Re: 9.0.13 encrypted cluster traffic

[Keiichi Fujino]

2018年12月23日(日) 2:10 Christopher Schultz :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Keiichi,
>
> On 12/21/18 02:58, Keiichi Fujino wrote:
> > 2018年12月21日(金) 12:11 Christopher Schultz
> > :
> >
> > Tim,
> >
> > On 12/20/18 10:18, Tim K wrote:
> >
> > I just downloaded and tried 9.0.14 but I'm still getting
> > the same BadPaddingException upon starting the second
> > instance.  I confirmed the encryptionKey matches on my two
> > instances.
> >
> 
>  Maybe something is wrong with my config?  For this test, I
>  have both Tomcats on the same server using different ports:
> >
> > This is the only thing that matters to the encryption interceptor:
> >
>    className="org.apache.catalina.tribes.group.interceptors.EncryptInt
> erc
> >
> 
> eptor"
> 
> 
> > encryptionKey="e0f2cdf931e99fdce0453964294f97f3" />
> >
> > I'm not sure if the order of encrypt/asyncdispatch interceptors
> > matters much.
> >
> >
> >
> >> Hi.
> >
> >> The case of using TcpFailureDetector, there is a case to write
> >> directly without passing through the interceptor chain.
> >
> >> TcpFailureDetector#memberAlive writes the channel data directly
> >> to outputstream without passing through the interceptor chain.
> >> However, when receiving this channel data, It passes through the
> >> interceptor chain. So, it must be received by TcpFailureDetector
> >> before decrypt of EncryptInterceptor. That is, the order is
> >> important. The order is EncryptInterceptor ->
> >> TcpFailureDetector.
>
> How's this for an update to the EncryptInterceptor documentation:
>
> "
> If using the TcpFailureDetector, the
> EncryptInterceptor
> must be inserted into the interceptor chain before the
> TcpFailureDetector. This is becuase the
> TcpFailureDetector writes channel data directly
> without using
> the remainder of the interceptor chain, but on the receiving side,
> the message still goes through the chain (in reverse). Because of this
> asymmetry, the EncryptInterceptor must execute
> before
> the TcpFailureDetector on the sender and after
> it on the receiver.
> "
>
>
Hi Chris.

Writing channel data directly is only for member verification.
Normal message are sent/received via the interceptor chain.
So, It may be better to add a sentence that interprets that writing channel
data directly is only for member verification.
such as, "When TcpFailureDetector validates cluster members..." etc.



> ??
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlweb+MACgkQHPApP6U8
> pFibAhAAuQWi3IGaGRGGwZEHYo9jMB9gdxGkZvQGMEK4naN2KgMkzZ56wTxWRwFh
> SEV6yHj6Tz+MERc6YL2st3Hm8VH6DgwEth1g1SmLZGM0JxD4HgqTwtVE9JZk9s4Y
> dMCgRR+O09bUh0fnCOybcOHeMZv1SewPFhXq8e/rquTbJAhljRhCrANkzRmo5/05
> WS+DsG78EVrjMG/X8uZIkkBOO43TzwTyAWNrX7u3DwUvf01idgHUceBQ/pRVC+L9
> a4TwypZjYkxJcLeHexzytXYLs8j/r8JtrPYFZfTeQvnlFdDkAcFgYL+CjfjKRTwo
> GPJyMU8HjxAfROe0HsRXwtX/OL0XTDq21bwE7yNTCtV1NcnsLSY74eh7WtwMgIKx
> kmNva4roGCeb+IQAC2QRnXmenB3qX2RN2ZrY3KWEq2s+UJP7PTf3Xga5ov/OJ0ce
> SE8UIuXfmh8IS7nZPn0mFwflbB9xjJZZV8c/oScQflAJKtVjc3mQ6b+29Jfx+zMI
> imvx+B7szFkccjtIjZQlPHqgW0MbnuflqiVBUb8tH29adDOWELRPook3V6htHdBA
> 1Izbpng+dVU2R2xEQdtdcevUKbaIvmB8xYGRgilu//o/1RrC8wzGqZuXaiomBT01
> Q/wIOQjjXKvVELoAu7Ym23KEv+IDrZAmtZy7QWiBP5azPwbc4sA=
> =wOVI
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 
Keiichi.Fujino

Using mod_jk on Alpine

[Leonardo Avellar]

Greetings all.

I'm trying to use mod_jk within a Docker container using the Alpine Linux
base. I was successful on building the Module, but when I activate it,
Apache gives me an instant Segmentation Fault.
Don't know if something is missing.

Right now, this is my Dockerfile:
https://gist.github.com/L30Bola/62f75c089fac5e0ff09b55f32ea2215c

I've attached, on the same gist link, a GDB backtrace, maybe it helps.

Re: [ANN] New committer: Woonsan Ko

[Igal Sapir]

W00t w00t!  Congrats Woonsan :)

Igal

On 12/19/2018 6:05 PM, Woonsan Ko wrote:


Thank you very much for the warm welcomes!
I have watched many volunteering hearts here, helping each other in
this community, for years. This community has been my biggest input
source from which I have learned how to grow ourselves together, in
positive, collaborative, collective, inclusive, sustainable ways.
I will do my best where I can help to keep the health of our heartbeats.

Kind regards,

Woonsan Ko

On Wed, Dec 19, 2018 at 6:56 PM Mark Thomas  wrote:

On behalf of the Tomcat committers I am pleased to announce that
Woonsan Ko (woonsan) has been voted in as a new Tomcat committer.

Please join me in welcoming him.

Kind regards,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org