RE: Truststore in HTTPS Connector does not work with Linux

2020-09-17 Thread David Weisgerber 
I think I was able to figure out the problem (more or less):
Using two distinct keystores for trusted certificates and server keys solves 
the problem. But don't ask me why there is a difference between Windows and 
Linux on this topic.
It also does not work to use an empty keystore (on Linux).

-Original Message-
From: David Weisgerber  
Sent: Thursday, 17 September 2020 09:29
To: Tomcat Users List 
Subject: RE: Truststore in HTTPS Connector does not work with Linux

Hi,

> Ugh. That *does* point toward a bug in Tomcat itself or something odd with 
> the JVM.

Yep.

>> No, we automatically ship the latest 8.5 tomcat version. However for 
>> our docker based distribution I was sure that this feature worked at 
>> some time (I think I used tomcat 8.0 for this). I tried it with the 
>> latest 8.5.57 on Windows, there everything works correctly. I just 
>> checked all the versions to see when the "bug"
>> was introduced.

> Did you find it? I took a quick look at the 8.5.x changelog and nothing 
> jumped-out at me.

I think it is
Fix:  Refactor the JSSE client certificate validation so that the effectiveness 
of the certificateVerificationDepth configuration attribute does not depend on 
the presence of a certificate revocation list. (markt) From the 8.5.5 changelog

Shall I file a bug? Are there any other people that can confirm this? I guess 
client certificates is a more rarely used feature.

Best regards,
David
B CB  [  
X  ܚX KK[XZ[
 \ \  ][  X  ܚX P X ]
 \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \  Z[ X ]
 \X K ܙ B

Re: hiding tomcat version from error pages

2020-09-17 Thread Tim Funk 
It should be ...
http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Error_Report_Valve

On Thu, Sep 17, 2020 at 10:40 AM Rathore, Rajendra  wrote:
>
> Hi Tim,
>
> I am using tomcat 8.5.x, will that available over there?
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: hiding tomcat version from error pages

2020-09-17 Thread Rathore, Rajendra 
Hi Tim,

I am using tomcat 8.5.x, will that available over there?

Thanks and Regards,
Rajendra Rathore
9922701491

-Original Message-
From: Tim Funk  
Sent: Thursday, September 17, 2020 6:12 PM
To: Tomcat Users List 
Subject: Re: hiding tomcat version from error pages

External email from: users-return-271678-rarathore=ptc@tomcat.apache.org

It should a tweak to the ErrorReportValve as documented here: (inside of
server.xml)

https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftomcat.apache.org%2Ftomcat-9.0-doc%2Fconfig%2Fvalve.html%23Error_Report_Valve&data=02%7C01%7Crarathore%40ptc.com%7Cf025f80f3c7f4f94aadf08d85b074060%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C1%7C637359433989184801&sdata=eMHYctj3jTQW5WSlAfbKXukvFuh7Jvnudb%2BO8s8%2BzCw%3D&reserved=0

You'll want to set showServerInfo and showReport to false

-Tim


On Thu, Sep 17, 2020 at 8:20 AM Rathore, Rajendra  wrote:

> Hi All,
>
>
>
> Please let me know the standard way to hide tomcat version from error 
> pages, I tried on google and saying that you need to modify some 
> properties inside catelina.jar, but that is not a standard way.
>
>
>
>
>
> Thanks and Regards,
>
> Rajendra Rathore
>
> 9922701491
>
>
>

RE: tomcat warnings. [EXTERNAL]

2020-09-17 Thread Beard, Shawn 
I did not use the OS package manager. I downloaded the from apache tomcat and 
unpacked manually.



Shawn Beard
Sr. Systems Engineer
BTS
+1-515-564-2528

-Original Message-
From: Martin Grigorov 
Sent: Thursday, September 17, 2020 8:50 AM
To: Tomcat Users List 
Subject: Re: tomcat warnings. [EXTERNAL]

** CAUTION: External message


On Thu, Sep 17, 2020, 16:07 Beard, Shawn 
wrote:

> Yes its 9.0.31.0
>

The last 0 makes me think that you have installed Tomcat by using your OS 
package manager.
Try with stock Tomcat downloaded from Apache servers.


> [mwuser@usilg01-tcd003 ~]$ ./version.sh
> Using CATALINA_BASE:   /path/to/catalina_base
> Using CATALINA_HOME:   /path/to/catalina_home
> Using CATALINA_TMPDIR: /path/to/catalina_base/temp
> Using JRE_HOME:/
> Using CLASSPATH:   /path/to/catalina_base
> /bin/bootstrap.jar:/usr/apache/tomcat/tomcat-current/bin/tomcat-juli.j
> ar
> Server version: Apache Tomcat/9.0.31
> Server built:   Feb 5 2020 19:32:12 UTC
> Server number:  9.0.31.0
> OS Name:Linux
> OS Version: 3.10.0-957.21.3.el7.x86_64
> Architecture:   amd64
> JVM Version:1.8.0_212-b04
> JVM Vendor: Oracle Corporation
>
> I do have 3 connectors, one of them is the AJP connector, could the
> warning be coming from them?
>

Remove the problematic attributes from each connector one by one and see when 
the warnings will disappear.


> Below is all 3 connectors:
>
> connectionTimeout="2"
>Server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>redirectPort="9443"
>
>  
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />
>
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>connectionTimeout="2"
>Server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>scheme="https"
>secure="true"
>SSLEnabled="true"
>sslEnabledProtocols="+TLSv1.2"
>keystoreFile="/path/to/tuststore/TomcatTrustStore.p12"
>truststoreFile="/path/to/keystore/TomcatTrustStore.p12"
>keystorePass="XXX"
>truststorePass="XX"
>
> ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
>
>  
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />
>
> address="hostname"
>secretRequired="false"
>connectionTimeout="2"
>server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>redirectPort="9443"
>scheme="https"
>secure="true"
>
>  
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />
>
>
>
> Shawn Beard
> Sr. Systems Engineer
> BTS
> +1-515-564-2528
>
> -Original Message-
> From: Mark Thomas 
> Sent: Thursday, September 17, 2020 3:19 AM
> To: users@tomcat.apache.org
> Subject: Re: tomcat warnings. [EXTERNAL]
>
> ** CAUTION: External message
>
>
> On 16/09/2020 20:45, Beard, Shawn wrote:
> >  >protocol="HTTP/1.1"
> >connectionTimeout="2"
> >Server=" "
> >maxHttpHeaderSize="8192"
> >maxThreads="500"
> >minSpareThreads="30"
> >enableLookups="false"
> >disableUploadTimeout="true"
> >acceptCou

Re: tomcat warnings. [EXTERNAL]

2020-09-17 Thread Martin Grigorov 
On Thu, Sep 17, 2020, 16:07 Beard, Shawn 
wrote:

> Yes its 9.0.31.0
>

The last 0 makes me think that you have installed Tomcat by using your OS
package manager.
Try with stock Tomcat downloaded from Apache servers.


> [mwuser@usilg01-tcd003 ~]$ ./version.sh
> Using CATALINA_BASE:   /path/to/catalina_base
> Using CATALINA_HOME:   /path/to/catalina_home
> Using CATALINA_TMPDIR: /path/to/catalina_base/temp
> Using JRE_HOME:/
> Using CLASSPATH:   /path/to/catalina_base
> /bin/bootstrap.jar:/usr/apache/tomcat/tomcat-current/bin/tomcat-juli.jar
> Server version: Apache Tomcat/9.0.31
> Server built:   Feb 5 2020 19:32:12 UTC
> Server number:  9.0.31.0
> OS Name:Linux
> OS Version: 3.10.0-957.21.3.el7.x86_64
> Architecture:   amd64
> JVM Version:1.8.0_212-b04
> JVM Vendor: Oracle Corporation
>
> I do have 3 connectors, one of them is the AJP connector, could the
> warning be coming from them?
>

Remove the problematic attributes from each connector one by one and see
when the warnings will disappear.


> Below is all 3 connectors:
>
> connectionTimeout="2"
>Server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>redirectPort="9443"
>
>  
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />
>
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>connectionTimeout="2"
>Server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>scheme="https"
>secure="true"
>SSLEnabled="true"
>sslEnabledProtocols="+TLSv1.2"
>keystoreFile="/path/to/tuststore/TomcatTrustStore.p12"
>truststoreFile="/path/to/keystore/TomcatTrustStore.p12"
>keystorePass="XXX"
>truststorePass="XX"
>
> ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
>
>  
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />
>
> address="hostname"
>secretRequired="false"
>connectionTimeout="2"
>server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>redirectPort="9443"
>scheme="https"
>secure="true"
>
>  
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />
>
>
>
> Shawn Beard
> Sr. Systems Engineer
> BTS
> +1-515-564-2528
>
> -Original Message-
> From: Mark Thomas 
> Sent: Thursday, September 17, 2020 3:19 AM
> To: users@tomcat.apache.org
> Subject: Re: tomcat warnings. [EXTERNAL]
>
> ** CAUTION: External message
>
>
> On 16/09/2020 20:45, Beard, Shawn wrote:
> >  >protocol="HTTP/1.1"
> >connectionTimeout="2"
> >Server=" "
> >maxHttpHeaderSize="8192"
> >maxThreads="500"
> >minSpareThreads="30"
> >enableLookups="false"
> >disableUploadTimeout="true"
> >acceptCount="150"
> >redirectPort="9444"
> >
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
> >compression="on"
> >compressionMinSize="2048"
> >

Re: tomcat warnings. [EXTERNAL]

2020-09-17 Thread Mark Thomas 
On 17/09/2020 14:06, Beard, Shawn wrote:
> Yes its 9.0.31.0
> 
> [mwuser@usilg01-tcd003 ~]$ ./version.sh
> Using CATALINA_BASE:   /path/to/catalina_base
> Using CATALINA_HOME:   /path/to/catalina_home
> Using CATALINA_TMPDIR: /path/to/catalina_base/temp
> Using JRE_HOME:/
> Using CLASSPATH:   /path/to/catalina_base 
> /bin/bootstrap.jar:/usr/apache/tomcat/tomcat-current/bin/tomcat-juli.jar
> Server version: Apache Tomcat/9.0.31
> Server built:   Feb 5 2020 19:32:12 UTC
> Server number:  9.0.31.0
> OS Name:Linux
> OS Version: 3.10.0-957.21.3.el7.x86_64
> Architecture:   amd64
> JVM Version:1.8.0_212-b04
> JVM Vendor: Oracle Corporation
> 
> I do have 3 connectors, one of them is the AJP connector, could the warning 
> be coming from them?

Yes. The compression settings are not valid for AJP connectors.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat warnings. [EXTERNAL]

2020-09-17 Thread Beard, Shawn 
Yes its 9.0.31.0

[mwuser@usilg01-tcd003 ~]$ ./version.sh
Using CATALINA_BASE:   /path/to/catalina_base
Using CATALINA_HOME:   /path/to/catalina_home
Using CATALINA_TMPDIR: /path/to/catalina_base/temp
Using JRE_HOME:/
Using CLASSPATH:   /path/to/catalina_base 
/bin/bootstrap.jar:/usr/apache/tomcat/tomcat-current/bin/tomcat-juli.jar
Server version: Apache Tomcat/9.0.31
Server built:   Feb 5 2020 19:32:12 UTC
Server number:  9.0.31.0
OS Name:Linux
OS Version: 3.10.0-957.21.3.el7.x86_64
Architecture:   amd64
JVM Version:1.8.0_212-b04
JVM Vendor: Oracle Corporation

I do have 3 connectors, one of them is the AJP connector, could the warning be 
coming from them?

Below is all 3 connectors:









Shawn Beard
Sr. Systems Engineer
BTS
+1-515-564-2528

-Original Message-
From: Mark Thomas 
Sent: Thursday, September 17, 2020 3:19 AM
To: users@tomcat.apache.org
Subject: Re: tomcat warnings. [EXTERNAL]

** CAUTION: External message


On 16/09/2020 20:45, Beard, Shawn wrote:
> protocol="HTTP/1.1"
>connectionTimeout="2"
>Server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>redirectPort="9444"
>
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />

I've added that exact configuration (copy and paste) to clean builds of 10.0.x, 
9.0.x and 9.0.31 and I don't see the errors you are seeing.

Are you sure you are running 9.0.31?

Have you tested this with a clean 9.0.31 install downloaded from 
tomcat.apache.org?

Mark


>
>
>
> Shawn Beard
> Sr. Systems Engineer
> BTS
> +1-515-564-2528
>
> -Original Message-
> From: Mark Thomas 
> Sent: Wednesday, September 16, 2020 2:40 PM
> To: users@tomcat.apache.org
> Subject: Re: tomcat warnings. [EXTERNAL]
>
> ** CAUTION: External message
>
>
> On 16/09/2020 19:46, Beard, Shawn wrote:
>> I’m getting these in the log:
>>
>>
>>
>> 16-Sep-2020 14:39:42.909 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'compressibleMimeType' to
>> 'text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf'
>> did not find a matching property.
>>
>> 16-Sep-2020 14:39:42.909 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'compression' to 'on' did not find a matching property.
>>
>> 16-Sep-2020 14:39:42.909 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'compressionMinSize' to '2048' did not find a matching property.
>>
>> 16-Sep-2020 14:39:42.909 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'noCompressionUserAgents' to 'gozilla,traviata' did not find a
>> matching property.
>>
>>
>>
>> I’m running Tomcat 9.0.31.
>>
>>
>>
>> According to documentation these are valid connector attributes/
>>
>> https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-9.0-doc/
>> c
>> onfig/http.html__;!!Li8W9_Um1Taa!tE5GafpOhFxZJTxhrvKgtQvRPdfMY04jnCLV
>> E
>> GdwcPdOT4zoevjuCwYb1Yrbu8i-$
>>
>>
>>
>> Here is what is in the connector. Any ideas?
>
> Full connector configuration please.
>
> Mark
>
>
>>
>>
>>
>> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>>
>>compression="on"
>>
>>compressionMinSize="2048"
>>
>>noCompressionUserAgents="gozilla,traviata"
>>
>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents
>> contain private, privileged and confidential information belonging to
>> the sender. The information therein is solely for the use of the
>> addressee. If your receipt of this transmission has occurred as the
>> result of an error, please immediately notify us so we can arrange
>> for the return of the documents. In such circumstances, you are
>> advised that you may not disclose, copy, distribute or take any other
>> action in reliance on the information transmitted.
>>
>> **
>>
>> *Shawn Beard • Sr. Systems Engineer
>> Middleware Engineering*
>>
>> **
>>
>>
>>
>> *

Re: hiding tomcat version from error pages

2020-09-17 Thread Tim Funk 
It should a tweak to the ErrorReportValve as documented here: (inside of
server.xml)

https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Error_Report_Valve

You'll want to set showServerInfo and showReport to false

-Tim


On Thu, Sep 17, 2020 at 8:20 AM Rathore, Rajendra  wrote:

> Hi All,
>
>
>
> Please let me know the standard way to hide tomcat version from error
> pages, I tried on google and saying that you need to modify some properties
> inside catelina.jar, but that is not a standard way.
>
>
>
>
>
> Thanks and Regards,
>
> Rajendra Rathore
>
> 9922701491
>
>
>

hiding tomcat version from error pages

2020-09-17 Thread Rathore, Rajendra 
Hi All,

Please let me know the standard way to hide tomcat version from error pages, I 
tried on google and saying that you need to modify some properties inside 
catelina.jar, but that is not a standard way.

[cid:image003.jpg@01D68D1A.F310D100]

Thanks and Regards,
Rajendra Rathore
9922701491

Re: tomcat warnings. [EXTERNAL]

2020-09-17 Thread Mark Thomas 
On 16/09/2020 20:45, Beard, Shawn wrote:
> protocol="HTTP/1.1"
>connectionTimeout="2"
>Server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>redirectPort="9444"
>
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />

I've added that exact configuration (copy and paste) to clean builds of
10.0.x, 9.0.x and 9.0.31 and I don't see the errors you are seeing.

Are you sure you are running 9.0.31?

Have you tested this with a clean 9.0.31 install downloaded from
tomcat.apache.org?

Mark


> 
> 
> 
> Shawn Beard
> Sr. Systems Engineer
> BTS
> +1-515-564-2528
> 
> -Original Message-
> From: Mark Thomas 
> Sent: Wednesday, September 16, 2020 2:40 PM
> To: users@tomcat.apache.org
> Subject: Re: tomcat warnings. [EXTERNAL]
> 
> ** CAUTION: External message
> 
> 
> On 16/09/2020 19:46, Beard, Shawn wrote:
>> I’m getting these in the log:
>>
>>
>>
>> 16-Sep-2020 14:39:42.909 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'compressibleMimeType' to
>> 'text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf'
>> did not find a matching property.
>>
>> 16-Sep-2020 14:39:42.909 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'compression' to 'on' did not find a matching property.
>>
>> 16-Sep-2020 14:39:42.909 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'compressionMinSize' to '2048' did not find a matching property.
>>
>> 16-Sep-2020 14:39:42.909 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'noCompressionUserAgents' to 'gozilla,traviata' did not find a
>> matching property.
>>
>>
>>
>> I’m running Tomcat 9.0.31.
>>
>>
>>
>> According to documentation these are valid connector attributes/
>>
>> https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-9.0-doc/c
>> onfig/http.html__;!!Li8W9_Um1Taa!tE5GafpOhFxZJTxhrvKgtQvRPdfMY04jnCLVE
>> GdwcPdOT4zoevjuCwYb1Yrbu8i-$
>>
>>
>>
>> Here is what is in the connector. Any ideas?
> 
> Full connector configuration please.
> 
> Mark
> 
> 
>>
>>
>>
>> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>>
>>compression="on"
>>
>>compressionMinSize="2048"
>>
>>noCompressionUserAgents="gozilla,traviata"
>>
>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents
>> contain private, privileged and confidential information belonging to
>> the sender. The information therein is solely for the use of the
>> addressee. If your receipt of this transmission has occurred as the
>> result of an error, please immediately notify us so we can arrange for
>> the return of the documents. In such circumstances, you are advised
>> that you may not disclose, copy, distribute or take any other action
>> in reliance on the information transmitted.
>>
>> **
>>
>> *Shawn Beard • Sr. Systems Engineer
>> Middleware Engineering*
>>
>> **
>>
>>
>>
>> *
>>  3840 109th Street Urbandale, IA 50322
>>  Phone: +1-515-564-2528
>>  Email: sbe...@wrberkley.com
>>  Website: berkleytechnologyservices.com
>> *
>>
>> */Technology Leadership Unleashing Business Potential/*
>>
>>
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain 
> private, privileged and confidential information belonging to the sender. The 
> information therein is solely for the use of the addressee. If your receipt 
> of this transmission has occurred as the result of an error, please 
> immediately notify us so we can arrange for the return of the documents. In 
> such circumstances, you are advised that you may not disclose, copy, 
> distribute or take any other action in reliance

RE: Truststore in HTTPS Connector does not work with Linux

2020-09-17 Thread David Weisgerber 
Hi,

> Ugh. That *does* point toward a bug in Tomcat itself or something odd with 
> the JVM.

Yep.

>> No, we automatically ship the latest 8.5 tomcat version. However for 
>> our docker based distribution I was sure that this feature worked at 
>> some time (I think I used tomcat 8.0 for this). I tried it with the 
>> latest 8.5.57 on Windows, there everything works correctly. I just 
>> checked all the versions to see when the "bug"
>> was introduced.

> Did you find it? I took a quick look at the 8.5.x changelog and nothing 
> jumped-out at me.

I think it is
Fix:  Refactor the JSSE client certificate validation so that the effectiveness 
of the certificateVerificationDepth configuration attribute does not depend on 
the presence of a certificate revocation list. (markt)
From the 8.5.5 changelog

Shall I file a bug? Are there any other people that can confirm this? I guess 
client certificates is a more rarely used feature.

Best regards,
David