subject:"Re\: SSL and IPv6 when using address to set a specific IP"

Re: SSL and IPv6 when using address to set a specific IP

2018-03-05 Thread Rick Trudeau

On Mon, Mar 5, 2018 at 10:35 AM, Mark Thomas  wrote:
> On 05/03/18 15:00, Mark Thomas wrote:
>> On 05/03/18 02:02, Rick Trudeau wrote:
>>> Hi,
>>> I'm having some problems using SSL on my connector when binding it to
>>> a specific IPv6 address.
>>> I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12.
>
> 
>
>>> 05-Mar-2018 01:11:11.724 WARNING [main]
>>> org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to
>>> generate a valid JMX object name for the SSLHostConfig associated
>>> withhost [_default_]
>>>  javax.management.MalformedObjectNameException: Invalid character ':'
>>> in value part of property
>
> 
>
>>> Has anyone had any success binding to a specific IPv6 literal address
>>> when using SSL?
>>
>> Ah. That looks like a bug generating the MBean name from the address
>> attribute. Let me take a look.
>
> The good news is that that error shouldn't stop the TLS connector
> working although it won't be exposed via JMX.
>
> I've fixed this but unfortunately the next set of releases were tagged
> this morning so the fix won't be available until 9.0.7 / 8.5.30 which -
> unless the current releases fail for some reason - most likely won't be
> available until early next month.
>
> Mark
>


Well that's certainly a quick turnaround!
Thanks for you help with this Mark, we'll keep our eyes open for 8.5.30.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL and IPv6 when using address to set a specific IP

2018-03-05 Thread Mark Thomas

On 05/03/18 15:00, Mark Thomas wrote:
> On 05/03/18 02:02, Rick Trudeau wrote:
>> Hi,
>> I'm having some problems using SSL on my connector when binding it to
>> a specific IPv6 address.
>> I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12.



>> 05-Mar-2018 01:11:11.724 WARNING [main]
>> org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to
>> generate a valid JMX object name for the SSLHostConfig associated
>> withhost [_default_]
>>  javax.management.MalformedObjectNameException: Invalid character ':'
>> in value part of property



>> Has anyone had any success binding to a specific IPv6 literal address
>> when using SSL?
> 
> Ah. That looks like a bug generating the MBean name from the address
> attribute. Let me take a look.

The good news is that that error shouldn't stop the TLS connector
working although it won't be exposed via JMX.

I've fixed this but unfortunately the next set of releases were tagged
this morning so the fix won't be available until 9.0.7 / 8.5.30 which -
unless the current releases fail for some reason - most likely won't be
available until early next month.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL and IPv6 when using address to set a specific IP

2018-03-05 Thread Mark Thomas

On 05/03/18 02:02, Rick Trudeau wrote:
> Hi,
> I'm having some problems using SSL on my connector when binding it to
> a specific IPv6 address.
> I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12.
> 
> My connector config looks like this:
> maxThreads="150"
>scheme="https"
>secure="true"
>SSLEnabled="true"
>keystoreFile="/opt/keystore/keystore"
>keystorePass="secret"
>clientAuth="false"
>keyAlias="myAlias"
>sslProtocol="TLS"
>address="fe80::a00:27ff:fe13:ca0d"/>
> 
> catalina.out shows this exception immediately after startup.  I think
> it indicates there are some parsing errors when parsing the IPv6
> address.
> 
> 05-Mar-2018 01:11:11.141 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-fe80:0:0:0:a00:27ff:fe13:ca0d-8443"]
> 05-Mar-2018 01:11:11.709 INFO
> [main]org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector
> Using a shared selector for servlet write/read
> 05-Mar-2018 01:11:11.724 WARNING [main]
> org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to
> generate a valid JMX object name for the SSLHostConfig associated
> withhost [_default_]
>  javax.management.MalformedObjectNameException: Invalid character ':'
> in value part of property
> at javax.management.ObjectName.construct(ObjectName.java:618)
> at javax.management.ObjectName.(ObjectName.java:1382)
> at 
> org.apache.tomcat.util.net.AbstractEndpoint.registerJmx(AbstractEndpoint.java:1105)
> at 
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1095)
> at 
> org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
> at 
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
> at 
> org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at 
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at 
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
> 
> If I remove address attribute to allow binding on all interfaces,
> things are good.  But my use case, however, requires binding to a
> specific IPv6 address.
> Since these SSL attributes are deprecated from what I've read, I've
> also tried moving the SSL configs to the newer SSLHostConfig block,
> but the same error remains.
> 
> Has anyone had any success binding to a specific IPv6 literal address
> when using SSL?

Ah. That looks like a bug generating the MBean name from the address
attribute. Let me take a look.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL and IPv6 when using address to set a specific IP

Re: SSL and IPv6 when using address to set a specific IP

Re: SSL and IPv6 when using address to set a specific IP

3 matches

Site Navigation

Mail list logo

Footer information