011,1352056,1352059,1
Re: Tomcat Grid
I can see security of this tool being paramount. What if you had a large cluster and someone else was able to manipulate it using this tool? On Tue, May 5, 2015 at 4:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: Chris, On 5/5/15 4:39 PM, Chris Aguirre wrote: I actually use Windows Powershell to execute commands on remote machines, including stopping/starting Tomcat (and other Windows Services). This works well for me - but in this case, I have complete control of all the VMs - and they are not Production Servers. I used the following articles as reference for creating the Powershell scripts: http://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/ http://stackoverflow.com/questions/6239647/using-powershell-credentials-without-being-prompted-for-a-password That's great. *NIX also has ssh which can be used to execute remote commands, but that's not the hard part. The hard part is planning a regular configuration that can be deployed to possibly hundreds of separate machines (virtual or physical) and then controlled in a sane way. For instance, let's say that I have 12 machines in two separate clusters. If I want to shutdown 3 machines in each cluster, I have to execute a flurry of commands like these: $ ssh -c user@server1 /path/to/tomcat/shutdown.sh $ ssh -c user@server2 /path/to/tomcat/shutdown.sh $ ssh -c user@server3 /path/to/tomcat/shutdown.sh $ ssh -c user@server7 /path/to/tomcat/shutdown.sh $ ssh -c user@server8 /path/to/tomcat/shutdown.sh $ ssh -c user@server9 /path/to/tomcat/shutdown.sh If I had a tool that understood my deployment configuration, I could do something like this: $ cluster shutdown 1 2 3 7 8 9 If the tool was *really* nice, it might inform my load-balancer that the nodes would be coming down as well. If it was super-nice, a tool would allow me to schedule a shutdown of nodes in the near future. For example, say I want to take those same nodes offline, but I want to disable them at the lb, then wait for their sticky sessions to drain folly before stopping each Tomcat instance. And since I don't want to watch the tool while it waits, I want to get an email or SMS confirmation when each node goes down. Maybe I can get integration into monitoring tools as well, so when I intentionally take a node offline, I don't get a bunch of text messages telling me that a server has gone down. These are the kinds of things that a grid tool could do to help. Being able to execute remote commands is just one of the primitive operations of this kind of thing. -chris -- With Regards, Andrew Carr e. andrewlanec...@gmail.com w. andrew.c...@openlogic.com h. 4235255668 c. 4239489852 a. 101 Francis Drive, Greeneville, TN, 37743
svn commit: r1678001 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Wed May 6 14:12:25 2015 New Revision: 1678001 URL: http://svn.apache.org/r1678001 Log: vote Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1678001r1=1678000r2=1678001view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed May 6 14:12:25 2015 @@ -73,7 +73,7 @@ PATCHES PROPOSED TO BACKPORT: * Use the truststoreProvider rather than the keystoreProvider for the trust manager http://svn.apache.org/r1677971 - +1: markt + +1: markt, kkolinko -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat Grid
Andrew, On 5/6/15 9:21 AM, Andrew Carr wrote: I can see security of this tool being paramount. What if you had a large cluster and someone else was able to manipulate it using this tool? If it's built on secure building blocks, such as public-key-based ssh authentication, or TLS client certificates, then I think it would be reasonably secure. Another option is a VPN or VLAN, or a separate physical network. We use the latter technique to communicate between our application servers and database servers to avoid the overhead of encryption. -chris On Tue, May 5, 2015 at 4:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: Chris, On 5/5/15 4:39 PM, Chris Aguirre wrote: I actually use Windows Powershell to execute commands on remote machines, including stopping/starting Tomcat (and other Windows Services). This works well for me - but in this case, I have complete control of all the VMs - and they are not Production Servers. I used the following articles as reference for creating the Powershell scripts: http://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/ http://stackoverflow.com/questions/6239647/using-powershell-credentials-without-being-prompted-for-a-password That's great. *NIX also has ssh which can be used to execute remote commands, but that's not the hard part. The hard part is planning a regular configuration that can be deployed to possibly hundreds of separate machines (virtual or physical) and then controlled in a sane way. For instance, let's say that I have 12 machines in two separate clusters. If I want to shutdown 3 machines in each cluster, I have to execute a flurry of commands like these: $ ssh -c user@server1 /path/to/tomcat/shutdown.sh $ ssh -c user@server2 /path/to/tomcat/shutdown.sh $ ssh -c user@server3 /path/to/tomcat/shutdown.sh $ ssh -c user@server7 /path/to/tomcat/shutdown.sh $ ssh -c user@server8 /path/to/tomcat/shutdown.sh $ ssh -c user@server9 /path/to/tomcat/shutdown.sh If I had a tool that understood my deployment configuration, I could do something like this: $ cluster shutdown 1 2 3 7 8 9 If the tool was *really* nice, it might inform my load-balancer that the nodes would be coming down as well. If it was super-nice, a tool would allow me to schedule a shutdown of nodes in the near future. For example, say I want to take those same nodes offline, but I want to disable them at the lb, then wait for their sticky sessions to drain folly before stopping each Tomcat instance. And since I don't want to watch the tool while it waits, I want to get an email or SMS confirmation when each node goes down. Maybe I can get integration into monitoring tools as well, so when I intentionally take a node offline, I don't get a bunch of text messages telling me that a server has gone down. These are the kinds of things that a grid tool could do to help. Being able to execute remote commands is just one of the primitive operations of this kind of thing. -chris signature.asc Description: OpenPGP digital signature
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1192 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1677966 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1677971 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/changelog.xml
On 06/05/2015 15:26, Konstantin Kolinko wrote: 2015-05-06 15:36 GMT+03:00 ma...@apache.org: Author: markt Date: Wed May 6 12:36:50 2015 New Revision: 1677971 URL: http://svn.apache.org/r1677971 Log: Use the truststoreProvider rather than the keystoreProvider for the trust manager Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677971r1=1677970r2=1677971view=diff == --- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Wed May 6 12:36:50 2015 @@ -545,8 +545,7 @@ public class JSSESocketFactory implement algorithm = TrustManagerFactory.getDefaultAlgorithm(); } -return getTrustManagers(truststoreType, endpoint.getKeystoreProvider(), -algorithm); +return getTrustManagers(truststoreType, endpoint.getTruststoreProvider(), algorithm); } @Override Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1677971r1=1677970r2=1677971view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed May 6 12:36:50 2015 @@ -128,6 +128,12 @@ bug57837/bug: Add codetext/css/code to the default list of compressable MIME types. (markt) /fix + fix +For the JSSE based TLS connectors, use the +codetruststoreProvider/code rather than the +codekeystoreProvider/code when creating the +codeTrustManager/codes. (markt) + /fix /changelog /subsection subsection name=Jasper Hi! I voted for TC 6 backport of this revision, but on further review there are two problems: 1. In other place that calls endpoint.getTruststoreProvider() -- JSSESocketFactory.getTrustStore() -- there is some logic to fallback to getKeystoreProvider(). It also consults a system property. If we call endpoint.getTruststoreProvider() directly then there is no such fallback logic. I'll look at fixing that. 2. The patch is not applicable to Tomcat 6 as is, as its endpoint classes do not have getTruststoreProvider() method. Searching for truststoreProvider I see that documentation mentions such option in config/http.xml, and the code in JSSESocketFactory.getTrustStore() does String truststoreProvider = (String)attributes.get(truststoreProvider); instead of using a getter method. Once I fix the first issue, I'll put together a specific 6.0.x patch. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1678011 - /tomcat/trunk/java/org/apache/jasper/compiler/TagFileProcessor.java
Author: markt Date: Wed May 6 14:45:02 2015 New Revision: 1678011 URL: http://svn.apache.org/r1678011 Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57887 Fix compilation for recursive tag files packaged in a JAR Modified: tomcat/trunk/java/org/apache/jasper/compiler/TagFileProcessor.java Modified: tomcat/trunk/java/org/apache/jasper/compiler/TagFileProcessor.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/TagFileProcessor.java?rev=1678011r1=1678010r2=1678011view=diff == --- tomcat/trunk/java/org/apache/jasper/compiler/TagFileProcessor.java (original) +++ tomcat/trunk/java/org/apache/jasper/compiler/TagFileProcessor.java Wed May 6 14:45:02 2015 @@ -517,6 +517,7 @@ class TagFileProcessor { TagInfo tagInfo, PageInfo parentPageInfo) throws JasperException { Jar tagJar = null; +Jar tagJarOriginal = null; try { if (tagFilePath.startsWith(/META-INF/)) { try { @@ -537,75 +538,83 @@ class TagFileProcessor { JspRuntimeContext rctxt = ctxt.getRuntimeContext(); synchronized (rctxt) { -JspServletWrapper wrapper = rctxt.getWrapper(wrapperUri); -if (wrapper == null) { -wrapper = new JspServletWrapper(ctxt.getServletContext(), ctxt -.getOptions(), tagFilePath, tagInfo, ctxt -.getRuntimeContext(), tagJar); -rctxt.addWrapper(wrapperUri, wrapper); - -// Use same classloader and classpath for compiling tag files -wrapper.getJspEngineContext().setClassLoader( -ctxt.getClassLoader()); - wrapper.getJspEngineContext().setClassPath(ctxt.getClassPath()); -} else { -// Make sure that JspCompilationContext gets the latest TagInfo -// for the tag file. TagInfo instance was created the last -// time the tag file was scanned for directives, and the tag -// file may have been modified since then. -wrapper.getJspEngineContext().setTagInfo(tagInfo); -// The tagJar passed to to the JspCompilationContext will -// have been closed (see the finally block at the end of -// this method) so update the the tagJar to one opened above -wrapper.getJspEngineContext().setTagFileJar(tagJar); -} - -Class? tagClazz; -int tripCount = wrapper.incTripCount(); +JspServletWrapper wrapper = null; try { -if (tripCount 0) { -// When tripCount is greater than zero, a circular -// dependency exists. The circularly dependent tag -// file is compiled in prototype mode, to avoid infinite -// recursion. - -JspServletWrapper tempWrapper = new JspServletWrapper(ctxt -.getServletContext(), ctxt.getOptions(), -tagFilePath, tagInfo, ctxt.getRuntimeContext(), -tagJar); +wrapper = rctxt.getWrapper(wrapperUri); +if (wrapper == null) { +wrapper = new JspServletWrapper(ctxt.getServletContext(), ctxt +.getOptions(), tagFilePath, tagInfo, ctxt +.getRuntimeContext(), tagJar); +rctxt.addWrapper(wrapperUri, wrapper); + // Use same classloader and classpath for compiling tag files -tempWrapper.getJspEngineContext().setClassLoader( +wrapper.getJspEngineContext().setClassLoader( ctxt.getClassLoader()); - tempWrapper.getJspEngineContext().setClassPath(ctxt.getClassPath()); -tagClazz = tempWrapper.loadTagFilePrototype(); -tempVector.add(tempWrapper.getJspEngineContext() -.getCompiler()); + wrapper.getJspEngineContext().setClassPath(ctxt.getClassPath()); } else { -tagClazz = wrapper.loadTagFile(); +// Make sure that JspCompilationContext gets the latest TagInfo +// for the tag file. TagInfo instance was created the last +// time the tag file was scanned for directives, and the tag +// file may have been modified since then. +wrapper.getJspEngineContext().setTagInfo(tagInfo); +
buildbot exception in ASF Buildbot on tomcat-8-trunk
The Buildbot has detected a build exception on builder tomcat-8-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-8-trunk/builds/241 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1678012 Blamelist: markt BUILD FAILED: exception svn upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1678006 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: jfclere Date: Wed May 6 14:25:19 2015 New Revision: 1678006 URL: http://svn.apache.org/r1678006 Log: my vote. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1678006r1=1678005r2=1678006view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed May 6 14:25:19 2015 @@ -73,7 +73,7 @@ PATCHES PROPOSED TO BACKPORT: * Use the truststoreProvider rather than the keystoreProvider for the trust manager http://svn.apache.org/r1677971 - +1: markt, kkolinko + +1: markt, kkolinko, jfclere -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1677971 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/changelog.xml
2015-05-06 15:36 GMT+03:00 ma...@apache.org: Author: markt Date: Wed May 6 12:36:50 2015 New Revision: 1677971 URL: http://svn.apache.org/r1677971 Log: Use the truststoreProvider rather than the keystoreProvider for the trust manager Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677971r1=1677970r2=1677971view=diff == --- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Wed May 6 12:36:50 2015 @@ -545,8 +545,7 @@ public class JSSESocketFactory implement algorithm = TrustManagerFactory.getDefaultAlgorithm(); } -return getTrustManagers(truststoreType, endpoint.getKeystoreProvider(), -algorithm); +return getTrustManagers(truststoreType, endpoint.getTruststoreProvider(), algorithm); } @Override Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1677971r1=1677970r2=1677971view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed May 6 12:36:50 2015 @@ -128,6 +128,12 @@ bug57837/bug: Add codetext/css/code to the default list of compressable MIME types. (markt) /fix + fix +For the JSSE based TLS connectors, use the +codetruststoreProvider/code rather than the +codekeystoreProvider/code when creating the +codeTrustManager/codes. (markt) + /fix /changelog /subsection subsection name=Jasper Hi! I voted for TC 6 backport of this revision, but on further review there are two problems: 1. In other place that calls endpoint.getTruststoreProvider() -- JSSESocketFactory.getTrustStore() -- there is some logic to fallback to getKeystoreProvider(). It also consults a system property. If we call endpoint.getTruststoreProvider() directly then there is no such fallback logic. 2. The patch is not applicable to Tomcat 6 as is, as its endpoint classes do not have getTruststoreProvider() method. Searching for truststoreProvider I see that documentation mentions such option in config/http.xml, and the code in JSSESocketFactory.getTrustStore() does String truststoreProvider = (String)attributes.get(truststoreProvider); instead of using a getter method. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-7-trunk
The Buildbot has detected a restored build on builder tomcat-7-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-7-trunk/builds/641 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' triggered this build Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1677971 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1678012 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/jasper/compiler/TagFileProcessor.java webapps/docs/changelog.xml
Author: markt Date: Wed May 6 14:46:37 2015 New Revision: 1678012 URL: http://svn.apache.org/r1678012 Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57887 Fix compilation for recursive tag files packaged in a JAR Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/jasper/compiler/TagFileProcessor.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 6 14:46:37 2015 @@ -1 +1 @@ -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1677966
[Bug 57887] IllegalStateException: zip file closed
https://bz.apache.org/bugzilla/show_bug.cgi?id=57887 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #4 from Mark Thomas ma...@apache.org --- Thanks for the test case. That made it pretty easy to track down the problem. This has been fixed in trunk and 8.0.x and will be included in 8.0.23 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-8-trunk
The Buildbot has detected a restored build on builder tomcat-8-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-8-trunk/builds/240 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1677967 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1675198 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprEndpoint.java java/org/apache/tomcat/util/net/SSLHostConfig.java webapps/docs/config/http.xml
On 06/05/2015 13:41, Mark Thomas wrote: On 06/05/2015 02:24, Konstantin Kolinko wrote: 2015-04-21 23:56 GMT+03:00 ma...@apache.org: Author: markt Date: Tue Apr 21 20:56:14 2015 New Revision: 1675198 URL: http://svn.apache.org/r1675198 Log: Document the protocols attribute for SSLHostConfig and align the implementation with it. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/webapps/docs/config/http.xml (...) Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1675198r1=1675197r2=1675198view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Tue Apr 21 20:56:14 2015 @@ -1050,7 +1050,7 @@ attributes -attribute name=hostName required=true +attribute name=hostName required=false pThe name of the SSL Host. This should either be the fully qualified domain name (e.g. codetomcat.apache.org/code) or a wild card domain name (e.g. code*.apache.org/code). If not specified, the default value @@ -1058,7 +1058,20 @@ /attribute attribute name=protocols required=false - p/p + pThe names of the protocols to support when communicating with clients. + This should be a comma separated list of any combination of the following: + /p + ulliSSLv2Hello/liliSSLv2/liliSSLv3/liliTLSv1/li + liTLSv1.1/liliTLSv1.2/liliall/li/ul + pNote that OpenSSL based secure connectors will always support + codeSSLv2Hello/code regardless of whether or not it is included in the + value for this attribute./p + pNote that codeall/code is an alias for + codeTLSv1,TLSv1.1,TLSv1.2/code./p + pNote that codeSSLv2/code and codeSSLv3/code are inherently + unsafe./p + pIf not specified, the default value of codeall/code will be + used./p /attribute As far as I remember from reading the source code, the above phrase Note that OpenSSL based secure connectors will always support SSLv2Hello regardless of whether or not it is included in the value for this attribute. about protocols attribute is not true. I think that it works as following: 1) If protocols includes several protocols (like in TLSv1,TLSv1.1,TLSv1.2) then OpenSSL configures a generic handshake method that supports SSLv2Hello. 2) If protocols includes only one protocol (e.g. TLSv1 or TLSv1.2), it configures a handshake method for that specific protocol, and SSLv2Hello is not enabled. In our sslcontext.c of Tomcat-Native 1.1.x: The case of 1) uses ctx = SSL_CTX_new(SSLv23_server_method()); The case of 2) uses ctx = SSL_CTX_new(TLSv1_2_server_method()); ctx = SSL_CTX_new(TLSv1_1_server_method()); ctx = SSL_CTX_new(TLSv1_server_method()); etc. Interesting. I should be able to change things so both JSSE and OpenSSL based connectors work the same way. I'll take a look. Maybe not then. I'll work on some better language for the docs. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677981 - /tomcat/trunk/webapps/docs/config/http.xml
Author: markt Date: Wed May 6 13:14:08 2015 New Revision: 1677981 URL: http://svn.apache.org/r1677981 Log: Update docs for protocols. OpenSSL and SSLv2Hello. Review by kkolinko Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677981r1=1677980r2=1677981view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Wed May 6 13:14:08 2015 @@ -1173,9 +1173,11 @@ /p ulliSSLv2Hello/liliSSLv2/liliSSLv3/liliTLSv1/li liTLSv1.1/liliTLSv1.2/liliall/li/ul - pNote that OpenSSL based secure connectors will always support - codeSSLv2Hello/code regardless of whether or not it is included in the - value for this attribute./p + pNote that codeSSLv2Hello/code will be ignored for OpenSSL based + secure connectors. If more than one protocol is specified for an OpenSSL + based secure connector it will support codeSSLv2Hello/code. If a + single protocol is specified it will not support + codeSSLv2Hello/code./p pNote that codeall/code is an alias for codeTLSv1,TLSv1.1,TLSv1.2/code./p pNote that codeSSLv2/code and codeSSLv3/code are inherently - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677966 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Author: markt Date: Wed May 6 12:29:48 2015 New Revision: 1677966 URL: http://svn.apache.org/r1677966 Log: Use the trustStoreProvider rather than the keystoreProvider for the trust manager Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677966r1=1677965r2=1677966view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Wed May 6 12:29:48 2015 @@ -365,8 +365,7 @@ public class JSSESocketFactory implement algorithm = TrustManagerFactory.getDefaultAlgorithm(); } -return getTrustManagers(truststoreType, sslHostConfig.getCertificateKeystoreProvider(), -algorithm); +return getTrustManagers(truststoreType, endpoint.getTruststoreProvider(), algorithm); } @Override - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat Grid
Alarcón, On 5/6/15 11:56 AM, Alarcón Vladimir wrote: As requested, I will do a write-up of the high-level architecture, and a list of features in phases. In terms of security I think the command-line interface could be secured by definition since it will be only available on the prod environment (or qa, or test, or dev respectively). In prod I only use vlans. The whole set of machines is isolated from other network segments all the time. To access them the firewall only allows me to get into the machines through a specific port, but this will depend on the security on each environment. The web interface is probably a little bit different. We will probably like to allow users to connect remotely, but from a secured net segment only available though a vpn or similar. In any case, it will be available over HTTPS only and will need to have user/pass security at the very least. Other options can be considered. Were you envisioning a web-based interface to this tool, or are you talking about some other kind of UI? I personally don't need any web-based UI for something like this, but others may appreciate a point-and-click interface. The good news about command-line tools is that they are usually trivially scriptable via GUIs. On the Informing the LB question, the tool architecture as I see it will include hooks (related to events), so custom scripts could be added to suit specific needs of each installation/environment. This way the end user could the hooks to implement integration points to other systems. Perfect. I happen to use a fleet of httpds with mod_jk as my load-balancers, but others may use something else. Providing hooks to listen for various events would be the perfect way to customize this kind of tool for a particular environment. -chris signature.asc Description: OpenPGP digital signature
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1195 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1678097 Blamelist: markt BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57773] performance problems when using scopeless optional attributes
https://bz.apache.org/bugzilla/show_bug.cgi?id=57773 --- Comment #3 from donnchadh donnch...@gmail.com --- I'm seeing a dramatic dramatic impact due to this (in conjunction with the global lock on WebAppClassLoader). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1678097 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/
Author: markt Date: Wed May 6 21:30:54 2015 New Revision: 1678097 URL: http://svn.apache.org/r1678097 Log: Move the truststore attributes to SSLHostConfig Move as much of the default / fall-back code to SSLHostConfig rather than spreading it through JSSESocketFactory. This makes the defaults/fallbacks easier to read (in my view) and allowed some clean-up in JSSESocketFactory. Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1678097r1=1678096r2=1678097view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java Wed May 6 21:30:54 2015 @@ -28,29 +28,6 @@ public abstract class AbstractHttp11Jsse public String getSslProtocol() { return getEndpoint().getSslProtocol();} public void setSslProtocol(String s) { getEndpoint().setSslProtocol(s);} -public void setTruststoreFile(String f){ getEndpoint().setTruststoreFile(f);} -public String getTruststoreFile(){ return getEndpoint().getTruststoreFile();} - -public void setTruststorePass(String p){ getEndpoint().setTruststorePass(p);} -public String getTruststorePass(){return getEndpoint().getTruststorePass();} - -public void setTruststoreType(String t){ getEndpoint().setTruststoreType(t);} -public String getTruststoreType(){ return getEndpoint().getTruststoreType();} - -public void setTruststoreProvider(String t){ -getEndpoint().setTruststoreProvider(t); -} -public String getTruststoreProvider(){ -return getEndpoint().getTruststoreProvider(); -} - -public void setTruststoreAlgorithm(String a){ -getEndpoint().setTruststoreAlgorithm(a); -} -public String getTruststoreAlgorithm(){ -return getEndpoint().getTruststoreAlgorithm(); -} - public void setSessionCacheSize(String s){getEndpoint().setSessionCacheSize(s);} public String getSessionCacheSize(){ return getEndpoint().getSessionCacheSize();} Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1678097r1=1678096r2=1678097view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Wed May 6 21:30:54 2015 @@ -476,6 +476,35 @@ public abstract class AbstractHttp11Prot defaultSSLHostConfig.setCertificateKeyAlias(certificateKeyAlias); } +public void setTruststoreAlgorithm(String truststoreAlgorithm){ +registerDefaultSSLHostConfig(); +defaultSSLHostConfig.setTruststoreAlgorithm(truststoreAlgorithm); +} + + +public void setTruststoreFile(String truststoreFile){ +registerDefaultSSLHostConfig(); +defaultSSLHostConfig.setTruststoreFile(truststoreFile); +} + + +public void setTruststorePass(String truststorePassword){ +registerDefaultSSLHostConfig(); +defaultSSLHostConfig.setTruststorePassword(truststorePassword); +} + + +public void setTruststoreType(String truststoreType){ +registerDefaultSSLHostConfig(); +defaultSSLHostConfig.setTruststoreType(truststoreType); +} + + +public void setTruststoreProvider(String truststoreProvider){ +registerDefaultSSLHostConfig(); +defaultSSLHostConfig.setTruststoreProvider(truststoreProvider); +} + // - Common code Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1678097r1=1678096r2=1678097view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Wed May 6 21:30:54 2015 @@ -16,7 +16,6 @@ */ package org.apache.tomcat.util.net; -import java.io.File; import java.io.OutputStreamWriter; import java.net.InetAddress; import java.net.InetSocketAddress; @@ -890,24 +889,6
[Bug 57486] Improve reuse of ProtectedFunctionMapper instances in generated JSP
https://bz.apache.org/bugzilla/show_bug.cgi?id=57486 donnchadh donnch...@gmail.com changed: What|Removed |Added CC||donnch...@gmail.com OS||All -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-8-trunk
The Buildbot has detected a restored build on builder tomcat-8-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-8-trunk/builds/242 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1678024 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Tomcat Grid write up
I guess I got a little bit carried away when writing the architecture and description, but I guess it's better to be ambitious. We can decide later on what we actually want from this tool. Please find attached the write up. Vlad - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GUMP@vmgump]: Project tomcat-tc8.0.x-test-nio2 (in module tomcat-8.0.x) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc8.0.x-test-nio2 has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 15 runs. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-tc8.0.x-test-nio2 : Tomcat 8.x, a web server implementing the Java Servlet 3.1, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/logs-NIO2 -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2.html Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2 (Type: Build) Work ended in a state of : Failed Elapsed: 36 mins 36 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-NIO2 -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150507-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20150507.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150507-native-src.tar.gz -Dtest.temp=output/test-tmp-NIO2 -Dtest.accesslog=true -Dexecute.test.nio=false -Dtest.openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20150507/bin /openssl -Dexecute.test.bio=false -Dexecute.test.apr=false -Dtest.excludePerformance=true -Dexecute.test.nio2=true -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.4-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-8.0.x] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja
Re: svn commit: r1677971 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/changelog.xml
On 06/05/2015 15:48, Mark Thomas wrote: On 06/05/2015 15:26, Konstantin Kolinko wrote: 2015-05-06 15:36 GMT+03:00 ma...@apache.org: Author: markt Date: Wed May 6 12:36:50 2015 New Revision: 1677971 URL: http://svn.apache.org/r1677971 Log: Use the truststoreProvider rather than the keystoreProvider for the trust manager Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677971r1=1677970r2=1677971view=diff == --- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Wed May 6 12:36:50 2015 @@ -545,8 +545,7 @@ public class JSSESocketFactory implement algorithm = TrustManagerFactory.getDefaultAlgorithm(); } -return getTrustManagers(truststoreType, endpoint.getKeystoreProvider(), -algorithm); +return getTrustManagers(truststoreType, endpoint.getTruststoreProvider(), algorithm); } @Override Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1677971r1=1677970r2=1677971view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed May 6 12:36:50 2015 @@ -128,6 +128,12 @@ bug57837/bug: Add codetext/css/code to the default list of compressable MIME types. (markt) /fix + fix +For the JSSE based TLS connectors, use the +codetruststoreProvider/code rather than the +codekeystoreProvider/code when creating the +codeTrustManager/codes. (markt) + /fix /changelog /subsection subsection name=Jasper Hi! I voted for TC 6 backport of this revision, but on further review there are two problems: 1. In other place that calls endpoint.getTruststoreProvider() -- JSSESocketFactory.getTrustStore() -- there is some logic to fallback to getKeystoreProvider(). It also consults a system property. If we call endpoint.getTruststoreProvider() directly then there is no such fallback logic. I'll look at fixing that. 2. The patch is not applicable to Tomcat 6 as is, as its endpoint classes do not have getTruststoreProvider() method. Searching for truststoreProvider I see that documentation mentions such option in config/http.xml, and the code in JSSESocketFactory.getTrustStore() does String truststoreProvider = (String)attributes.get(truststoreProvider); instead of using a getter method. Once I fix the first issue, I'll put together a specific 6.0.x patch. Looking at this again, I don't think the original patch was correct. I need to spend some more time on this. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1678020 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Wed May 6 15:07:06 2015 New Revision: 1678020 URL: http://svn.apache.org/r1678020 Log: Withdraw the patch Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1678020r1=1678019r2=1678020view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed May 6 15:07:06 2015 @@ -70,13 +70,6 @@ PATCHES PROPOSED TO BACKPORT: -1: -* Use the truststoreProvider rather than the keystoreProvider for the trust - manager - http://svn.apache.org/r1677971 - +1: markt, kkolinko, jfclere - -1: - - PATCHES/ISSUES THAT ARE STALLED: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44312 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1678024 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/changelog.xml
Author: markt Date: Wed May 6 15:11:02 2015 New Revision: 1678024 URL: http://svn.apache.org/r1678024 Log: Revert r1677967. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 6 15:11:02 2015 @@ -1 +1 @@ -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1677966,1678011
svn commit: r1678022 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java webapps/docs/changelog.xml
Author: markt Date: Wed May 6 15:09:53 2015 New Revision: 1678022 URL: http://svn.apache.org/r1678022 Log: Revert r1677971. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 6 15:09:53 2015 @@ -1,2 +1,2 @@ -/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553-1667555 ,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1677967 -/tomcat/trunk:1156115-1157160,1157162-1157859,1157862-1157942,1157945-1160347,1160349-1163716,1163718-1166689,1166691-1174340,1174342-1175596,1175598-1175611,1175613-1175932,1175934-1177783,1177785-1177980,1178006-1180720,1180722-1183094,1183096-1187753,1187755,1187775,1187801,1187806,1187809,1187826-1188312,1188314-1188401,1188646-1188840,1188842-1190176,1190178-1195223,1195225-1195953,1195955,1195957-1201238,1201240-1203345,1203347-1206623,1206625-1208046,1208073,1208096,1208114,1208145,1208772,1209194-1212125,1212127-1220291,1220293,1220295-1221321,1221323-1222329,1222332-1222401,1222405-1222795,1222850-1222950,1222969-1225326,1225328-1225463,1225465,1225627,1225629-1226534,1226536-1228908,1228911-1228923,1228927-1229532,1229534-1230766,1230768-1231625,1231627-1233414,1233419-1235207,1235209-1237425,1237427,1237429-1237977,1237981,1237985,1237995,1238070,1238073,1239024-1239048,1239050-1239062,1239135,1239256,1239258-1239485,1239785-1240046,1240101,1240106,1240109,1240112,1240114 ,1240116,1240118,1240121,1240329,1240474-1240850,1240857,1241087,1241160,1241408-1241822,1241908-1241909,1241912-1242110,1242371-1292130,1292134-1292458,1292464-1292670,1292672-1292776,1292780-1293392,1293397-1297017,1297019-1297963,1297965-1299820,1300108,1300111-1300460,1300520-1300948,1300997,1301006,1301280,1302332,1302348,1302608-1302610,1302649,1302837,1303138,1303163,1303338,1303521,1303587,1303698,1303803,1303852,1304011,1304035,1304037,1304135,1304249,1304253,1304260,1304271,1304275,1304468,1304895,1304930-1304932,1305194,1305943,1305965,1306556,1306579-1306580,1307084,1307310,1307511-1307512,1307579,1307591,1307597,1310636,1310639-1310640,1310642,1310701,1311212,1311995,1327617,1327670,1331766,1333161,1333173,1333827,1334787,1335026,1335257,1335547,1335692,1335711,1335731,1336515,1336813,1336864,1336868,1336884,1337419,1337426,1337546,1337572,1337591-1337595,1337643,1337707,1337719,1337734,1337741,1337745,1338151-1338154,1338178,1342027,1342029,1342315,1342320,1342476,1342 498,1342503,1342717,1342795,1342805,1343044-1343046,1343335,1343394,1343400,1343629,1343708,1343718,1343895,1344063,1344068,1344250,1344266,1344515,1344528,1344612,1344629,1344725,1344868,1344890,1344893,1344896,1344901,1345020,1345029,1345039,1345287-1345290,1345294,1345309,1345325,1345357,1345367,1345579-1345580,1345582,1345688,1345699,1345704,1345731-1345732,1345737,1345744,1345752,1345754,1345779,1345781,1345846,1346107,1346365,1346376,1346404,1346510,1346514,1346519,1346581,1346635,1346644,1346683,1346794,1346885,1346932,1347034,1347047,1347087,1347108-1347109,1347583,1347737,1348105,1348357,1348398,1348425,1348461-1348495,1348498,1348752,1348762,1348772,1348776,1348859,1348968,1348973,1348989,1349007,1349237,1349298,1349317,1349410,1349473,1349539,1349879,1349887,1349893,1349922,1349984,1350124,1350241,1350243,1350294-1350295,1350299,1350864,1350900,1351010,1351054,1351056,1351068,1351134-1351135,1351148,1351259,1351604,1351636-1351640,1351991,1351993,1352011,1352056,1352059,1
[GUMP@vmgump]: Project tomcat-tc8.0.x-test-apr (in module tomcat-8.0.x) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc8.0.x-test-apr has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 4 runs. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-tc8.0.x-test-apr : Tomcat 8.x, a web server implementing the Java Servlet 3.1, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/logs-APR -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-APR/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr.html Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr (Type: Build) Work ended in a state of : Failed Elapsed: 35 mins 53 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-APR -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150507-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native/dest-20150507/lib -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20150507.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150507-native-src.tar.gz -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false -Dtest .openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20150507/bin/openssl -Dexecute.test.bio=false -Dexecute.test.apr=true -Dtest.excludePerformance=true -Dexecute.test.nio2=false -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.4-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-8.0.x] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja
Re: Tomcat Grid
As requested, I will do a write-up of the high-level architecture, and a list of features in phases. In terms of security I think the command-line interface could be secured by definition since it will be only available on the prod environment (or qa, or test, or dev respectively). In prod I only use vlans. The whole set of machines is isolated from other network segments all the time. To access them the firewall only allows me to get into the machines through a specific port, but this will depend on the security on each environment. The web interface is probably a little bit different. We will probably like to allow users to connect remotely, but from a secured net segment only available though a vpn or similar. In any case, it will be available over HTTPS only and will need to have user/pass security at the very least. Other options can be considered. On the Informing the LB question, the tool architecture as I see it will include hooks (related to events), so custom scripts could be added to suit specific needs of each installation/environment. This way the end user could the hooks to implement integration points to other systems. Vlad On Wed, 5/6/15, Christopher Schultz ch...@christopherschultz.net wrote: Subject: Re: Tomcat Grid To: Tomcat Developers List dev@tomcat.apache.org Date: Wednesday, May 6, 2015, 10:11 AM Andrew, On 5/6/15 9:21 AM, Andrew Carr wrote: I can see security of this tool being paramount. What if you had a large cluster and someone else was able to manipulate it using this tool? If it's built on secure building blocks, such as public-key-based ssh authentication, or TLS client certificates, then I think it would be reasonably secure. Another option is a VPN or VLAN, or a separate physical network. We use the latter technique to communicate between our application servers and database servers to avoid the overhead of encryption. -chris On Tue, May 5, 2015 at 4:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: Chris, On 5/5/15 4:39 PM, Chris Aguirre wrote: I actually use Windows Powershell to execute commands on remote machines, including stopping/starting Tomcat (and other Windows Services). This works well for me - but in this case, I have complete control of all the VMs - and they are not Production Servers. I used the following articles as reference for creating the Powershell scripts: http://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/ http://stackoverflow.com/questions/6239647/using-powershell-credentials-without-being-prompted-for-a-password That's great. *NIX also has ssh which can be used to execute remote commands, but that's not the hard part. The hard part is planning a regular configuration that can be deployed to possibly hundreds of separate machines (virtual or physical) and then controlled in a sane way. For instance, let's say that I have 12 machines in two separate clusters. If I want to shutdown 3 machines in each cluster, I have to execute a flurry of commands like these: $ ssh -c user@server1 /path/to/tomcat/shutdown.sh $ ssh -c user@server2 /path/to/tomcat/shutdown.sh $ ssh -c user@server3 /path/to/tomcat/shutdown.sh $ ssh -c user@server7 /path/to/tomcat/shutdown.sh $ ssh -c user@server8 /path/to/tomcat/shutdown.sh $ ssh -c user@server9 /path/to/tomcat/shutdown.sh If I had a tool that understood my deployment configuration, I could do something like this: $ cluster shutdown 1 2 3 7 8 9 If the tool was *really* nice, it might inform my load-balancer that the nodes would be coming down as well. If it was super-nice, a tool would allow me to schedule a shutdown of nodes in the near future. For example, say I want to take those same nodes offline, but I want to disable them at the lb, then wait for their sticky sessions to drain folly before stopping each Tomcat instance. And since I don't want to watch the tool while it waits, I want to get an email or SMS confirmation when each node goes down. Maybe I can get integration into monitoring tools as well, so when I intentionally take a node offline, I don't get a bunch of text messages telling me that a server has gone down. These are the kinds of things that a grid tool could do to help. Being able to execute remote commands is just one of the primitive operations of this kind of thing. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org