Re: intermittent connectivity failure under ssl

[Mark Thomas]

On 09/03/18 20:18, Alex O'Ree wrote:
> I'll see what I can cook up. It'll be a complete tomcat setup and it was
> reproducible with just a hello world jsp file + test ssl certs and configs.
> Using any browser or java client connecting to tomcat. Page reloads are
> intermittently failing.  Where's the best place to dump this? And
> obviously, you'll need a windows box to replicate (x64)

Zip up the entire Tomcat dir and put it on dropbox or similar and then
ping me with the download details.

Microsoft kindly provide Apache committers with MSDN subscriptions for
their Apache work so if you include the OS details I can make sure I am
using the same OS.

I'll most likely just extract your changes from the default install and
apply them to a locally built instance. That way I can debug and test
any fixes more easily.

Mark


> 
> On Fri, Mar 9, 2018 at 3:01 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
> 
> Alex,
> 
> On 3/9/18 2:50 PM, Mark Thomas wrote:
 On 09/03/18 19:39, Alex O'Ree wrote:
> So I believe i have a resolution for this issue (still
> undergoing additional testing). I hate SSL by the way. After
> exhaustive scanning of the java.net.debug logs i came up with
> nothing. 0 hints to the problem. I tried with browsers and java
> http clients and all of them ended with a socket exception
> (unexpected end of file). Did i mention i'm using the windows
> variant of tomcat 8.5.28? On a whim, I asked a coworker who has
> been using tomcat for quite some time. He suggested that issue
> may be related to OpenSSL. After checking the configs and reading
> the docs here:
> http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomca
> t_Configuration_File
>
>
> for my setup, it was defaulting to use open ssl since it was not defined
>  in
> the config file. After changing the JSSEImplementation my
> problems appear to be sorted. Literally 3 months trying to solve
> this one. Whatever version of open ssl that comes with the
> windows build of tomcat has something wrong with it.

 Unlikely.

 More likely is that there is a bug in the APR/Native connector. But
 with a reliable way to reproduce the problem, we'll never know.
> 
> If you are willing to see if you can come up with a repeatable test
> case, it would be VERY helpful. Mark has a knack for finding and
> fixing irritating bugs like this in the connector very quickly, but
> not if he can't see the problem happen.
> 
> I'd certainly like to see any issue with the native library (or its
> use of OpenSSL) found and fixed for everyone's sake.
> 
> -chris
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: intermittent connectivity failure under ssl

[Alex O'Ree]

I'll see what I can cook up. It'll be a complete tomcat setup and it was
reproducible with just a hello world jsp file + test ssl certs and configs.
Using any browser or java client connecting to tomcat. Page reloads are
intermittently failing.  Where's the best place to dump this? And
obviously, you'll need a windows box to replicate (x64)

On Fri, Mar 9, 2018 at 3:01 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Alex,
>
> On 3/9/18 2:50 PM, Mark Thomas wrote:
> > On 09/03/18 19:39, Alex O'Ree wrote:
> >> So I believe i have a resolution for this issue (still
> >> undergoing additional testing). I hate SSL by the way. After
> >> exhaustive scanning of the java.net.debug logs i came up with
> >> nothing. 0 hints to the problem. I tried with browsers and java
> >> http clients and all of them ended with a socket exception
> >> (unexpected end of file). Did i mention i'm using the windows
> >> variant of tomcat 8.5.28? On a whim, I asked a coworker who has
> >> been using tomcat for quite some time. He suggested that issue
> >> may be related to OpenSSL. After checking the configs and reading
> >> the docs here:
> >> http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomca
> t_Configuration_File
> >>
> >>
> for my setup, it was defaulting to use open ssl since it was not defined
>  in
> >> the config file. After changing the JSSEImplementation my
> >> problems appear to be sorted. Literally 3 months trying to solve
> >> this one. Whatever version of open ssl that comes with the
> >> windows build of tomcat has something wrong with it.
> >
> > Unlikely.
> >
> > More likely is that there is a bug in the APR/Native connector. But
> > with a reliable way to reproduce the problem, we'll never know.
>
> If you are willing to see if you can come up with a repeatable test
> case, it would be VERY helpful. Mark has a knack for finding and
> fixing irritating bugs like this in the connector very quickly, but
> not if he can't see the problem happen.
>
> I'd certainly like to see any issue with the native library (or its
> use of OpenSSL) found and fixed for everyone's sake.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqi6CsACgkQHPApP6U8
> pFjQCw//cTuR+GNMMG/cdhyZ09+bWd6NPDdAdc8/poIPrBoKgz7LbSPiWa5QzZBa
> VlOyRmfHizZPCUslmxxJUEUI45vLzHePmetUQaOfAfLp1QQEnQXnQFtL7/x4/RG8
> TZJLOBud708YSDFKQesHQSxd424+ZFXgn6kGpUXKNRIqkqtlmiVFPQ0uatqNUQTF
> htMcMOhL3cxAXOEqkJL7HAEFnJAR1Q9A1itG2nk2hk2yn0wa2aQxQxp5EEa/Gwts
> +7XgZAiHTxvptJSd7lKpvG3l8wi//aC4JMQQZi9WgJf/+pK3HL5PZ55R52uojB+i
> IVUFOMM/gTavyMrHPvLWNUF2AITzXmov85ZJmRZdOsBT4WaUMr4XawFViktoeJMq
> aQonhP5RCOvWLnKHqxmTShExezV9gs+HgmxSRCVCNF0dqVFIa/X3rm/i/pfJJXCe
> IaXJTMRizpKlQfYz5zrptTUzJ0sfRqxL8WEjz6C4Z1FEOeIqW04V4UsVH2Hz5BUO
> WPBjWq807WjeEcpvwE6YkxcHitXIlof9GcCIFWKE6ub0GOI1QSWHWAOIraHSK8OZ
> jWonnzE/FWojuiK4Ntbx0JrWGgIkXMhBprkHI1WRMk+nbHqT64xYQkhDYl//j5rq
> Va3eZ3gz1yYt4D/Qi8q7lxhqLfe8cNkJeO3gCoPJLuKl+lISTSE=
> =neYx
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: intermittent connectivity failure under ssl

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alex,

On 3/9/18 2:50 PM, Mark Thomas wrote:
> On 09/03/18 19:39, Alex O'Ree wrote:
>> So I believe i have a resolution for this issue (still
>> undergoing additional testing). I hate SSL by the way. After
>> exhaustive scanning of the java.net.debug logs i came up with
>> nothing. 0 hints to the problem. I tried with browsers and java
>> http clients and all of them ended with a socket exception
>> (unexpected end of file). Did i mention i'm using the windows
>> variant of tomcat 8.5.28? On a whim, I asked a coworker who has 
>> been using tomcat for quite some time. He suggested that issue
>> may be related to OpenSSL. After checking the configs and reading
>> the docs here: 
>> http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomca
t_Configuration_File
>>
>> 
for my setup, it was defaulting to use open ssl since it was not defined
 in
>> the config file. After changing the JSSEImplementation my
>> problems appear to be sorted. Literally 3 months trying to solve
>> this one. Whatever version of open ssl that comes with the
>> windows build of tomcat has something wrong with it.
> 
> Unlikely.
> 
> More likely is that there is a bug in the APR/Native connector. But
> with a reliable way to reproduce the problem, we'll never know.

If you are willing to see if you can come up with a repeatable test
case, it would be VERY helpful. Mark has a knack for finding and
fixing irritating bugs like this in the connector very quickly, but
not if he can't see the problem happen.

I'd certainly like to see any issue with the native library (or its
use of OpenSSL) found and fixed for everyone's sake.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqi6CsACgkQHPApP6U8
pFjQCw//cTuR+GNMMG/cdhyZ09+bWd6NPDdAdc8/poIPrBoKgz7LbSPiWa5QzZBa
VlOyRmfHizZPCUslmxxJUEUI45vLzHePmetUQaOfAfLp1QQEnQXnQFtL7/x4/RG8
TZJLOBud708YSDFKQesHQSxd424+ZFXgn6kGpUXKNRIqkqtlmiVFPQ0uatqNUQTF
htMcMOhL3cxAXOEqkJL7HAEFnJAR1Q9A1itG2nk2hk2yn0wa2aQxQxp5EEa/Gwts
+7XgZAiHTxvptJSd7lKpvG3l8wi//aC4JMQQZi9WgJf/+pK3HL5PZ55R52uojB+i
IVUFOMM/gTavyMrHPvLWNUF2AITzXmov85ZJmRZdOsBT4WaUMr4XawFViktoeJMq
aQonhP5RCOvWLnKHqxmTShExezV9gs+HgmxSRCVCNF0dqVFIa/X3rm/i/pfJJXCe
IaXJTMRizpKlQfYz5zrptTUzJ0sfRqxL8WEjz6C4Z1FEOeIqW04V4UsVH2Hz5BUO
WPBjWq807WjeEcpvwE6YkxcHitXIlof9GcCIFWKE6ub0GOI1QSWHWAOIraHSK8OZ
jWonnzE/FWojuiK4Ntbx0JrWGgIkXMhBprkHI1WRMk+nbHqT64xYQkhDYl//j5rq
Va3eZ3gz1yYt4D/Qi8q7lxhqLfe8cNkJeO3gCoPJLuKl+lISTSE=
=neYx
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: intermittent connectivity failure under ssl

[Mark Thomas]

On 09/03/18 19:39, Alex O'Ree wrote:
> So I believe i have a resolution for this issue (still undergoing
> additional testing). I hate SSL by the way. After exhaustive scanning of
> the java.net.debug logs i came up with nothing. 0 hints to the problem. I
> tried with browsers and java http clients and all of them ended with a
> socket exception (unexpected end of file). Did i mention i'm using the
> windows variant of tomcat 8.5.28? On a whim, I asked a coworker who has
> been using tomcat for quite some time. He suggested that issue may be
> related to OpenSSL. After checking the configs and reading the docs here:
> http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File
> for my setup, it was defaulting to use open ssl since it was not defined in
> the config file. After changing the JSSEImplementation my problems appear
> to be sorted. Literally 3 months trying to solve this one. Whatever version
> of open ssl that comes with the windows build of tomcat has something wrong
> with it.

Unlikely.

More likely is that there is a bug in the APR/Native connector. But with
a reliable way to reproduce the problem, we'll never know.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: intermittent connectivity failure under ssl

[Alex O'Ree]

So I believe i have a resolution for this issue (still undergoing
additional testing). I hate SSL by the way. After exhaustive scanning of
the java.net.debug logs i came up with nothing. 0 hints to the problem. I
tried with browsers and java http clients and all of them ended with a
socket exception (unexpected end of file). Did i mention i'm using the
windows variant of tomcat 8.5.28? On a whim, I asked a coworker who has
been using tomcat for quite some time. He suggested that issue may be
related to OpenSSL. After checking the configs and reading the docs here:
http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File
for my setup, it was defaulting to use open ssl since it was not defined in
the config file. After changing the JSSEImplementation my problems appear
to be sorted. Literally 3 months trying to solve this one. Whatever version
of open ssl that comes with the windows build of tomcat has something wrong
with it.


On Mon, Mar 5, 2018 at 9:29 AM, Alex O'Ree  wrote:

> thanks. what else could be cause this? Chrome says error empty response
> frequently
>
> On Mon, Mar 5, 2018 at 9:27 AM, Rémy Maucherat  wrote:
>
>> On Mon, Mar 5, 2018 at 2:59 PM, Alex O'Ree  wrote:
>>
>> > I may be on to something. I found at a coderanch something that was
>> > related. I'm using a class that extends Http11NioProtocol to provide
>> > encryption support for the keystore passwords. I was setting the xml
>> > attribute in server.xml/Connector@protocol = the class name of the
>> > extended
>> > class. This may be related to the problem as it looks like the protocol
>> > attribute must be one of HTTP/1.1, etc.
>> >
>> > Assuming this is the issue, which attribute can i used to specify my
>> > overridden class?
>> >
>>
>> That's the correct way to use this attribute, you should specify your
>> custom class that way.
>>
>> For server.xml values encryption, you can also use the Tomcat vault here:
>> https://github.com/picketbox/tomcat-vault
>>
>> Rémy
>>
>>
>> >
>> > On Fri, Mar 2, 2018 at 1:58 PM, Alex O'Ree  wrote:
>> >
>> > > Remy, what more information would you like? Any more info on the issue
>> > > that you are referencing?
>> > >
>> > > On Fri, Mar 2, 2018 at 10:56 AM, Rémy Maucherat 
>> wrote:
>> > >
>> > >> On Fri, Mar 2, 2018 at 4:19 PM, Alex O'Ree 
>> wrote:
>> > >>
>> > >> > Ran into a strange problem, not too sure what the problem is.
>> > Basically,
>> > >> > I'm getting intermittent connectivity from a http client to tomcat
>> but
>> > >> only
>> > >> > through SSL using the Http11NioProtocol. Some http requests go
>> > through,
>> > >> > others fail with the stack trace below. Usually, restarting tomcat
>> > fixes
>> > >> > it, but it appears to be random and unpredictable. This is a bit
>> of a
>> > >> major
>> > >> > issue for me so any help is appreciated.
>> > >> >
>> > >> > Any pointers for how to troubleshoot this? Running tomcat 8.5.28.
>> > >> >
>> > >> > There's no tomcat logs to indicate that there's a problem. The
>> > >> following is
>> > >> > logged on the client side:
>> > >> >
>> > >> > Caused by: java.net.SocketException: SocketException invoking
>> > >> > https://localhost:8443/myproject/services/Endpoint1: Unexpected
>> end
>> > of
>> > >> > file from server
>> > >> >
>> > >> > 
>> > >> >
>> > >> > Caused by: java.net.SocketException: Unexpected end of file from
>> > server
>> > >> > at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.
>> > >> > java:792)
>> > >> > at sun.net.www.http.HttpClient.pa
>> rseHTTP(HttpClient.java:647)
>> > >> > at sun.net.www.protocol.http.HttpURLConnection.
>> > getInputStream0(
>> > >> > HttpURLConnection.java:1536)
>> > >> > at sun.net.www.protocol.http.HttpURLConnection.
>> > getInputStream(
>> > >> > HttpURLConnection.java:1441)
>> > >> > at java.net.HttpURLConnection.getResponseCode(
>> > >> > HttpURLConnection.java:480)
>> > >> > at sun.net.www.protocol.https.HttpsURLConnectionImpl.
>> > >> > getResponseCode(HttpsURLConnectionImpl.java:338)
>> > >> > at org.apache.cxf.transport.http.URLConnectionHTTPConduit$
>> > >> > URLConnectionWrappedOutputStream.getResponseCode(
>> > >> > URLConnectionHTTPConduit.java:266)
>> > >> > at org.apache.cxf.transport.http.
>> > HTTPConduit$WrappedOutputStrea
>> > >> m.
>> > >> > handleResponseInternal(HTTPConduit.java:1543)
>> > >> > at org.apache.cxf.transport.http.
>> > HTTPConduit$WrappedOutputStrea
>> > >> m.
>> > >> > handleResponse(HTTPConduit.java:1513)
>> > >> > at org.apache.cxf.transport.http.HTTPConduit$
>> > >> > WrappedOutputStream.close(HTTPConduit.java:1318)
>> > >> > ... 46 more
>> > >> >
>> > >>
>> > >> It's impossible to say without more information, but this could look
>> > like
>> > >> an issue that is fixed in the next build.
>> > >>
>> > >> Rémy
>> > >>

Re: [ANN] Apache Tomcat 9.0.6 available

[Maxim Solodovnik]

Maven seems to be updated,
Thanks :)

On Fri, Mar 9, 2018 at 11:18 PM, Mark Thomas  wrote:

>
>
> On 09/03/2018 16:14, Maxim Solodovnik wrote:
>
>> Hello Mark,
>>
>> It seems maven artifacts are not available:
>> https://repo.maven.apache.org/maven2/org/apache/tomcat/embed
>> /tomcat-embed-websocket/
>> https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat-api/
>>
>
> I might have forgotten to press the right button. I'll do that now. Give
> it a few minutes to take effect.
>
> Mark
>
>
>
>
>> Is it expected?
>>
>> On Fri, Mar 9, 2018 at 7:18 PM, Mark Thomas  wrote:
>>
>> The Apache Tomcat team announces the immediate availability of Apache
>>> Tomcat 9.0.6.
>>>
>>> Apache Tomcat 9 is an open source software implementation of the Java
>>> Servlet, JavaServer Pages, Java Unified Expression Language, Java
>>> WebSocket and JASPIC technologies.
>>>
>>> Apache Tomcat 9.0.6 is a bugfix and feature release. The notable changes
>>> compared to 9.0.5 include:
>>>
>>> - TLS stability improvements.
>>>
>>> - Add the ability to specify static HTML responses for specific error
>>>codes and/or exception types with the ErrorReportValve.
>>>
>>> - Add async HTTP/2 parser for NIO2.
>>>
>>> - Add documentation for the Host Manager web application.
>>>Patch provided by Marek Czernek.
>>>
>>> Please refer to the change log for the complete list of changes:
>>> http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
>>>
>>> Downloads:
>>> http://tomcat.apache.org/download-90.cgi
>>>
>>> Migration guides from Apache Tomcat 7.x and 8.x:
>>> http://tomcat.apache.org/migration.html
>>>
>>> Enjoy!
>>>
>>> - The Apache Tomcat team
>>>
>>>
>>>
>>> For details of the "Tomcat for Administrators" training course being
>>> held in Manchester, UK please see:
>>> https://tomcat.apache.org/conference.html
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>>
>>
>>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
WBR
Maxim aka solomax

Re: [ANN] Apache Tomcat 9.0.6 available

[Mark Thomas]

On 09/03/2018 16:14, Maxim Solodovnik wrote:

Hello Mark,

It seems maven artifacts are not available:
https://repo.maven.apache.org/maven2/org/apache/tomcat/embed/tomcat-embed-websocket/
https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat-api/


I might have forgotten to press the right button. I'll do that now. Give 
it a few minutes to take effect.


Mark




Is it expected?

On Fri, Mar 9, 2018 at 7:18 PM, Mark Thomas  wrote:


The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.6.

Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.

Apache Tomcat 9.0.6 is a bugfix and feature release. The notable changes
compared to 9.0.5 include:

- TLS stability improvements.

- Add the ability to specify static HTML responses for specific error
   codes and/or exception types with the ErrorReportValve.

- Add async HTTP/2 parser for NIO2.

- Add documentation for the Host Manager web application.
   Patch provided by Marek Czernek.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-90.cgi

Migration guides from Apache Tomcat 7.x and 8.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team



For details of the "Tomcat for Administrators" training course being
held in Manchester, UK please see:
https://tomcat.apache.org/conference.html

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] Apache Tomcat 9.0.6 available

[Maxim Solodovnik]

Hello Mark,

It seems maven artifacts are not available:
https://repo.maven.apache.org/maven2/org/apache/tomcat/embed/tomcat-embed-websocket/
https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat-api/

Is it expected?

On Fri, Mar 9, 2018 at 7:18 PM, Mark Thomas  wrote:

> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 9.0.6.
>
> Apache Tomcat 9 is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Unified Expression Language, Java
> WebSocket and JASPIC technologies.
>
> Apache Tomcat 9.0.6 is a bugfix and feature release. The notable changes
> compared to 9.0.5 include:
>
> - TLS stability improvements.
>
> - Add the ability to specify static HTML responses for specific error
>   codes and/or exception types with the ErrorReportValve.
>
> - Add async HTTP/2 parser for NIO2.
>
> - Add documentation for the Host Manager web application.
>   Patch provided by Marek Czernek.
>
> Please refer to the change log for the complete list of changes:
> http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
>
> Downloads:
> http://tomcat.apache.org/download-90.cgi
>
> Migration guides from Apache Tomcat 7.x and 8.x:
> http://tomcat.apache.org/migration.html
>
> Enjoy!
>
> - The Apache Tomcat team
>
>
>
> For details of the "Tomcat for Administrators" training course being
> held in Manchester, UK please see:
> https://tomcat.apache.org/conference.html
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
WBR
Maxim aka solomax

Re: letsencrypt tomcat 9

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jean-François,

On 3/9/18 5:23 AM, jfrm.mau...@gmail.com wrote:
> I would like to witness that I was able install successfully Let's 
> encrypt certificate using the document written by Christopher
> Schultz:
> 
> http://people.apache.org/~schultz/ApacheCon%20NA%202017/Let%27s%20Encr
ypt%20Apache%20Tomcat.pdf
>
> 
> 
> At least I don't have any warnings from major browsers when
> accessing my webapps.
> 
> So I would like to thank the developper team and Christopher for
> this very valuable information.
> 
> My only request would be to promote this information closer to the 
> Tomcat documentation if possible because it has not been so easy
> for me to identify this document among other sources on the web.
> 
> I understand from the presentation that a development is on the way
> in Tomcat, so I will subscribe to the developer list to stay
> informed on this important subject for me.

I think it's reasonable to update the User Guide to include some
references about using Let's Encrypt, especially now that Tomcat 8.5
and 9.0 are capable of reloading the keystores. When that presentation
was originally written, Tomcat wasn't quite capable of a graceful reload
.

I'll be updating my presentation for this year's ApacheCon in
Montréal, QC in September to include the latest information about
using Let's Encrypt with Tomcat.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqioVMACgkQHPApP6U8
pFgi8BAAjFqrCP+vZTQguDyLuFpfpaIlhjAp3KxNCSGyNJjZWvw+7qQzbKVCYNIn
N9wGsFQo+6mTBiN+daxL6gUis+e1rXs9oO7ayXOkwBEcsukeYvNrzpwsjVyNFP6t
TRm8pGYegpglNNStdNj0pMTcv76w5LpHnZlBEh/8myHzuvAo3Ro8APYpoMgzVj8+
gIouCFP1bCgGOqh/92CEk7zihFFgLK78AJebAX+K2msmO8BsxtbJojppvPwiLxMF
PJgMy/TUjR3iUMvefJ46v4AeXqPax4ByHyrSnzjrHPnsO56saFZTbGLKgGBXwsqx
gXyitSecBmfyz6OREwRg9eCvnlm/BnikqHZVU2sZPrwTUqrtf4YDtJZzeAJhSlDz
CnSbE7WHV7iXsNYNn7voZ01R34ejATOcwEjQDRU/hrjjJxPxZr0gpn2IyTmiyASH
zMYCQp6+lVuEbemDu4Mx1a9KMmG/j5wdmbUOAVJRk1ZRWzQJI7XbKBibUV+Z/bt7
FdwWCgmCHy0u66DdqB549Z5CjC9xi2tsD5M0MsEsWczTbCmreCXJ5zr/J0i3VkGX
VUZgEciuMef1XF7EQYOxOW38npnYnkqlqDoZVnnC66GEak5Ro2Y0urVOEgBsQluK
2oxZOZ2tCnRFGosxUAW3IQWjgZ45SbtjSIoE305HjgQH5xW/SBI=
=Bd3o
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: letsencrypt tomcat 9

[LG Optimusv]

Thank you very much for your email. If I have any trouble with using Let's
Encrypt certificate with Tomcat, may I contact you then?

On Fri, Mar 9, 2018 at 5:23 AM, jfrm.mau...@gmail.com  wrote:

>
> Hi,
>
> I would like to witness that I was able install successfully Let's encrypt
> certificate using the document written by Christopher Schultz:
>
> http://people.apache.org/~schultz/ApacheCon%20NA%202017/Let%
> 27s%20Encrypt%20Apache%20Tomcat.pdf
>
> At least I don't have any warnings from major browsers when accessing my
> webapps.
>
> So I would like to thank the developper team and Christopher for this very
> valuable information.
>
> My only request would be to promote this information closer to the Tomcat
> documentation if possible because it has not been so easy for me to
> identify this document among other sources on the web.
>
> I understand from the presentation that a developpement is on the way in
> Tomcat, so I will subscribe to the developper list to stay informed on this
> important subject for me.
>
> Regards
>
> --
> Jean-François MAUREL
> PIMECA
> http://www.pimeca.com
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

[ANN] Apache Tomcat 9.0.6 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.6.

Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.

Apache Tomcat 9.0.6 is a bugfix and feature release. The notable changes
compared to 9.0.5 include:

- TLS stability improvements.

- Add the ability to specify static HTML responses for specific error
  codes and/or exception types with the ErrorReportValve.

- Add async HTTP/2 parser for NIO2.

- Add documentation for the Host Manager web application.
  Patch provided by Marek Czernek.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-90.cgi

Migration guides from Apache Tomcat 7.x and 8.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team



For details of the "Tomcat for Administrators" training course being
held in Manchester, UK please see:
https://tomcat.apache.org/conference.html

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Fwd: Accessing tomcat JNDI tree remotely issue

[Deepam Singla]

Dear Team,



While trying to port our application from WAS 8.5.5 to
tomcat 8.0.33, we have hit a roadblock and we are unable to proceed. Hence
requesting for your inputs.



Following is the scenario: we have  DataSourceManager class which looks for
datasource in the context as shown below.



Properties prop = *new* Properties();

  prop.put("java.naming.factory.initial",
"org.apache.naming.java.javaURLContextFactory");

  prop.put("java.naming.provider.url", “
rmi://localhost:1099”);



  InitialContext context = *new* InitialContext(prop);

dataSource = (DataSource) context.lookup(“apl_datasource”);





Following code perfectly works well when code is run within the Tomcat
 container.
But we are unable to access the context remotely i.e from outside the
Tomcat container.

But this works fine in case of WAS when
“com.ibm.websphere.naming.WsnInitialContextFactory”
class is used.

While running a standalone client from a shell script, when inside
DataSourceManager class we do a context lookup for a data source and the
lookup fails with following exception.



javax.naming.NameNotFoundException: Name [java:comp/env/jdbc/apl_datasource]
is not bound in this Context. Unable to find [java:comp].



It seems tomcat does not support remote access to its JNDI tree and
context initialized
is empty. Tomcat does have the data source in the context but it is only
accessible to the process running inside the containers and not accessible
to processes running outside the container. PFB the following link for your
reference.

https://
stackoverflow.com/questions/744389/tomcat-what-is-the-
init-context-params-to-use-for-making-an-external-client-con



Kindly provide your inputs on 2 points

· This link is for tomcat 5.5 and we are porting to tomcat 8. Has
scenario changed in tomcat8

· Is there any other way to access the JNDI tree remotely by
standalone application.

· Is the rmi protocol mentioned in provider url is supported by
tomcat, or we should change it to some another protocol.





Thanks and Regards,

Deepam Singla

letsencrypt tomcat 9

[jfrm.mau...@gmail.com]

Hi,

I would like to witness that I was able install successfully Let's 
encrypt certificate using the document written by Christopher Schultz:


http://people.apache.org/~schultz/ApacheCon%20NA%202017/Let%27s%20Encrypt%20Apache%20Tomcat.pdf

At least I don't have any warnings from major browsers when accessing my 
webapps.


So I would like to thank the developper team and Christopher for this 
very valuable information.


My only request would be to promote this information closer to the 
Tomcat documentation if possible because it has not been so easy for me 
to identify this document among other sources on the web.


I understand from the presentation that a developpement is on the way in 
Tomcat, so I will subscribe to the developper list to stay informed on 
this important subject for me.


Regards

--
Jean-François MAUREL
PIMECA
http://www.pimeca.com


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Strange behavior on Tomcat 9.0.5 about ResourceLink's "name" attribute in server.xml

[Mark Thomas]

On 09/03/18 08:42, Tarin Gamberini wrote:
> On 8 March 2018 at 20:44, Christopher Schultz 
> wrote:
> 
>> [cut]
>> On 3/8/18 1:56 PM, Mark Thomas wrote:
>>> On 08/03/18 18:53, Tarin Gamberini wrote:
 On 08/03/2018 17:52, Rémy Maucherat wrote:
> On Thu, Mar 8, 2018 at 5:26 PM, Tarin Gamberini
>> [cut] # PROBLEM
>>
>> I have two datasources in the same web application:
>>
>> > type="javax.sql.DataSource"/> > global="jdbc/abc/jkl/XXX_YYY" name="jdbc/abc/jkl"
>> type="javax.sql.DataSource"/> [cut]
>
> Well, you have "abc" that s already bound and is a datasource,
> then you try to create a subcontext "abc" and it doesn't work.
>
 Sorry, I'm not sure I have understood what you mean.
>> [cut]
>> each part has to have the expected type,
>> like this:
>>
>> comp:env -> context
>> java -> context
>> jdbc -> context
>> abc -> DataSource
>>[can't create a path below a DS]
>>
>> Hope that helps,
>>
> Yes, it have helped me a lot.
> 
> I know about JNDI hierarchy but not about the type.
> 
> Sorry for bothering you all, I'll review JNDI during this weekend.

No need to apologise. You asked a good (clear, well-written) question
and the community provided the answer. I learned something along the way
and I'm sure others did to. That is the mailing list worked exactly as
it is meant to.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Strange behavior on Tomcat 9.0.5 about ResourceLink's "name" attribute in server.xml

[Tarin Gamberini]

On 8 March 2018 at 20:44, Christopher Schultz 
wrote:

> [cut]
> On 3/8/18 1:56 PM, Mark Thomas wrote:
> > On 08/03/18 18:53, Tarin Gamberini wrote:
> >> On 08/03/2018 17:52, Rémy Maucherat wrote:
> >>> On Thu, Mar 8, 2018 at 5:26 PM, Tarin Gamberini
>  [cut] # PROBLEM
> 
>  I have two datasources in the same web application:
> 
>    type="javax.sql.DataSource"/>   global="jdbc/abc/jkl/XXX_YYY" name="jdbc/abc/jkl"
>  type="javax.sql.DataSource"/> [cut]
> >>>
> >>> Well, you have "abc" that s already bound and is a datasource,
> >>> then you try to create a subcontext "abc" and it doesn't work.
> >>>
> >> Sorry, I'm not sure I have understood what you mean.
> [cut]
> each part has to have the expected type,
> like this:
>
> comp:env -> context
> java -> context
> jdbc -> context
> abc -> DataSource
>[can't create a path below a DS]
>
> Hope that helps,
>
Yes, it have helped me a lot.

I know about JNDI hierarchy but not about the type.

Sorry for bothering you all, I'll review JNDI during this weekend.


> - -chris
> [cut]

Best regards,
Tarin
www.taringamberini.com/en/blog

Re: Strange behavior on Tomcat 9.0.5 about ResourceLink's "name" attribute in server.xml

[Tarin Gamberini]

On 8 March 2018 at 19:56, Mark Thomas  wrote:

> On 08/03/18 18:53, Tarin Gamberini wrote:
> > On 08/03/2018 17:52, Rémy Maucherat wrote:
> >> On Thu, Mar 8, 2018 at 5:26 PM, Tarin Gamberini
> >>> [cut]
> >>> # PROBLEM
> >>>
> >>> I have two datasources in the same web application:
> >>>
> >>>  >>> type="javax.sql.DataSource"/>
> >>>  >>> type="javax.sql.DataSource"/>
> >>> [cut]
> >>
> >> Well, you have "abc" that s already bound and is a datasource, then you
> try
> >> to create a subcontext "abc" and it doesn't work.
> > Sorry, I'm not sure I have understood what you mean. Just for
> clarification:
> >
> > 1.
> > By «you have "abc" that s already bound and is a datasource» are you
> > thinking about the "abc" just after "jdbc/" in «global="jdbc/abc/ABC"» ?
> >
> > 2.
> > By «then you try to create a subcontext "abc"» are you thinking about
> > the ending ABC in «global="jdbc/abc/ABC"» ?
>
> No. Look at the names, not the global names.
> Mark

I have understood, thanks for clarifying it.

Best regards,
Tarin
www.taringamberini.com/en/blog