Bug report for Tomcat 7 [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |41007|Opn|Enh|2006-11-20|Can't define customized 503 error page| |43866|New|Enh|2007-11-14|add support for session attribute propagation with| |47242|New|Enh|2009-05-22|request for AJP command line client | |49395|New|Enh|2010-06-06|manager.findLeaks : display the date when the leak| |49821|New|Enh|2010-08-25|Tomcat CLI [PATCH/Contribution] | |50019|New|Enh|2010-09-28|Adding JNDI "lookup-name" support In XML and Resou| |50175|New|Enh|2010-10-28|Enhance memory leak detection by selectively apply| |50234|New|Enh|2010-11-08|JspC use servlet 3.0 features | |50670|New|Enh|2011-01-27|Tribes | RpcChannel | Add option to specify extern| |50944|Ver|Blk|2011-03-18|JSF: java.lang.NullPointerException at com.sun.fac| |51195|New|Enh|2011-05-13|"Find leaks" reports a false positive memory/class| |51423|Inf|Enh|2011-06-23|[Patch] to add a path and a version parameters to | |51587|New|Enh|2011-07-29|Implement status and uptime commands | |51953|New|Enh|2011-10-04|Proposal: netmask filtering valve and filter [PATC| |52381|New|Enh|2011-12-22|Please add OSGi metadata | |52448|New|Enh|2012-01-11|Cache jar indexes in WebappClassLoader to speed up| |52489|New|Enh|2012-01-19|Enhancement request for code signing of war files | |52688|New|Enh|2012-02-16|Add ability to remove old access log files [PATCHE| |52952|New|Enh|2012-03-20|Improve ExtensionValidator handling for embedded s| |53085|New|Enh|2012-04-16|[perf] [concurrency] DefaultInstanceManager.annota| |53387|New|Enh|2012-06-08|SSI: Allow to use $1 to get result of regular expr| |53411|Opn|Enh|2012-06-13|NullPointerException in org.apache.tomcat.util.buf| |53492|New|Enh|2012-07-01|Make JspC shell multithreaded | |53553|New|Enh|2012-07-16|[PATCH] Deploy uploaded WAR with context.xml from | |53620|New|Enh|2012-07-30|[juli] delay opening a file until something gets l| |54499|New|Enh|2013-01-29|Implementation of Extensible EL Interpreter | |54802|New|Enh|2013-04-04|Provide location information for exceptions thrown| |55104|New|Enh|2013-06-16|Allow passing arguments with spaces to Commons Dae| |55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star| |55477|New|Enh|2013-08-23|Add a solution to map an realm name to a security | |56148|New|Enh|2014-02-17|support (multiple) ocsp stapling | |56181|New|Enh|2014-02-23|RemoteIpValve & RemoteIpFilter: HttpServletRequest| |56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation| |56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co| |56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta| |56787|New|Enh|2014-07-29|Simplified jndi name parsing | |57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the| |57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta| |57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due| |57892|New|Enh|2015-05-05|Log once a warning if a symbolic link is ignored (| |58338|New|Nor|2015-09-07|BasicDataSourceFactory uses wrong attribute name | |59716|New|Enh|2016-06-17|Allow JNDI configuration of CorsFilter| |60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli| |60944|Inf|Nor|2017-03-30|Tomcat Production Issue connections in CLOSE_WAIT | |61992|Inf|Cri|2018-01-12|DOS after "Error parsing HTTP request header" mess| |61993|New|Min|2018-01-12|org.apache.tomcat.util.ByteChunk throws NegativeAr| +-+---+---+--+--+ | Total 46 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: d
Bug report for Tomcat 9 [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |47467|New|Enh|2009-07-02|Deployment of the war file by URL when contextpath| |48672|New|Enh|2010-02-03|Tomcat Virtual Host Manager (/host-manager) needs | |57505|New|Enh|2015-01-27|Add integration tests for JspC| |57661|New|Enh|2015-03-04|Delay sending of 100 continue response until appli| |58242|New|Enh|2015-08-13|Scanning jars in classpath to get annotations in p| |58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI | |58548|New|Enh|2015-10-26|support certifcate transparency | |58590|New|Enh|2015-11-05|org.apache.catalina.realm.MemoryRealm can use back| |58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T| |59203|New|Enh|2016-03-21|Try to call Thread.interrupt before calling Thread| |59344|Ver|Enh|2016-04-18|PEM file support for JSSE | |59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means | |59901|New|Enh|2016-07-26|Reduce I/O associated with JSP compilation| |60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an| |61171|New|Enh|2017-06-09|Add port offset attribute (portOffset?) to Server | |61683|Inf|Nor|2017-10-27|NullPointerException in ErrorReportValve while exe| |61692|New|Enh|2017-10-28|CGIServlet should handle additional HTTP methods, | |61971|New|Enh|2018-01-06|documentation for using tomcat with systemd | +-+---+---+--+--+ | Total 18 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat Modules [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen| |51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho| |51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods | |52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o| |53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe| |54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int| |54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang| |55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ| |55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di| |56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p| |56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio| |56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr| |56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =| |56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue| |56779|New|Nor|2014-07-28|Allow multiple connection initialization statement| |56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti| |56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i| |56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f| |56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl| |56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic| |56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat| |56974|New|Nor|2014-09-12|jdbc-pool validation query defaultAutoCommit statu| |57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem| |57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e| |58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti| |59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source | |59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect | |59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec| |60195|New|Nor|2016-10-02|No javadoc in Maven Central | |60522|New|Nor|2016-12-27|An option for setting if the transaction should be| |60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68 | |60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe | |61032|New|Nor|2017-04-24|min pool size is not being respected | |61103|New|Nor|2017-05-18|StatementCache potentially caching non-functional | |61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy| |61303|New|Enh|2017-07-15|Refactoring of ConnectionPool | +-+---+---+--+--+ | Total 36 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat Connectors [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca| |47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A| |47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j| |47795|New|Maj|2009-09-07|service sticky_session not being set correctly wit| |48564|New|Enh|2010-01-18|Allow to turn off retries for LB worker | |48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv| |49063|New|Enh|2010-04-07|Please add JkStripSession status in jk-status work| |49822|New|Enh|2010-08-25|Add hash lb worker method | |49903|New|Enh|2010-09-09|Make workers file reloadable | |52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus| |53883|New|Maj|2012-09-17|isapi_redirect v 1.2.37 crashes w3wp.exe on the p| |53977|New|Maj|2012-10-07|32bits isapi connector cannot work in wow64 mode | |54027|New|Cri|2012-10-18|isapi send request to outside address instead of i| |54117|New|Maj|2012-11-08|access violation exception in isapi_redirect.dll | |54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks | |56489|New|Enh|2014-05-05|Include a directory for configuration files | |56576|New|Enh|2014-05-29|Websocket support | |57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce| |57403|New|Enh|2014-12-30|Persist configuration changes made via status work| |57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook| |57790|New|Enh|2015-04-03|Check worker names for typos | |57946|New|Nor|2015-05-23|Configuration example for mod_jk should be updated| |58287|New|Nor|2015-08-26|Questionable use of "Global" objects on Windows | |59897|New|Nor|2016-07-25|Buffer Overflow in FD_SET in nb_connect (jk_connec| |60240|New|Min|2016-10-11|Duplicate initialization log entry in mod_jk.log | |60745|New|Nor|2017-02-18|False positive: Somebody try to hack into the site| |61476|New|Enh|2017-09-01|Allow reset of an individual worker stat value| |61621|New|Enh|2017-10-15|Content-Type is forced to lowercase when it goes t| +-+---+---+--+--+ | Total 28 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Taglibs [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field | |38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)| |42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements | |46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l| |48333|New|Enh|2009-12-02|TLD generator | |57434|New|Nor|2015-01-11|Race condition in EL1.0 validation| |57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta| |57684|New|Min|2015-03-10|Version info should be taken from project version | |59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be| |59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in| |61875|New|Nor|2017-12-08|Investigate whether Xalan can be removed | +-+---+---+--+--+ | Total 11 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat 8 [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |51497|New|Enh|2011-07-11|Use canonical IPv6 text representation in logs| |53737|Opn|Enh|2012-08-18|Use ServletContext.getJspConfigDescriptor() in Jas| |53930|New|Enh|2012-09-24|allow capture of catalina stdout/stderr to a comma| |54700|New|Enh|2013-03-15|Improvement: Add support for system property to sp| |54741|New|Enh|2013-03-22|Add org.apache.catalina.startup.Tomcat#addWebapp(S| |55243|New|Enh|2013-07-11|Add special search string for nested roles| |55252|New|Enh|2013-07-12|Separate Ant and command-line wrappers for JspC | |55383|New|Enh|2013-08-07|Improve markup and design of Tomcat's HTML pages | |9|New|Enh|2013-09-14|UserDatabaseRealm enhacement: may use local JNDI | |55675|New|Enh|2013-10-18|Checking and handling invalid configuration option| |55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp| |55969|New|Enh|2014-01-07|Security-related enhancements to the Windows Insta| |56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia| |56361|New|Enh|2014-04-08|org.apache.tomcat.websocket.WsWebSocketContainer#b| |56398|New|Enh|2014-04-11|Support Arquillian-based unit testing | |56399|New|Enh|2014-04-11|Re-factor request/response recycling so Coyote and| |56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components| |56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S| |56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi| |56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.| |56676|New|Enh|2014-06-26|Normalize access to native library| |56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap| |56724|New|Enh|2014-07-15|Restart Container background thread if it died une| |56890|Inf|Maj|2014-08-26|getRealPath returns null | |56966|New|Enh|2014-09-11|AccessLogValve's elapsed time has 15ms precision o| |57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or | |57287|New|Enh|2014-11-29|Sort files listed by DefaultServlet | |57421|New|Enh|2015-01-07|Farming default directories | |57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances| |57665|New|Enh|2015-03-05|support x-forwarded-host | |57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio| |57830|New|Enh|2015-04-18|Add support for ProxyProtocol | |58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir| |58072|New|Enh|2015-06-23|ECDH curve selection | |58433|New|Enh|2015-09-21|RemoteIpValve not activated on redirect from mappi| |58577|New|Enh|2015-11-03|JMX Proxy Servlet can't handle overloaded methods | |58837|New|Enh|2016-01-12|support "X-Content-Security-Policy" a.k.a as "CSP"| |58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context | |59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI| |59423|New|Enh|2016-05-03|amend "No LoginModules configured for ..." with hi| |59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo| |60281|Ver|Nor|2016-10-20|Pathname of uploaded WAR file should not be contai| |60511|Inf|Maj|2016-12-22|org.apache.coyote.ajp.AjpNio2Protocol sends wrong | |60560|New|Enh|2017-01-07|Support systemd/inetd style socket activation | |60721|Ver|Nor|2017-02-10|Unable to find key spec if more applications use b| |60781|New|Nor|2017-02-27|Access Log Valve does not escape the same as mod_l| |60849|New|Enh|2017-03-13|Tomcat NIO Connector not able to handle SSL renego| |61524|Inf|Maj|2017-09-15|NullPointerException in Http11OutputBuffer| |61632|New|Enh|2017-10-18|Improve search for tcnative-1.dll on Windows when | |61668|Ver|Min|2017-10-26|Possible NullPointerException in org.apache.coyote| |61751|Inf|Nor|2017-11-13|NIO2 connector cuts incoming request | |61877|
Bug report for Tomcat Native [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |53940|New|Enh|2012-09-27|Added support for new CRL loading after expiration| |56378|New|Nor|2014-04-09|Cert load fails if cert is located in path with no| |57815|New|Enh|2015-04-15|Improve error message when OpenSSL does not suppor| |58194|Inf|Maj|2015-07-30|Tomcat crash EXCEPTION_ACCESS_VIOLATION in tcnativ| |59286|New|Nor|2016-04-07|Socket binding failures when using APR| +-+---+---+--+--+ | Total5 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61977] JNDIRealm with SPNEGO, GSSAPI and SRV record fails to find LDAP SPN due to training sname period
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 --- Comment #10 from marian.romasc...@nuance.com --- One more thing observed in the trace - with the combined realm the DNS requests for the SRV records _ltap._tcp.testdomain1.example.org and _ldap._tcp.testdomain2.example.org are done at the very beginning, when the 2 JNDIRealm are initialized, before any SSO request. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61977] JNDIRealm with SPNEGO, GSSAPI and SRV record fails to find LDAP SPN due to training sname period
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 --- Comment #9 from marian.romasc...@nuance.com --- A bit too quick in crying victory. Here is the scenario: - using CombinedRealm with 2 JNDIREalm * 1 on testdomain1.example.org * 1 on testdomain2.example.org - using the ldap:/// construct for the connectionURL in each JNDIREalm - having different userBase and roleBase in each of the JNDIREalm, like below userBase="OU=ouUserBase1,DC=testdomain1,DC=example,DC=org" roleBase="OU=ouRoleBase1,DC=testdomain1,DC=example,DC=org" userBase="OU=ouUserBase2,DC=testdomain2,DC=example,DC=org" roleBase="OU=ouRoleBase2,DC=testdomain2,DC=example,DC=org" - using a Kerberos SSO config (securityConstraints based on the userBase/roleBase above) Here are the issues observed so far: 1) with the patch the userBase and roleBase above result in LDAP searches with the domain part in double e.g : "OU=ouUserBase1,DC=testdomain1,DC=example,DC=org,DC=testdomain1,DC=example,DC=org" I had to remove the domain parts to move on and make it partially working (see issue #2) userBase="OU=ouUserBase1" roleBase="OU=ouRoleBase1" userBase="OU=ouUserBase2" roleBase="OU=ouRoleBase2" 2) With the above "hack" the first TGS-REQ trying to get an LDAP SPN will be OK w/o a trailing dot in the sname. However 2'nd TGS-REQ (for the other sub-domain) will come with the trailing dot. Does not matter the order - the 1'st can be for testdomain1 or testdomain2, it will work. The 2'nd SSO attempt for the other subdomain, as visible in the Wireshark trace, will produce a TCS-REQ with a ldap SPN sname with a trailing dot Thanks in advance for looking at what might cause the 2 issues above. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61977] JNDIRealm with SPNEGO, GSSAPI and SRV record fails to find LDAP SPN due to training sname period
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 --- Comment #8 from marian.romasc...@nuance.com --- Finally incorporated the patches in the JNDIRealm.jave for Tomcat 8.5.20 (checkout from asf repo) and tested in a "crude" way by simply replacing the JNDIRealm classes in catalina.jar. The trailing dot is gone and the SPN resolution works. Thanks. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61977] JNDIRealm with SPNEGO, GSSAPI and SRV record fails to find LDAP SPN due to training sname period
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 --- Comment #7 from marian.romasc...@nuance.com --- Hi. Cannot find in the the 8.5 trunk or tags the rev. 1820700. https://svn.apache.org/repos/asf/tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm Trying to match the patch with the 8.5 JNDIRealm - I presume it starts at the end of "DirContext open()" just before the return. Please confirm. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "tools/SSLUtils.java" by ChristopherSchultz
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "tools/SSLUtils.java" page has been changed by ChristopherSchultz:
https://wiki.apache.org/tomcat/tools/SSLUtils.java?action=diff&rev1=2&rev2=3
Comment:
Replace source file with link to GitHub repository.
+ This utility has been replaced by a project on GitHub:
+ https://github.com/ChristopherSchultz/ssltest
- {{{
- /*
- * SSLUtils.java
- *
- * Contains useful SSL/TLS methods.
- *
- * Copyright (c) 2015 Christopher Schultz
- *
- * Christopher Schultz licenses this file to You under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- import java.io.File;
- import java.io.FileInputStream;
- import java.io.IOException;
- import java.io.InputStream;
- import java.net.InetAddress;
- import java.net.ServerSocket;
- import java.net.Socket;
- import java.net.UnknownHostException;
- import java.security.InvalidAlgorithmParameterException;
- import java.security.KeyManagementException;
- import java.security.KeyStore;
- import java.security.KeyStoreException;
- import java.security.NoSuchAlgorithmException;
- import java.security.NoSuchProviderException;
- import java.security.SecureRandom;
- import java.security.cert.CRL;
- import java.security.cert.CRLException;
- import java.security.cert.CertPathParameters;
- import java.security.cert.CertStore;
- import java.security.cert.CertStoreParameters;
- import java.security.cert.CertificateException;
- import java.security.cert.CertificateFactory;
- import java.security.cert.CollectionCertStoreParameters;
- import java.security.cert.PKIXBuilderParameters;
- import java.security.cert.X509CertSelector;
- import java.security.cert.X509Certificate;
- import java.util.Collection;
- import javax.net.ssl.CertPathTrustManagerParameters;
- import javax.net.ssl.HostnameVerifier;
- import javax.net.ssl.HttpsURLConnection;
- import javax.net.ssl.ManagerFactoryParameters;
- import javax.net.ssl.SSLContext;
- import javax.net.ssl.SSLServerSocket;
- import javax.net.ssl.SSLServerSocketFactory;
- import javax.net.ssl.SSLSession;
- import javax.net.ssl.SSLSocket;
- import javax.net.ssl.SSLSocketFactory;
- import javax.net.ssl.TrustManager;
- import javax.net.ssl.TrustManagerFactory;
- import javax.net.ssl.X509TrustManager;
-
- /**
- * Lots of useful SSL-related goodies.
- *
- * @author Christopher Schultz
- * @author Apache Software Foundation (some code adapted/lifted from Apache
Tomcat).
- */
- public class SSLUtils
- {
- public static void disableSSLHostnameVerification()
- {
- HostnameVerifier verifyEverything = new HostnameVerifier() {
- public boolean verify(String hostname, SSLSession session)
- {
- return true;
- }
- };
-
- HttpsURLConnection.setDefaultHostnameVerifier(verifyEverything);
- }
-
- private static final TrustManager[] trustAllCerts = new TrustManager[] {
- new X509TrustManager() {
- public X509Certificate[] getAcceptedIssuers() {
- return null;
- }
- public void checkClientTrusted(X509Certificate[] certs,
-String authType) {
- // Trust all clients
- }
- public void checkServerTrusted(X509Certificate[] certs,
-String authType) {
- // Trust all servers
- }
- }
- };
-
- public static TrustManager[] getTrustAllCertsTrustManagers()
- {
- return trustAllCerts.clone();
- }
-
- /**
- * Configures SSLSocketFactory for Java's HttpsURLConnection.
- */
- public static void configureHttpsURLConnection(String protocol,
-String[]
sslEnabledProtocols,
-String[] sslCipherSuites,
-SecureRandom random,
-TrustManager[] tms)
- throws NoSuchAlgorithmException, KeyManagementException
- {
-
HttpsURLConnection.setDefaultSSLSocketFactory(getSSLSocketFactory(protocol,
-
sslEnabledProtocols,
-
[Tomcat Wiki] Update of "tools/SSLTest.java" by ChristopherSchultz
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "tools/SSLTest.java" page has been changed by ChristopherSchultz:
https://wiki.apache.org/tomcat/tools/SSLTest.java?action=diff&rev1=4&rev2=5
Comment:
Replace source file with link to GitHub repository.
+ This utility has been replaced by a project on GitHub:
+ https://github.com/ChristopherSchultz/ssltest
- {{{
- /*
- * SSLTest.java
- *
- * Tests servers for SSL/TLS protocol and cipher support.
- *
- * Copyright (c) 2015 Christopher Schultz
- *
- * Christopher Schultz licenses this file to You under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- // Note this class requires [[SSLUtils.java]]
- import java.io.IOException;
- import java.net.InetSocketAddress;
- import java.net.Socket;
- import java.net.SocketTimeoutException;
- import java.security.NoSuchAlgorithmException;
- import java.security.Provider;
- import java.security.SecureRandom;
- import java.security.Security;
- import java.security.cert.Certificate;
- import java.security.cert.X509Certificate;
- import java.util.ArrayList;
- import java.util.Arrays;
- import java.util.Collections;
- import java.util.HashSet;
- import java.util.List;
- import java.util.Map.Entry;
- import javax.net.ssl.SSLContext;
- import javax.net.ssl.SSLSocket;
- import javax.net.ssl.SSLSocketFactory;
- import javax.net.ssl.TrustManager;
-
- /**
- * A driver class to test a server's SSL/TLS support.
- *
- * Usage: java SSLTest [opts] host[:port]
- *
- * Try "java SSLTest -h" for help.
- *
- * This tester will attempts to handshake with the target host with all
- * available protocols and ciphers and report which ones were accepted and
- * which were rejected. An HTTP connection is never fully made, so these
- * connections should not flood the host's access log with entries.
- *
- * @author Christopher Schultz
- */
- public class SSLTest
- {
- public static void usage()
- {
- System.out.println("Usage: java " + SSLTest.class + " [opts]
host[:port]");
- System.out.println();
- System.out.println("-sslprotocol Sets the SSL/TLS
protocol to be used (e.g. SSL, TLS, SSLv3, TLSv1.2, etc.)");
- System.out.println("-enabledprotocols protocols Sets individual
SSL/TLS ptotocols that should be enabled");
- System.out.println("-ciphers cipherspec A comma-separated
list of SSL/TLS ciphers");
-
- System.out.println("-truststore Sets the trust store
for connections");
- System.out.println("-truststoretype type Sets the type for
the trust store");
- System.out.println("-truststorepassword pass Sets the password
for the trust store");
- System.out.println("-truststorealgorithm alg Sets the algorithm
for the trust store");
- System.out.println("-truststoreprovider provider Sets the crypto
provider for the trust store");
-
- System.out.println("-no-check-certificateIgnores certificate
errors");
- System.out.println("-no-verify-hostname Ignores hostname
mismatches");
-
- System.out.println("-h -help --help Shows this help message");
- }
-
- public static void main(String[] args)
- throws Exception
- {
- int connectTimeout = 0; // default = infinite
- int readTimeout = 1000;
-
- boolean disableHostnameVerification = true;
- boolean disableCertificateChecking = true;
-
- String trustStoreFilename =
System.getProperty("javax.net.ssl.trustStore");
- String trustStorePassword =
System.getProperty("javax.net.ssl.trustStorePassword");
- String trustStoreType =
System.getProperty("javax.net.ssl.trustStoreType");
- String trustStoreProvider =
System.getProperty("javax.net.ssl.trustStoreProvider");
- String trustStoreAlgorithm = null;
- String sslProtocol = "TLS";
- String[] sslEnabledProtocols = new String[] { "SSLv2", "SSLv2hello",
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
- String[] sslCipherSuites = null; // Default = default for protocol
- String crlFilename = null;
- boolean showCerts = false;
-
- if(args.length < 1)
- {
- usage();
- System.exit(0);
- }
-
- int argIndex;
- for(argIndex = 0; argIndex < args.length; ++argIndex)
- {
