DO NOT REPLY [Bug 44318] New: - The type PureTLSImplementation does not implement the father's abstract method
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=44318. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 Summary: The type PureTLSImplementation does not implement the father's abstract method Product: Tomcat 6 Version: 6.0.14 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The type PureTLSImplementation must implement the inherited abstract method SSLImplementation.getSSLSupport(SSLSession) org/apache/tomcat/util/net/puretls PureTLSImplementation.java line 35 1201594192049 83243 -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where's the fix of CVE-2005-2090?
On Monday 28 January 2008 21:09:31 Mark Thomas wrote: Michal Vyskocil wrote: I'm unable to locate a patch to fix the CVE-2005-2090. I cannot found any hint from svn commit log or bugzilla. Maybe is this commit r513079 | markt | 2007-03-01 01:26:12 +0100 (Čt, 01 bře 2007) | 1 line As per RFC2616, requests with multiple content-length headers are invalid. Yep, that's it. Mark Thanks for your help, Mark. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 44268] - Multiple registrations of same ServletContextListener class not possible
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=44268. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=44268 --- Additional Comments From [EMAIL PROTECTED] 2008-01-29 01:07 --- Thanks a lot Mark! This will definitely help the next one running into this. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 43303] - Versioning under Windows not reported by many connector components
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=43303. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=43303 [EMAIL PROTECTED] changed: What|Removed |Added Component|Connector:AJP |Native:JK Product|Tomcat 5|Tomcat 6 Target Milestone|--- |default Version|Nightly Build |6.0.0 --- Additional Comments From [EMAIL PROTECTED] 2008-01-29 09:18 --- Re assigning to tomcat 6 / native jk -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 38713] - java.io.IOException: tmpFile.renameTo(classFile) failed when compiling new JSP (upon redeploy)
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=38713. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=38713 --- Additional Comments From [EMAIL PROTECTED] 2008-01-29 09:08 --- See http://issues.apache.org/bugzilla/show_bug.cgi?id=2500. Does the fixing of bug 2500 make this problem go away? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 38713] - java.io.IOException: tmpFile.renameTo(classFile) failed when compiling new JSP (upon redeploy)
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=38713. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=38713 [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Author: markt Date: Tue Jan 29 13:18:25 2008 New Revision: 616522 URL: http://svn.apache.org/viewvc?rev=616522view=rev Log: Tab police. No function change Modified: tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java?rev=616522r1=616521r2=616522view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java Tue Jan 29 13:18:25 2008 @@ -35,8 +35,8 @@ public class PureTLSImplementation extends SSLImplementation { public PureTLSImplementation() throws ClassNotFoundException { - // Check to see if PureTLS is floating around somewhere - Class.forName(COM.claymoresystems.ptls.SSLContext); +// Check to see if PureTLS is floating around somewhere +Class.forName(COM.claymoresystems.ptls.SSLContext); } public String getImplementationName(){ @@ -45,12 +45,12 @@ public ServerSocketFactory getServerSocketFactory() { - return new PureTLSSocketFactory(); +return new PureTLSSocketFactory(); } public SSLSupport getSSLSupport(Socket s) { - return new PureTLSSupport((SSLSocket)s); +return new PureTLSSupport((SSLSocket)s); } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java?rev=616522r1=616521r2=616522view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java Tue Jan 29 13:18:25 2008 @@ -37,7 +37,7 @@ // constructor since this class is only used with // implAccept public PureTLSSocket() throws IOException { - super(); +super(); } } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java?rev=616522r1=616521r2=616522view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java Tue Jan 29 13:18:25 2008 @@ -44,7 +44,7 @@ extends org.apache.tomcat.util.net.ServerSocketFactory { static org.apache.commons.logging.Log logger = - org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class); + org.apache.commons.logging.LogFactory.getLog(PureTLSSocketFactory.class); static String defaultProtocol = TLS; static boolean defaultClientAuth = false; static String defaultKeyStoreFile = server.pem; @@ -58,71 +58,71 @@ } public ServerSocket createSocket(int port) - throws IOException +throws IOException { - init(); - return new SSLServerSocket(context,port); +init(); +return new SSLServerSocket(context,port); } public ServerSocket createSocket(int port, int backlog) - throws IOException +throws IOException { - init(); - ServerSocket tmp; - - try { - tmp=new SSLServerSocket(context,port,backlog); - } - catch (IOException e){ - throw e; - } - return tmp; +init(); +ServerSocket tmp; + +try { +tmp=new SSLServerSocket(context,port,backlog); +} +catch (IOException e){ +throw e; +} +return tmp; } public ServerSocket createSocket(int port, int backlog, -InetAddress ifAddress) - throws IOException + InetAddress ifAddress) +throws IOException { - init(); - return new SSLServerSocket(context,port,backlog,ifAddress); +init(); +return new SSLServerSocket(context,port,backlog,ifAddress); } private void init() - throws IOException +throws IOException { - if(context!=null) - return; - - boolean clientAuth=defaultClientAuth; - - try { - String
[Tomcat Wiki] Update of FAQ/Logging by tchize
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The following page has been changed by tchize: http://wiki.apache.org/tomcat/FAQ/Logging -- The Servlet Specification requires Servlet Containers like Tomcat to provide at least a rudimentary implementation of the {{{ServletContext#log}}} method. Tomcat provides a much richer implementation than required by the Spec, as follows: * Prior to Tomcat 5.5, Tomcat provided a Logger element that you could configure and extend according to your needs. If you are using a Tomcat version previous to Tomcat 5.5, make sure to read the [http://tomcat.apache.org/tomcat-5.0-doc/config/logger.html Logger configuration reference]. - * Starting with Tomcat 5.5, Logger was removed and [http://jakarta.apache.org/commons/logging Jakarta Commons-Logging] {{{Log}}} is used everywhere in Tomcat. Read the Commons-Logging documentation if you'd like to know how to better use and configure Tomcat's internal logging. + * Starting with Tomcat 5.5, Logger was removed and [http://jakarta.apache.org/commons/logging Jakarta Commons-Logging] {{{Log}}} is used everywhere in Tomcat. Read the Commons-Logging documentation if you'd like to know how to better use and configure Tomcat's internal logging. See also [http://tomcat.apache.org/tomcat-5.5-doc/logging.html] In addition, Tomcat does not swallow the System.out and System.err JVM output streams. You may use these streams for elementary logging if you wish, but a more robust approach such as commons-logging or [http://logging.apache.org/log4j Log4J] is recommended for production applications. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where's the fix of CVE-2005-2090?
Filip Hanik - Dev Lists wrote: Mark Thomas wrote: Michal Vyskocil wrote: I'm unable to locate a patch to fix the CVE-2005-2090. I cannot found any hint from svn commit log or bugzilla. Maybe is this commit r513079 | markt | 2007-03-01 01:26:12 +0100 (Čt, 01 bře 2007) | 1 line As per RFC2616, requests with multiple content-length headers are invalid. Yep, that's it. isn't it documented incorrectly then?, we dont return 400, we just grab one of the headers. If you look at the code for MimeHeaders.getUniqueValue() you'll see that the code throws an IAE if multiple values are found in the headers. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
[EMAIL PROTECTED] wrote: Author: markt Date: Tue Jan 29 13:18:25 2008 New Revision: 616522 URL: http://svn.apache.org/viewvc?rev=616522view=rev Log: Tab police. No function change Modified: tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java Before I spend any more time looking at http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I correct in thinking that PureTLS has never been part of of the TC6 build and that I could just remove these four files instead? If we do want to keep PureTLS support the main problem appears to be http://svn.apache.org/viewvc?view=revrevision=428884 which added a JSSE dependency into o.a.t.util.net.SSLImplementation As far as I can tell, PureTLS doesn't support nio anyway so... Thoughts? Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 44318] - The type PureTLSImplementation does not implement the father's abstract method
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=44318. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |NEEDINFO --- Additional Comments From [EMAIL PROTECTED] 2008-01-29 13:59 --- As far as I am aware, TC6 has never supported PureTLS even though some code is left over in the source tree from TC5. I've kicked off a thread on the dev list. My guess right now is that the PureTLS code will be removed. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r616556 - /tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java
Author: markt Date: Tue Jan 29 15:14:23 2008 New Revision: 616556 URL: http://svn.apache.org/viewvc?rev=616556view=rev Log: Fix bug 43741. Tag files in JARs were getting compiled once for every JSP that used them. Patch provided by Anthony Berglas. Modified: tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java Modified: tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java?rev=616556r1=616555r2=616556view=diff == --- tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java (original) +++ tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java Tue Jan 29 15:14:23 2008 @@ -559,7 +559,15 @@ public void compile() throws JasperException, FileNotFoundException { createCompiler(); -if (isPackagedTagFile || jspCompiler.isOutDated()) { +boolean outDated; +if (isPackagedTagFile) { +// Tags in JARs only need to be compiled once +// If the JAR changes, the app needs to be re-loaded +outDated = !(new File(getClassFileName()).exists()); +} else { +outDated = jspCompiler.isOutDated(); +} +if (outDated) { try { jspCompiler.removeGeneratedFiles(); jspLoader = null; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 43741] - .tag files in a .tar recompiled for each .jsp -- extremely slow (with fix)
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=43741. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=43741 --- Additional Comments From [EMAIL PROTECTED] 2008-01-29 15:17 --- I have looked at this some more. I think your patch is pretty much spot on. Generally, if a JAR changes, the app needs to be re-loaded (eg using reloadable or watched resources). That is true for any other JAR and I don't see why it shouldn't be true for JARs containing tag files. Compiling tags in a single pass (bug 43742) would also help. Bug 43878 will also contribute to poor performance, although in a different way. Your patch has been applied to trunk and proposed for 6.0.x. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r616557 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Tue Jan 29 15:16:47 2008 New Revision: 616557 URL: http://svn.apache.org/viewvc?rev=616557view=rev Log: Propose fix for 43741 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=616557r1=616556r2=616557view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Jan 29 15:16:47 2008 @@ -37,3 +37,10 @@ +1: pero, rjung, fhanik -1: remm: I believe it would need specific support for certain managers. Interested users could use their own extended manager instead. + +* Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=43741 + Only compile tags in a JAR file once rather than once per JSP that uses it. + Patch provided by Anthony Berglas + http://svn.apache.org/viewvc?rev=616556view=rev + +1: markt + -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r616563 - in /tomcat/trunk/java/org/apache/jasper: JspCompilationContext.java compiler/JspRuntimeContext.java
Author: markt Date: Tue Jan 29 15:37:08 2008 New Revision: 616563 URL: http://svn.apache.org/viewvc?rev=616563view=rev Log: Better fix for 43878. If we aren't re-loading, use a single class loader for JSPs and tag files to reduce perm gen space usage Modified: tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java Modified: tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java?rev=616563r1=616562r2=616563view=diff == --- tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java (original) +++ tomcat/trunk/java/org/apache/jasper/JspCompilationContext.java Tue Jan 29 15:37:08 2008 @@ -34,7 +34,6 @@ import org.apache.jasper.compiler.JspUtil; import org.apache.jasper.compiler.Localizer; import org.apache.jasper.compiler.ServletWriter; -import org.apache.jasper.servlet.JasperLoader; import org.apache.jasper.servlet.JspServletWrapper; /** @@ -176,11 +175,7 @@ public ClassLoader getJspLoader() { if( jspLoader == null ) { -jspLoader = new JasperLoader -(new URL[] {baseUrl}, -getClassLoader(), -rctxt.getPermissionCollection(), -rctxt.getCodeSource()); +jspLoader = rctxt.getJspLoader(baseUrl, getClassLoader()); } return jspLoader; } Modified: tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java?rev=616563r1=616562r2=616563view=diff == --- tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java (original) +++ tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java Tue Jan 29 15:37:08 2008 @@ -38,6 +38,7 @@ import org.apache.jasper.Options; import org.apache.jasper.runtime.JspFactoryImpl; import org.apache.jasper.security.SecurityClassLoad; +import org.apache.jasper.servlet.JasperLoader; import org.apache.jasper.servlet.JspServletWrapper; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; @@ -155,6 +156,7 @@ private ServletContext context; private Options options; private URLClassLoader parentClassLoader; +private JasperLoader jspLoader; private PermissionCollection permissionCollection; private CodeSource codeSource; private String classpath; @@ -314,6 +316,26 @@ */ public String getClassPath() { return classpath; +} + + +/** + * Obtain the classloader to use when loading JSP resources. In development + * mode or when running background compilations, each JSP has a separate + * classloader to enable easy re-loading of modified JSPs. If not in + * development mode, a single loader is used to reduce perm gen usage when + * many JSPs all use the same handful of tags. + */ +public URLClassLoader getJspLoader(URL baseUrl, ClassLoader parent) { +if (options.getDevelopment() || lastCheck -1) { +return new JasperLoader(new URL[] {baseUrl}, parent, +permissionCollection, codeSource); +} +if (jspLoader == null) { +jspLoader = new JasperLoader(new URL[] {baseUrl}, parent, +permissionCollection, codeSource); +} +return jspLoader; } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 43878] - Tag-file classes get loaded for each JSP - perm gen space problem
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=43878. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=43878 --- Additional Comments From [EMAIL PROTECTED] 2008-01-29 15:39 --- I have committed a better fix for this to trunk. Any testing results you can provide would be much appreciated. The fix has also been proposed for 6.0.x. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r616564 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Tue Jan 29 15:39:27 2008 New Revision: 616564 URL: http://svn.apache.org/viewvc?rev=616564view=rev Log: Propose a fix for 43878 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=616564r1=616563r2=616564view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Jan 29 15:39:27 2008 @@ -44,3 +44,10 @@ http://svn.apache.org/viewvc?rev=616556view=rev +1: markt -1: + +* Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=43878 + Use a single class loader when not reloading JSPs and tag files to reduce perm + gen usage. + http://svn.apache.org/viewvc?rev=616563view=rev + +1: markt + -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 44318] - The type PureTLSImplementation does not implement the father's abstract method
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=44318. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEEDINFO|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2008-01-29 17:14 --- Error code beyond the scope of this version,Will be realized in the latter version. --- Additional Comments From [EMAIL PROTECTED] 2008-01-29 13:59 --- As far as I am aware, TC6 has never supported PureTLS even though some code is left over in the source tree from TC5. I've kicked off a thread on the dev list. My guess right now is that the PureTLS code will be removed. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Author: markt Date: Tue Jan 29 13:18:25 2008 New Revision: 616522 URL: http://svn.apache.org/viewvc?rev=616522view=rev Log: Tab police. No function change Modified: tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java Before I spend any more time looking at http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I correct in thinking that PureTLS has never been part of of the TC6 build and that I could just remove these four files instead? If we do want to keep PureTLS support the main problem appears to be http://svn.apache.org/viewvc?view=revrevision=428884 which added a JSSE dependency into o.a.t.util.net.SSLImplementation As far as I can tell, PureTLS doesn't support nio anyway so... Thoughts? I remember that there was talk of removing PureTLS support. The PureTLS library isn't actively developed anymore (some security fixes, but not much else), and it still depends on a hacked version of Cryptix. But nobody has stepped up to actually remove it. That having been said, I'd prefer to remove the JSSE dependancy from SSLImplementation, since it makes it nearly impossible to develop a non-JSSE SSLImplementation (e.g. I there was talk of developing one for Mozilla's SSL stack, but nothing ever happened). Without having thought it out much, something like changing abstract public SSLSupport getSSLSupport(SSLSession session); to abstract public SSLSupport getNioSSLSupport(Socket sock); In the JSSE case, you can get the SSLSession from the Socket, so it would be a small change to the existing code. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Bill Barker wrote: Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Author: markt Date: Tue Jan 29 13:18:25 2008 New Revision: 616522 URL: http://svn.apache.org/viewvc?rev=616522view=rev Log: Tab police. No function change Modified: tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java Before I spend any more time looking at http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I correct in thinking that PureTLS has never been part of of the TC6 build and that I could just remove these four files instead? If we do want to keep PureTLS support the main problem appears to be http://svn.apache.org/viewvc?view=revrevision=428884 which added a JSSE dependency into o.a.t.util.net.SSLImplementation As far as I can tell, PureTLS doesn't support nio anyway so... Thoughts? I remember that there was talk of removing PureTLS support. The PureTLS library isn't actively developed anymore (some security fixes, but not much else), and it still depends on a hacked version of Cryptix. But nobody has stepped up to actually remove it. That having been said, I'd prefer to remove the JSSE dependancy from SSLImplementation, since it makes it nearly impossible to develop a non-JSSE SSLImplementation (e.g. I there was talk of developing one for Mozilla's SSL stack, but nothing ever happened). Without having thought it out much, something like changing abstract public SSLSupport getSSLSupport(SSLSession session); to abstract public SSLSupport getNioSSLSupport(Socket sock); if we are gonna remove it, why remove it only for one connector. The code used is the same by both the BIO and the NIO connector not sure we need the abstraction at all In the JSSE case, you can get the SSLSession from the Socket, so it would be a small change to the existing code. same code can be reused for both connectors. Filip Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Bill Barker wrote: Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Author: markt Date: Tue Jan 29 13:18:25 2008 New Revision: 616522 URL: http://svn.apache.org/viewvc?rev=616522view=rev Log: Tab police. No function change Modified: tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java Before I spend any more time looking at http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I correct in thinking that PureTLS has never been part of of the TC6 build and that I could just remove these four files instead? If we do want to keep PureTLS support the main problem appears to be http://svn.apache.org/viewvc?view=revrevision=428884 which added a JSSE dependency into o.a.t.util.net.SSLImplementation As far as I can tell, PureTLS doesn't support nio anyway so... Thoughts? I remember that there was talk of removing PureTLS support. The PureTLS library isn't actively developed anymore (some security fixes, but not much else), and it still depends on a hacked version of Cryptix. But nobody has stepped up to actually remove it. That having been said, I'd prefer to remove the JSSE dependancy from SSLImplementation, since it makes it nearly impossible to develop a non-JSSE SSLImplementation (e.g. I there was talk of developing one for Mozilla's SSL stack, but nothing ever happened). Without having thought it out much, something like changing abstract public SSLSupport getSSLSupport(SSLSession session); to abstract public SSLSupport getNioSSLSupport(Socket sock); if we are gonna remove it, why remove it only for one connector. The code used is the same by both the BIO and the NIO connector not sure we need the abstraction at all I'm for removing support for PureTLS, since it is largely unmaintained at the moment. But the abstraction is usefull to be able to support SSL providers (e.g. Mozilla meantioned above) that don't implement JSSE. It wasn't about getting removing it from the NIO Connecter, just making the signature not depend on JSSE. So for JSSE, something like: public SSLSupport getNioSSLSupport(Socket sock) { return factory.getSSLSupport(((SSLSocket)sock).getSession()); } I just prefer to keep where we have plug-in structure such as here, that we don't just throw it away in favor of only supporting Sun's solution. In the JSSE case, you can get the SSLSession from the Socket, so it would be a small change to the existing code. same code can be reused for both connectors. Filip Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]