[Bug 61394] NIO/NIO2 + OpenSSL renegotiation doesn't send list of CAs to user agent

2017-08-08 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394 --- Comment #2 from Mark Thomas --- I don't think we are calling that method when we are using JSSE config with the OpenSSL engine. I think we need the equivalent of the call to setCertificateRaw for the trusted certs. --

[Bug 61394] NIO/NIO2 + OpenSSL renegotiation doesn't send list of CAs to user agent

2017-08-08 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394 --- Comment #1 from Rainer Jung --- The OpenSSL call for this should be SSL_CTX_set_client_CA_list() (at least mod_ssl in Apache httpd uses it). We already wired that functionality in tcnative, file

[Bug 61394] NIO/NIO2 + OpenSSL renegotiation doesn't send list of CAs to user agent

2017-08-08 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394 Mark Thomas changed: What|Removed |Added Summary|NIO/NIO2 + OpenSSL |NIO/NIO2 + OpenSSL

[Bug 61394] New: NIO/NIO2 + OpenSSL renegotiation doesn't send list of CAS to user agent

2017-08-08 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394 Bug ID: 61394 Summary: NIO/NIO2 + OpenSSL renegotiation doesn't send list of CAS to user agent Product: Tomcat 9 Version: unspecified Hardware: PC OS:

Server TLS renegotiation issues with tc-native

2017-08-08 Thread Mark Thomas
Hi, The good news is I have managed to unpick the various TLS issues I've been struggling with. The Chrome not selecting the user cert issue looks to be related to how many of the fields were complete in the DN. That has been resolved by recreating the test keys and certs I have been using. I

svn commit: r1804463 - in /tomcat/trunk: java/org/apache/coyote/ java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/

2017-08-08 Thread markt
Author: markt Date: Tue Aug 8 19:29:55 2017 New Revision: 1804463 URL: http://svn.apache.org/viewvc?rev=1804463=rev Log: Improve the handling of client disconnections during the TLS renegotiation handshake. Modified: tomcat/trunk/java/org/apache/coyote/AbstractProcessor.java

svn commit: r1804462 - /tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java

2017-08-08 Thread markt
Author: markt Date: Tue Aug 8 19:19:44 2017 New Revision: 1804462 URL: http://svn.apache.org/viewvc?rev=1804462=rev Log: Eclipse Oxygen doesn't need this. Modified: tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java Modified:

svn commit: r1804461 - /tomcat/trunk/res/ide-support/eclipse/java-compiler-errors-warnings.txt

2017-08-08 Thread markt
Author: markt Date: Tue Aug 8 19:18:00 2017 New Revision: 1804461 URL: http://svn.apache.org/viewvc?rev=1804461=rev Log: Reviewed for Oxygen - no changes Modified: tomcat/trunk/res/ide-support/eclipse/java-compiler-errors-warnings.txt Modified:

svn commit: r20906 - /dev/tomcat/tomcat-8/v8.5.20/ /release/tomcat/tomcat-8/v8.5.20/

2017-08-08 Thread markt
Author: markt Date: Tue Aug 8 19:15:03 2017 New Revision: 20906 Log: Release 8.5.20 Added: release/tomcat/tomcat-8/v8.5.20/ - copied from r20905, dev/tomcat/tomcat-8/v8.5.20/ Removed: dev/tomcat/tomcat-8/v8.5.20/

Re: [VOTE] Release Apache Tomcat 8.5.20

2017-08-08 Thread Mark Thomas
The following voters were cast: Binding: +1: violetagg, markt, csutherl, huxing, kkolinko, remm, fschumacher No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. - To

svn commit: r20905 - /dev/tomcat/tomcat-9/v9.0.0.M26/ /release/tomcat/tomcat-9/v9.0.0.M26/

2017-08-08 Thread markt
Author: markt Date: Tue Aug 8 19:11:26 2017 New Revision: 20905 Log: Release 9.0.0.M26 Added: release/tomcat/tomcat-9/v9.0.0.M26/ - copied from r20904, dev/tomcat/tomcat-9/v9.0.0.M26/ Removed: dev/tomcat/tomcat-9/v9.0.0.M26/

[RESULT][VOTE] Release Apache Tomcat 9.0.0.M26

2017-08-08 Thread Mark Thomas
The following votes were cast: Binding: +1: markt, violetagg, remm, fschumacher, kkolinko, csutherl No other votes were cast. This vote therefore passes. Thanks to everyone who has contributed to this release. Mark - To

Re: [VOTE] Release Apache Tomcat 9.0.0.M26

2017-08-08 Thread Coty Sutherland
On Wed, Aug 2, 2017 at 5:30 PM, Mark Thomas wrote: > The proposed Apache Tomcat 9.0.0.M26 release is now available for voting. > > This is a milestone release for the 9.0.x branch. It should be > noted that, as a milestone release: > - Servlet 4.0 is not finalised > - The EGs

Re: [VOTE] Release Apache Tomcat 9.0.0.M26

2017-08-08 Thread Konstantin Kolinko
2017-08-03 0:30 GMT+03:00 Mark Thomas : > The proposed Apache Tomcat 9.0.0.M26 release is now available for voting. > > This is a milestone release for the 9.0.x branch. It should be > noted that, as a milestone release: > - Servlet 4.0 is not finalised > - The EGs have not

[Bug 61393] New: org.apache.tomcat.jni.TestSocketServer timeout failure on a fast computer

2017-08-08 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=61393 Bug ID: 61393 Summary: org.apache.tomcat.jni.TestSocketServer timeout failure on a fast computer Product: Tomcat 9 Version: 9.0.0.M25 Hardware: PC Status:

svn commit: r1804444 - /tomcat/native/trunk/native/src/sslnetwork.c

2017-08-08 Thread markt
Author: markt Date: Tue Aug 8 17:16:57 2017 New Revision: 180 URL: http://svn.apache.org/viewvc?rev=180=rev Log: Remove out of date comment Modified: tomcat/native/trunk/native/src/sslnetwork.c Modified: tomcat/native/trunk/native/src/sslnetwork.c URL:

Re: [VOTE] Release Apache Tomcat 8.5.20

2017-08-08 Thread Felix Schumacher
Am 3. August 2017 00:10:05 MESZ schrieb Mark Thomas : >The proposed Apache Tomcat 8.5.20 release is now available for voting. > >The major changes compared to the 8.5.16 release are: > >- Enable TLS connectors to use Java key stores that contain multiple > keys where each key

Re: [VOTE] Release Apache Tomcat 9.0.0.M26

2017-08-08 Thread Felix Schumacher
Am 2. August 2017 23:30:23 MESZ schrieb Mark Thomas : >The proposed Apache Tomcat 9.0.0.M26 release is now available for >voting. > >This is a milestone release for the 9.0.x branch. It should be >noted that, as a milestone release: >- Servlet 4.0 is not finalised >- The EGs

Re: [VOTE] Release Apache Tomcat 9.0.0.M26

2017-08-08 Thread Rémy Maucherat
On Wed, Aug 2, 2017 at 11:30 PM, Mark Thomas wrote: > The proposed Apache Tomcat 9.0.0.M26 release is now available for voting. > > This is a milestone release for the 9.0.x branch. It should be > noted that, as a milestone release: > - Servlet 4.0 is not finalised > - The EGs

Re: [VOTE] Release Apache Tomcat 8.5.20

2017-08-08 Thread Rémy Maucherat
On Thu, Aug 3, 2017 at 12:10 AM, Mark Thomas wrote: > The proposed Apache Tomcat 8.5.20 release is now available for voting. > > The major changes compared to the 8.5.16 release are: > > - Enable TLS connectors to use Java key stores that contain multiple > keys where each

Re: [VOTE] Release Apache Tomcat 8.5.20

2017-08-08 Thread Konstantin Kolinko
2017-08-03 1:10 GMT+03:00 Mark Thomas : > The proposed Apache Tomcat 8.5.20 release is now available for voting. > > The major changes compared to the 8.5.16 release are: > > - Enable TLS connectors to use Java key stores that contain multiple > keys where each key has a

[Bug 61391] New: SlowQueryReport not logging Failed Query if connection abandoned

2017-08-08 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=61391 Bug ID: 61391 Summary: SlowQueryReport not logging Failed Query if connection abandoned Product: Tomcat 8 Version: 8.5.x-trunk Hardware: PC Status: NEW

Re: Test keys and certs

2017-08-08 Thread Konstantin Kolinko
2017-08-08 16:03 GMT+03:00 Mark Thomas : > On 08/08/17 13:59, George Stanchev wrote: > > > >> Is it possible the recent changes [1] has affected it? Chrome no longer >> looks in CN, which is ignored but rather expects SAN to be filled up. >> Perhaps Tomcat's test certs lack

Re: Test keys and certs

2017-08-08 Thread Mark Thomas
On 08/08/17 13:59, George Stanchev wrote: > Is it possible the recent changes [1] has affected it? Chrome no longer looks > in CN, which is ignored but rather expects SAN to be filled up. Perhaps > Tomcat's test certs lack SAN? > > [1]

RE: Test keys and certs

2017-08-08 Thread George Stanchev
-Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, August 08, 2017 5:23 AM To: Tomcat Developers List Subject: Test keys and certs All, Just a heads up. A few days ago I started to look at bug 59423. I saw all sorts of errors when I

svn commit: r1804407 - in /tomcat/trunk/test/org/apache/tomcat/util/net: TesterSupport.java ca.jks keystore-info.txt localhost-cert.pem localhost-copy1.jks localhost-key.pem localhost.jks user1.jks

2017-08-08 Thread markt
Author: markt Date: Tue Aug 8 12:11:10 2017 New Revision: 1804407 URL: http://svn.apache.org/viewvc?rev=1804407=rev Log: Update test keys and certs to use new CA hierarchy that has a longer key (4096 bits) for the CA and more complete DNs. Modified:

Test keys and certs

2017-08-08 Thread Mark Thomas
All, Just a heads up. A few days ago I started to look at bug 59423. I saw all sorts of errors when I tried to configure a clean Tomcat build for CLIENT-CERT. As I dug into the errors it appeared that Tomcat wasn't handling an unexpected connection close during the renegotiation. I have a patch

[Bug 60555] run by ssl and port:443 close_wait

2017-08-08 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60555 Vaibhav Bhandari changed: What|Removed |Added Resolution|FIXED |---

Ready for JDK 9 ?

2017-08-08 Thread Rory O'Donnell
Hi Mark, Thank you very much for all your testing of JDK 9 during its development! Such contributions have significantly helped shape and improve JDK 9. Now that we have reached the JDK 9 Final Release Candidate phase [1] , I would like to ask if your project can be considered to be 'ready

Re: [VOTE] Release Apache Tomcat 9.0.0.M26

2017-08-08 Thread Violeta Georgieva
Hi, 2017-08-03 0:30 GMT+03:00 Mark Thomas : > > The proposed Apache Tomcat 9.0.0.M26 release is now available for voting. > > This is a milestone release for the 9.0.x branch. It should be > noted that, as a milestone release: > - Servlet 4.0 is not finalised > - The EGs have