Re: TC 4.1.3 ExptyStackException
Remy Maucherat wrote: Remy, I'm sure you're a busy guy, but I'd really appreciate an assist here; I moved to TC4.1 in order to have a working implementation of a JNDI DataSource, but in the process I have lost a working SSL implementation, which is *vital* for my application (this is medical data, and I need to demonstrate to the Authorities that the system is reasonably secure). If there's a problem with TC4.1 (I know it's alpha), would you suggest that I retro-grade to TC 4.0 ? I have an alternative (working!) connection-pooling setup that I could use, so it's not a total disaster for me. You can always downgrade. However, SSL works fine for me and others in more complex cases. Remy I *hope* it works for you - you wrote the thing! :-) However, since it doesn't work for me, and since I'm 99.9% certain that I have everything set-up and configured correctly, this constitutes a bug (although it could be external to Coyote/Tomcat). I am willing to persue this, and I got a copy of the sources via cvs, with a view to tracking it down, but I'd like some advice: 1) Should I join the developer list? (Say no, I get too much mail already!) 2) Should I post a bug report to Bugzilla, or do you do that? 3) Any hints as to where I should start my search? To re-iterate the problem: I use Coyote to configure a SSL connector, which *apparently* correctly initialises itself (I checked that something was happening by removing certain parameters, and it then barfed). However, when I access a protected page, the re-direct to my login page (which uses ssl) fails with a java.net.MalformedURLException, which indicates that there is no stream protocol handler registered for 'https'. Many thanks, Martin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: TC 4.1.3 ExptyStackException
Remy Maucherat wrote: It mentions an sslImplementation as being null, but I don't find any mention of such an attribute in the docs. Is this the problem? And if so, what do I need to put? BTW, I didn't really want to be on the bleeding edge of development - but I do need a JNDI DataSource that works, so here I am! You need JSSE for that to work (and put the JARs in common/lib, or use JDK 1.4). There is a bug in that release recognizing the keystoreType attribute, though (bugzilla 9676). This got fixed in release 4.1.4. Remy Well, I already had JSSE installed as a standard extension, but I copied it to common/lib anyway; there was no difference, I'm afraid :-( I should point out that I have this working (not with Coyote) in Tomcat 4.0.4, if that helps. Where can I get 4.1.4? I hunted around, but I can't find it on the jakarta site. Is there a binary? Best regards, and thanks for the help, Martin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: TC 4.1.3 ExptyStackException
You can get 4.1.5 though, 4.1.5 has issues regarding jasper2 (tag-pooling), so I would download 4.1.5 and use jasper2 from 4.1.3. on the other hand I dont know of any other problems with tc.4.1.5 (there might be as it's only in a test-release). http://jakarta.apache.org/builds/jakarta-tomcat-4.0/test/v4.1.5/ hope it helps, [EMAIL PROTECTED] -Original Message- From: Martin Jacobson [mailto:[EMAIL PROTECTED]] Sent: 25. júní 2002 08:51 To: Tomcat Users List Subject: Re: TC 4.1.3 ExptyStackException Remy Maucherat wrote: It mentions an sslImplementation as being null, but I don't find any mention of such an attribute in the docs. Is this the problem? And if so, what do I need to put? BTW, I didn't really want to be on the bleeding edge of development - but I do need a JNDI DataSource that works, so here I am! You need JSSE for that to work (and put the JARs in common/lib, or use JDK 1.4). There is a bug in that release recognizing the keystoreType attribute, though (bugzilla 9676). This got fixed in release 4.1.4. Remy Well, I already had JSSE installed as a standard extension, but I copied it to common/lib anyway; there was no difference, I'm afraid :-( I should point out that I have this working (not with Coyote) in Tomcat 4.0.4, if that helps. Where can I get 4.1.4? I hunted around, but I can't find it on the jakarta site. Is there a binary? Best regards, and thanks for the help, Martin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: TC 4.1.3 ExptyStackException
Reynir Hübner wrote: You can get 4.1.5 though, 4.1.5 has issues regarding jasper2 (tag-pooling), so I would download 4.1.5 and use jasper2 from 4.1.3. on the other hand I dont know of any other problems with tc.4.1.5 (there might be as it's only in a test-release). http://jakarta.apache.org/builds/jakarta-tomcat-4.0/test/v4.1.5/ hope it helps, [EMAIL PROTECTED] I don't use JSPs (hate them!) so Jasper is not an issue... however, having downloaded 4.1.5 - thanks for the link - I still have the same problem. That is, Tomcat fails to initialize the Coyote connector for https. My logs give me the same errors as previously posted - does anyone have a working Coyote https connector - maybe there are undocumented parameters I don't know about? Martin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: TC 4.1.3 ExptyStackException
Martin Jacobson wrote: Reynir Hübner wrote: You can get 4.1.5 though, 4.1.5 has issues regarding jasper2 (tag-pooling), so I would download 4.1.5 and use jasper2 from 4.1.3. on the other hand I dont know of any other problems with tc.4.1.5 (there might be as it's only in a test-release). http://jakarta.apache.org/builds/jakarta-tomcat-4.0/test/v4.1.5/ hope it helps, [EMAIL PROTECTED] I don't use JSPs (hate them!) so Jasper is not an issue... however, having downloaded 4.1.5 - thanks for the link - I still have the same problem. That is, Tomcat fails to initialize the Coyote connector for https. My logs give me the same errors as previously posted - does anyone have a working Coyote https connector - maybe there are undocumented parameters I don't know about? With JDK 1.3, this works for me: - create a key with the default password (changeit) with keytool (see SSL Howto) - uncomment the SSL connector in server.xml - put the 3 SSL JARs in common/lib - start Tomcat, and use the browser with SSL Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: TC 4.1.3 ExptyStackException
Remy Maucherat wrote: Martin Jacobson wrote: My logs give me the same errors as previously posted - does anyone have a working Coyote https connector - maybe there are undocumented parameters I don't know about? With JDK 1.3, this works for me: - create a key with the default password (changeit) with keytool (see SSL Howto) - uncomment the SSL connector in server.xml - put the 3 SSL JARs in common/lib - start Tomcat, and use the browser with SSL Remy As I said before, I already had this working in TC4.0, so I have a keystore with a valid cert in it - naturally, I changed the password from changeit! I HAVE copied the 3 jars into common/lib (although they were already installed as standard extensions, so they should have been available already), I have uncommented the SSL connector in server.xml, and I have restarted Tomcat !!! Oh, and I am using JDK 1.3.1. As far as I can tell, the only differences are (i) I changed the keystore password (as you MUST), and (ii) this is all running on Mac OS X 10.1.5, which I don't suppose you use (although you ought!) Any other ideas? Martin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: TC 4.1.3 ExptyStackException
Remy Maucherat wrote: Martin Jacobson wrote: My logs give me the same errors as previously posted - does anyone have a working Coyote https connector - maybe there are undocumented parameters I don't know about? With JDK 1.3, this works for me: - create a key with the default password (changeit) with keytool (see SSL Howto) - uncomment the SSL connector in server.xml - put the 3 SSL JARs in common/lib - start Tomcat, and use the browser with SSL Remy Another thought - I have the connectors configured to bind to ports 80/443, instead of 8080/8443 - this is perfectly normal, no? Oh, and this is standalone Tomcat, of course! Martin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: TC 4.1.3 ExptyStackException
Martin Jacobson wrote: Since moving to TC4.1.3, I get this: 2002-06-24 14:48:22 HttpProcessor[80][4] process.invoke java.util.EmptyStackException at java.util.Stack.peek(Stack.java:82) at java.util.Stack.pop(Stack.java:64) at org.apache.tomcat.util.log.SystemLogHandler.stopCapture(SystemLogHandler.java:152) at org.apache.catalina.connector.RequestBase.recycle(RequestBase.java:562) at org.apache.catalina.connector.HttpRequestBase.recycle(HttpRequestBase.java:417) at org.apache.catalina.connector.http.HttpRequestImpl.recycle(HttpRequestImpl.java:195) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1101) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1151) at java.lang.Thread.run(Thread.java:496) 2002-06-24 14:48:55 HttpProcessor[443][4] process.invoke java.util.EmptyStackException at java.util.Stack.peek(Stack.java:82) at java.util.Stack.pop(Stack.java:64) at org.apache.tomcat.util.log.SystemLogHandler.stopCapture(SystemLogHandler.java:152) at org.apache.catalina.connector.RequestBase.recycle(RequestBase.java:562) at org.apache.catalina.connector.HttpRequestBase.recycle(HttpRequestBase.java:417) at org.apache.catalina.connector.http.HttpRequestImpl.recycle(HttpRequestImpl.java:195) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1101) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1151) at java.lang.Thread.run(Thread.java:496) I haven't been able to track down exactly what provokes it - it seems to happen at random :-( but sure as eggs is eggs, it'll happen sooner or later. It doesn't look like a user code error, but who knows! Anyone got any ideas of where I should look? The old HTTP/1.1 connector is unsupported (and apparently, a bug was introduced in there). Try using Coyote HTTP/1.1 instead. You can look at the default configuration file to see how to configure it. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: TC 4.1.3 ExptyStackException
Remy Maucherat wrote: The old HTTP/1.1 connector is unsupported (and apparently, a bug was introduced in there). Try using Coyote HTTP/1.1 instead. You can look at the default configuration file to see how to configure it. Remy Thanks for the quick response! Have tried that, but I now have a new problem! Coyote does not appear to initialize the SSL connection properly - or I've got something wrong: here's what I find in the logs: [INFO] Http11Protocol - -Attribute port: 80 [INFO] Http11Protocol - -Attribute maxThreads: 75 [INFO] Http11Protocol - -Attribute backlog: 10 [INFO] Http11Protocol - -Attribute tcpNoDelay: true [INFO] Http11Protocol - -Attribute soTimeout: 2 [INFO] Http11Protocol - -Attribute timeout: 2 [INFO] Http11Protocol - -Attribute secure: false [INFO] Http11Protocol - -Initializing Coyote HTTP/1.1 on port 80 [INFO] Http11Protocol - -Attribute port: 443 [INFO] Http11Protocol - -Attribute maxThreads: 75 [INFO] Http11Protocol - -Attribute backlog: 10 [INFO] Http11Protocol - -Attribute tcpNoDelay: true [INFO] Http11Protocol - -Attribute soTimeout: 6 [INFO] Http11Protocol - -Attribute timeout: 6 [INFO] Http11Protocol - -Attribute secure: true [INFO] Http11Protocol - -Attribute algorithm: SunX509 [INFO] Http11Protocol - -Attribute keystore: /Users/martin/.keystore [INFO] Http11Protocol - -Attribute protocol: TLS [INFO] Http11Protocol - -Attribute sslImplementation: null [INFO] Http11Protocol - -Initializing Coyote HTTP/1.1 on port 443 2002-06-24 16:20:35 Authenticator[/drs]: Subject to constraint SecurityConstraint[Login] 2002-06-24 16:20:35 Authenticator[/drs]: Calling checkUserData() 2002-06-24 16:20:35 Authenticator[/drs]: Cannot create new URL java.net.MalformedURLException: unknown protocol: https at java.net.URL.init(URL.java:307) at java.net.URL.init(URL.java:224) at org.apache.catalina.authenticator.AuthenticatorBase.checkUserData(AuthenticatorBase.java:730) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:644) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:644) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:483) and here's my server.xml Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=9 connectionTimeout=2 useURIValidationHack=false / Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=9 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false keystoreFile=/Users/martin/.keystore keystorePass=mypassword protocol=TLS algorithm=SunX509 keystoreType=JKS / /Connector It mentions an sslImplementation as being null, but I don't find any mention of such an attribute in the docs. Is this the problem? And if so, what do I need to put? BTW, I didn't really want to be on the bleeding edge of development - but I do need a JNDI DataSource that works, so here I am! Thanks, Martin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: TC 4.1.3 ExptyStackException
Martin Jacobson wrote: Remy Maucherat wrote: The old HTTP/1.1 connector is unsupported (and apparently, a bug was introduced in there). Try using Coyote HTTP/1.1 instead. You can look at the default configuration file to see how to configure it. Remy Thanks for the quick response! Have tried that, but I now have a new problem! Coyote does not appear to initialize the SSL connection properly - or I've got something wrong: here's what I find in the logs: [INFO] Http11Protocol - -Attribute port: 80 [INFO] Http11Protocol - -Attribute maxThreads: 75 [INFO] Http11Protocol - -Attribute backlog: 10 [INFO] Http11Protocol - -Attribute tcpNoDelay: true [INFO] Http11Protocol - -Attribute soTimeout: 2 [INFO] Http11Protocol - -Attribute timeout: 2 [INFO] Http11Protocol - -Attribute secure: false [INFO] Http11Protocol - -Initializing Coyote HTTP/1.1 on port 80 [INFO] Http11Protocol - -Attribute port: 443 [INFO] Http11Protocol - -Attribute maxThreads: 75 [INFO] Http11Protocol - -Attribute backlog: 10 [INFO] Http11Protocol - -Attribute tcpNoDelay: true [INFO] Http11Protocol - -Attribute soTimeout: 6 [INFO] Http11Protocol - -Attribute timeout: 6 [INFO] Http11Protocol - -Attribute secure: true [INFO] Http11Protocol - -Attribute algorithm: SunX509 [INFO] Http11Protocol - -Attribute keystore: /Users/martin/.keystore [INFO] Http11Protocol - -Attribute protocol: TLS [INFO] Http11Protocol - -Attribute sslImplementation: null [INFO] Http11Protocol - -Initializing Coyote HTTP/1.1 on port 443 2002-06-24 16:20:35 Authenticator[/drs]: Subject to constraint SecurityConstraint[Login] 2002-06-24 16:20:35 Authenticator[/drs]: Calling checkUserData() 2002-06-24 16:20:35 Authenticator[/drs]: Cannot create new URL java.net.MalformedURLException: unknown protocol: https at java.net.URL.init(URL.java:307) at java.net.URL.init(URL.java:224) at org.apache.catalina.authenticator.AuthenticatorBase.checkUserData(AuthenticatorBase.java:730) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:644) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:644) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:483) and here's my server.xml Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=9 connectionTimeout=2 useURIValidationHack=false / Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=9 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false keystoreFile=/Users/martin/.keystore keystorePass=mypassword protocol=TLS algorithm=SunX509 keystoreType=JKS / /Connector It mentions an sslImplementation as being null, but I don't find any mention of such an attribute in the docs. Is this the problem? And if so, what do I need to put? BTW, I didn't really want to be on the bleeding edge of development - but I do need a JNDI DataSource that works, so here I am! You need JSSE for that to work (and put the JARs in common/lib, or use JDK 1.4). There is a bug in that release recognizing the keystoreType attribute, though (bugzilla 9676). This got fixed in release 4.1.4. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]