https://bz.apache.org/bugzilla/show_bug.cgi?id=62791
--- Comment #9 from Maksym ---
Thank you for fixing it! Does it make sense to backport this fix to tomcat
8.0.x as well (especially taking into account that it was fixed in 7.0.x)?
--
You are receiving this mail because:
You are the assignee
Author: remm
Date: Thu Oct 11 22:25:41 2018
New Revision: 1843609
URL: http://svn.apache.org/viewvc?rev=1843609=rev
Log:
Make my old OpenSSL happier.
Modified:
tomcat/native/trunk/native/src/ssl.c
Modified: tomcat/native/trunk/native/src/ssl.c
URL:
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-master/dest-20181011/bin/openssl
-Dtest.temp=output/test-tmp-NIO2
-Dtest.accesslog=true -Dexecute.test.nio=false
-Dbnd.jar=/srv/gump/packages/bnd/bnd-4.0.0/biz.aQute.bnd-4.0.0.jar
-Dexecute.test.apr=false -Dtest.excludePerformance=true
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748
--- Comment #29 from Remy Maucherat ---
Excellent, nothing changes from TLS 1.2 basically ! That's awesome given how
annoying it is to get the thing to work (BTW, instead of the weird
handshakeCount trick, there's also a callback that can be
Hi,
As you probably noticed I've been working on TLS 1.3 support, building
on Chris's work in BZ 62748.
The current status is the Tomcat Native 1.2.x and Tomcat 9.0.x support
TLSv1.3 in any of the following combinations:
- NIO[2]+JSSE on Java 11
- NIO[2]+OpenSSL on Java 8 onwards
- APR/Native on
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748
--- Comment #28 from Mark Thomas ---
Once I figured out how to do it, it was fairly simple. Essentially, we now use
the same approach for NIO[2]+OpenSSL for TLSv1.2 and TLS1.3. Requesting the
client certificate triggers a re-handshake with
Author: markt
Date: Thu Oct 11 20:25:42 2018
New Revision: 1843601
URL: http://svn.apache.org/viewvc?rev=1843601=rev
Log:
Fix server initiated TLS renegotiation to obtain a client certificate when
using NIO/NIO2 and the OpenSSL backed JSSE TLS implementation with TLSv1.3.
Modified:
Author: markt
Date: Thu Oct 11 20:20:44 2018
New Revision: 1843600
URL: http://svn.apache.org/viewvc?rev=1843600=rev
Log:
Add additional hooks to enable Tomcat to determine if post-handshake
authentication is in progress.
Add missing dummy methods for when OpenSSL is not present.
Modified:
The Buildbot has detected a restored build on builder tomcat-trunk while
building . Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/3652
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: silvanus_ubuntu
Build Reason: The AnyBranchScheduler
Author: remm
Date: Thu Oct 11 14:21:49 2018
New Revision: 1843554
URL: http://svn.apache.org/viewvc?rev=1843554=rev
Log:
Drop check (I was testing with another config).
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
Modified:
The Buildbot has detected a new failure on builder tomcat-trunk while building
. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/3651
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: silvanus_ubuntu
Build Reason: The AnyBranchScheduler
Author: remm
Date: Thu Oct 11 13:52:56 2018
New Revision: 1843551
URL: http://svn.apache.org/viewvc?rev=1843551=rev
Log:
Add "kind" checks and improve logging.
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipProvider.java
https://bz.apache.org/bugzilla/show_bug.cgi?id=62817
Mark Thomas changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=62817
Ayoub changed:
What|Removed |Added
Resolution|INVALID |---
Status|RESOLVED
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748
--- Comment #27 from Mark Thomas ---
I don't know yet. I was going to start on that this morning but when I tested
it with TLSv1.2 I found that CLIENT-CERT + NIO[2]+OpenSSL wasn't working with
TLS1.2 either. I've just fixed that and I plan to
Author: markt
Date: Thu Oct 11 10:18:39 2018
New Revision: 1843542
URL: http://svn.apache.org/viewvc?rev=1843542=rev
Log:
Fix server initiated TLS renegotiation to obtain a client certificate when
using NIO/NIO2 and the OpenSSL backed JSSE TLS implementation.
Prior to this fix, the client would
Author: markt
Date: Thu Oct 11 10:12:21 2018
New Revision: 1843541
URL: http://svn.apache.org/viewvc?rev=1843541=rev
Log:
Need to expose SSL_renegotiate_pending so NIO[2]+OPenSSL can implement
CLIENT-CERT correctly
Modified:
tomcat/native/trunk/native/src/ssl.c
The Buildbot has detected a restored build on builder tomcat-trunk while
building . Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/3649
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: silvanus_ubuntu
Build Reason: The AnyBranchScheduler
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748
--- Comment #26 from Remy Maucherat ---
Is it really doable to have it for 9.0.13 ?
I see the algorithm you added for native, and translating it into OpenSSLEngine
isn't very easy (it needs JNI additions for that SSL.verifyClientPostHandshake,
Author: markt
Date: Thu Oct 11 08:55:24 2018
New Revision: 1843536
URL: http://svn.apache.org/viewvc?rev=1843536=rev
Log:
Add missing check for TLS 1.3
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCertTls13.java
Modified:
https://bz.apache.org/bugzilla/show_bug.cgi?id=62817
Mark Thomas changed:
What|Removed |Added
OS||All
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=62817
Bug ID: 62817
Summary: error rfc 7230 and rfc 3986
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
https://bz.apache.org/bugzilla/show_bug.cgi?id=62273
Remy Maucherat changed:
What|Removed |Added
Resolution|--- |FIXED
Status|REOPENED
https://bz.apache.org/bugzilla/show_bug.cgi?id=62273
Ayoub changed:
What|Removed |Added
Resolution|FIXED |---
Status|RESOLVED
24 matches
Mail list logo
